Anderson Dadario & Denys Vitali
Decoupled Authorization using Policy as Code
#1about 3 minutes
The challenges of embedding authorization in application code
Embedding authorization logic directly into application code leads to tight coupling, auditing difficulties, and operational overhead when policies change.
#2about 6 minutes
Introducing Policy as Code and Open Policy Agent
Policy as Code decouples authorization from business logic, and Open Policy Agent (OPA) is an open-source engine that implements this pattern.
#3about 3 minutes
How OPA works with a simple Rego policy
A simple example demonstrates how an application delegates authorization decisions to OPA by sending a JSON input to be evaluated against a policy written in Rego.
#4about 2 minutes
Demo of basic policy evaluation using OPA
A command-line demo shows how to run OPA tests, start the server, and use curl to query the policy engine with different inputs to get allow or deny decisions.
#5about 7 minutes
Demo of integrating OPA with a Go API middleware
A Go web service uses a middleware to intercept requests, construct an input object, and query OPA to enforce complex, attribute-based access control rules.
#6about 4 minutes
Dynamically updating authorization policies without downtime
By updating a policy file and reloading it into the running OPA server via an API call, authorization rules can be changed instantly without restarting the application.
#7about 3 minutes
Exploring other use cases for OPA beyond web APIs
OPA can enforce policies in various environments, including Kubernetes admission control, Kafka, and even Linux system access via PAM modules.
Related jobs
Jobs that call for the skills explored in this talk.
Full Stack Developer (all genders welcome)
ROSEN Technology and Research Center GmbH
Osnabrück, Germany
Senior
Matching moments
05:44 MIN
Introducing the Open Policy Agent (OPA) and Rego
OPA for the cloud natives
30:46 MIN
Introducing Open Policy Agent for custom policies
A practical guide to writing secure Dockerfiles
23:10 MIN
A modern approach using a decoupled authorization service
Un-complicate authorization maintenance
11:35 MIN
Using the OPA Playground to test and debug policies
OPA for the cloud natives
20:46 MIN
Addressing performance and adoption challenges with OPA
OPA for the cloud natives
28:28 MIN
Implementing decoupled authorization with the sidecar pattern
Un-complicate authorization maintenance
16:23 MIN
Exploring OPA deployment patterns and advanced use cases
OPA for the cloud natives
23:51 MIN
Q&A on policy culture, tooling, and security
Policy as [versioned] code - you're doing it wrong
Featured Partners
Related Videos
26:23OPA for the cloud natives
Philipp Krenn
1:00:00Un-complicate authorization maintenance
Alex Olivier
![Policy as [versioned] code - you're doing it wrong](https://customer-goifxnzhrq3d0d54.cloudflarestream.com/23fa4a514c18f0a9b39573f31d96ba54/thumbnails/thumbnail.jpg?time=33000ms)
45:57Policy as [versioned] code - you're doing it wrong
Chris Nesbitt-Smith
23:29Delay the AI Overlords: How OAuth and OpenFGA Can Keep Your AI Agents from Going Rogue
Deepu
06:04Keymate – Modern Authorization for Developers
Halil Özkan
33:20DevSecOps: Security in DevOps
Aarno Aukia
23:26Great DevEx and Regulatory Compliance - Possible?
Martin Reynolds
29:31Break the Chain: Decentralized solutions for today’s Web2.0 privacy problems
Adam Larter
Related Articles
View all articles
From learning to earning
Jobs that call for the skills explored in this talk.
![Senior Software Engineer [TypeScript] (Prisma Postgres)](https://wearedevelopers.imgix.net/company/283ba9dbbab3649de02b9b49e6284fd9/cover/oKWz2s90Z218LE8pFthP.png?w=400&ar=3.55&fit=crop&crop=entropy&auto=compress,format)
Senior Software Engineer [TypeScript] (Prisma Postgres)
Prisma
Remote
Senior
Node.js
TypeScript
PostgreSQL
Product Owner SAP Authorization + Identity
dmTECH
Karlsruhe, Germany