Tuesday, September 14, 2021

OPEN TALK: Authorization across the Stack
Join on Hopin
Peter ONeill
Peter ONeill
Styra, Community Advocate

When you think of authorization control and policy enforcement, do you put together a scavenger hunt of resources needed to figure out what should have access, then what actually does have access? Is there one team or one person in your organization holding all the policy information needed to secure your cloud-native application in an excel spreadsheet or a wiki somewhere? Then is this information hard-coded into each layer between your microservices?

OPA (Open Policy Agent) is a graduated CNCF (Cloud Native Computing Foundation) project that exists to simplify and accelerate application development by decoupling policy decisions from enforcement. Already battle tested and proven by organizations such as Netflix, Goldman Sachs, Pinterest and Atlassian; who are using OPA for distributed policy enforcement across a range of languages, execution environments and protocols.

During this talk we will cover some common authorization use cases. Showing how to utilizes OPA's decoupled nature to write simple policies that can be easily enforced by your system.

Common Use Cases:
* Restrict API access during blackout periods
* Grant SSH and sudo access to on-call engineers
* Require test certification for workloads deployed to production environments

You should attend this talk if you have an interest in learning how to enforce complex policies at scale with OPA, and without introducing significant latency or impacting availability.