OPA for HTTP Authorization

Open Policy Agent[1] is a promising, light weight and very generic policy engine to govern authorization is any type of domain. I found this comparion[2] very attractive in evaluating OPA for a project I am currently working on, where they demonstrate how OPA can cater same functionality defined in RBAC, RBAC with Seperation of Duty, ABAC and XACML.  
Here are the steps to a brief demonstration of OPA used for HTTP API authorization based on the sample [3], taking it another level up.
Running OPA Server First we need to download OPA from [4], based on the operating system we are running on.  For linux, curl -L -o opa https://github.com/open-policy-agent/opa/releases/download/v0.10.3/opa_linux_amd64 Make it executable, chmod 755 ./opa Once done, we can start OPA policy engine as a server.
./opa run --server Define Data and Rules Next we need to load data and authorization rules to the server, so it can make decisions. OPA defines these in files in the format of .rego. Below is a sample …

MIT-AITI Experience–Part 2

I am writing after completing the whole course and becoming a director and a co-founder of the company mobiAssist, the creator of ‘ThenaHari’. I would like to begin the story from where I stopped at previous post.
After having fun at the end of 2nd week with elevator pitch competition we had a week filled with technical stuff with the help and guidance Micheal. Parallel to that Samidh and Lisa introduced us to the marketing principles, entrepreneurship skills and presenting and lot more. Those rest 4 weeks became so intensive with work and of course lot of fun too. Below I will be describing few important events that took place during those 4 weeks.
Our product page product page at MIT site can be found in the given link.
A photo coverage total photo coverage on overall program can be found .
This was a really cool and challenging experience. We were given 24 hours to complete as much as we can in our products and the group which create the most progress was to win. Meanwhile Micheal was posting challenging questions randomly time to time and if awake we could submit solutions and earn marks. This was very interesting and our group divide tasks among us and worked together to reach the win. We slept in shift so that we do not miss challenge questions.
Though the main objective of this event was to accelerate the implementation of product what I found most valuable was the team spirit we built through this. Anyway we could not win in this competition but the progress we made, make us understand the capacity of us as a team that it is possible to do that much of work within a day.
20th July: Critique Day (Get feedback on Business)
This was a very hard day for us and was very useful too. Now I can say this created a strong foundation for us, though we were bit worried. On this day we had to meet up with 6 panels which consisted of 3panels from leading mobile operators of Sri Lanka (Dialog, Mobitel and Etisalat) and three panels from leading local entrepreneurs and senior lecturers and professors. Day before the critique day we had a tuff session with Samidh as a rehearsal and we walked to each and every panel, submit a brief description about product with still improving demo and asked for their comments and how we can improve.
We had bit of hard time trying to convince them that we are doing something useful for the society. Actually none of them won’t find our application useful frequently unless they are travelling to an unfamiliar place as they were not users of public transportation. Anyway we got good practice on how we should explain our product to variety of people in various angles and received lot of useful clues to improve our product. Thankful to all of them and our instructors for arranging us that opportunity.
27th July: Negotiation Day (Get contracts with Operators)
This was a very exciting day we looked for, from the beginning of implementing our product ‘ThenaHari’. On 26th we had a session on how to negotiate and in the morning Samidh announced us that every team has got at least one opportunity to meet an operator and show off the product. And finally it was Mobitel who was interested on our product with the image they got from our one-pager which our whole team prepared with so much care.
To meet with Mobitel we prepared a pitch deck explaining
  • The problem we are addressing
  • The solution we suggest and how our product address it efficiently
  • The Marketing opportunity
  • Marketing Strategy  
  • Future Plans                                     which was a whole effort of our team.
While we were waiting for our time slot we could have some clues from the previous group and they told us that do not expect the attention of audience and do not worry if they show bored. This was bit disappointing and anyway I thought to do maximum to have the attention of audience and changed my pitch I prepared to be more brief and interesting. After we get introduced it was me who was to start our presentation pitching an overview of the product. I did my maximum to attract and keep the attention of audience with a little story could initiate an interactive discussion which our team continued well.
Final effect was a great feed back, we even did not expect and I can still remind the panel saying “superb idea”. They wanted to meet us for a business meeting the very next week and our team celebrated this achievement going to beach and having lunch together. All of us were thrilled that we are going to have do a real business as a company which once was just a dream.
It really was a great day we worked hard as a team and achieved our first goal to get a service provider interested in our product. Without that we could not proceed with ‘ThenaHari’.
1st August – Meeting with Mobitel
With the feed back we got for last presentation we did, we were so confident and went to Mobitel with our business plan. In this visit all our instructors accompanied us, which was a great strength. With a little introduction now we felt the conditions have changed a bit after going through our business plan. They were not happy with the plan and asked us for a change. Yes, that was really negotiating which we were not much exposed to. We were not used to those kind of business negotiation before and was the where I started to think this as a real business, concerning profits, our future plans, facing competitors and bargaining too.
Finally the meeting ended up asking us to come up with a modified business plan. We started to look for experienced people’s advices on the suggested plan by Mobitel and kept on analyzing how that will affect our future growth of company.
3rd of August was the big day and I will be sharing those details in the next post.


  1. Hey Push, we r proud of u. thanx 4 sharing ur experience.it values a lot. we r waiting 4 the nxt post.

  2. Hey thnx :)
    The experience was limited for only 29 students. Love to share it with all as I understood the value. Thanks buddy, for the encouraging words.


Post a Comment

Popular posts from this blog

Signing SOAP Messages - Generation of Enveloped XML Signatures

OPA for HTTP Authorization

How to Write a Custom User Store Manager - WSO2 Identity Server 4.5.0