OPEN TALK: Authorization across the Stack

- PDT
OPEN Stage
Join on Hopin

Peter ONeill
Styra, Community Advocate

Peter is a community architect for Cloud Native Developer communities. Currently he is working as a Community Advocate for the OPA (Open Policy Agent) community. Previously, Peter has held engineering positions at both early stage startups and large scale enterprises. Some but not all are Mozilla, Google Fiber, strongDM, ThousandEyes.


When you think of authorization control and policy enforcement, do you put together a scavenger hunt of resources needed to figure out what should have access, then what actually does have access? Is there one team or one person in your organization holding all the policy information needed to secure your cloud-native application in an excel spreadsheet or a wiki somewhere? Then is this information hard-coded into each layer between your microservices?

OPA (Open Policy Agent) is a graduated CNCF (Cloud Native Computing Foundation) project that exists to simplify and accelerate application development by decoupling policy decisions from enforcement. Already battle tested and proven by organizations such as Netflix, Goldman Sachs, Pinterest and Atlassian; who are using OPA for distributed policy enforcement across a range of languages, execution environments and protocols.

During this talk we will cover some common authorization use cases. Showing how to utilizes OPA's decoupled nature to write simple policies that can be easily enforced by your system.

Common Use Cases:
* Restrict API access during blackout periods
* Grant SSH and sudo access to on-call engineers
* Require test certification for workloads deployed to production environments

You should attend this talk if you have an interest in learning how to enforce complex policies at scale with OPA, and without introducing significant latency or impacting availability.