OPA for HTTP Authorization

Open Policy Agent[1] is a promising, light weight and very generic policy engine to govern authorization is any type of domain. I found this comparion[2] very attractive in evaluating OPA for a project I am currently working on, where they demonstrate how OPA can cater same functionality defined in RBAC, RBAC with Seperation of Duty, ABAC and XACML.  
Here are the steps to a brief demonstration of OPA used for HTTP API authorization based on the sample [3], taking it another level up.
Running OPA Server First we need to download OPA from [4], based on the operating system we are running on.  For linux, curl -L -o opa https://github.com/open-policy-agent/opa/releases/download/v0.10.3/opa_linux_amd64 Make it executable, chmod 755 ./opa Once done, we can start OPA policy engine as a server.
./opa run --server Define Data and Rules Next we need to load data and authorization rules to the server, so it can make decisions. OPA defines these in files in the format of .rego. Below is a sample …

MIT-AITI Experience–Part 3 /Demo Day

It was our dream day, it was the day we waited to show off the results of the intensive hard work we did in just 6 weeks and got the maximum of out of it. I will be sharing that experience with this post.

We have been finished developing our product to the level to do a live demo by that time and unfortunately with the nature of our product ‘ThenaHari’, we were unable to perform it inside a conference hall. Following were the problems we had and the solutions we found with the help of Samidh, Lisa and Micheal.
  • Simulate an outside journey inside a hall – We developed a simulator that mimics the path of a passenger travelling in a bus route. This simulator was mainly developed by Manoj, one of mobiAssist co-founders, with the contribution of others. This also solved the problem of not having a way to access a the LBS(Location Based Service) of service provider to track passenger location which was great. 
  • Making the alert via fake call – As we still did not had access to a service provider’s SMS gateway, this was a big problem. So with the help of few contacts we got, finally a solution came up from bluetooth. 
  • How to convince the importance of our application – It was predicted that our audience will not understand the value of our application at once, as most of them were not users of public transport. This was a real challenge and this was the most important objective doing demo in front of them. So we came up with two solutions. 
  • Produced a moFilm that highlights the value and usage of our application ‘ThenaHari’ – Actually two of our co-founders act the main roles there and Dhanika directed it so well. Will be sharing it here soon after releasing for general public. 
  • Conducted a survey and submitted what we found – We did a survey for a week getting into busses and trains and counting down how many people are sleeping. This was a real nice experience and we enjoyed it a lot. 

With the dawn of the 3rd of August we were well prepared and waiting for the time to show off our work. The venue for the event was Cinnomon-Grand Hotel and we were so excited with hearing the list of distinguished guests. There were ministers from government, parliament representatives from the opposition, higher professionals from Dialog, Mobitel and Etisalsat, the main mobile service providers in Sri Lanka, possible investors, leading local entrepreneurs from software industry and Professors and lecturers from University of Moratuwa including the vice-chancellor. Also DailyFT has put an detailed article on the front page encouraging us and we understood that if we try hard on this and continued we can add some value to the economy of the country.

We had the confidence that we will rock the demo and after been staged as 5th team to go, we knew we did it great with the comments from judge panel and the audience. That was a great moment I will remind proudly forever.

Then we had the reception where we got whole lot of comments appreciating us, pointing out paths to improve and of course invitations from moile operators to have business meetings with them. That was a great achievement for us. And there were more waiting for us.There were three awards waiting for teams to win namely “Outstanding product”, “Best technical innovation” and “Best social impact”. “ThenaHari” was that excellent product to win both the awards “Best technical innovation” and “Best social impact” which were awarded by Dialog and Mobitel. It was not the reward we got with that, it was the strong foundation we got for our start-up to grow up bigger that made us much happier.
The demo day ended up like that having a great positive impact on our company and this is how DailyFT encouraged us putting a detailed articles on the event.
1]                                                                 [2]

You can read the full article in DailyFT site,

[1] MIT’s first Asian initiative buds young Lankan entrepreneurs
[2] Start-ups shine!

Though the demo day ended it was just the start for us. And Samidh, Lisa and MIcheal were still staying with us to guide us how to continue our companies after they left in two days. They introduced us to the possible people from whom we would be able to have some help and gave more guidance on our future plans. Thank you Samidh, Lisa and Micheal for all the strength and guidance and everything you gave us. We know continuing this with our fullest commitment is the greatest gratitude we can show you all.

Finally I should mention that we are thankful to Prof. Saman Amarasinghe for bringing this program to Sri Lanka, MIT, Staff of UOM, Dialog, Mobitel, Etisalat, Mentors, Investors, Friends and each and every person who encouraged us even by a word. Thank you all for your contributions!!!Now it is our time to have fun in the industry discovering the world of entrepreneurs!!!



Popular posts from this blog

Signing SOAP Messages - Generation of Enveloped XML Signatures

OPA for HTTP Authorization

How to Write a Custom User Store Manager - WSO2 Identity Server 4.5.0