OPA for HTTP Authorization

Open Policy Agent[1] is a promising, light weight and very generic policy engine to govern authorization is any type of domain. I found this comparion[2] very attractive in evaluating OPA for a project I am currently working on, where they demonstrate how OPA can cater same functionality defined in RBAC, RBAC with Seperation of Duty, ABAC and XACML.  
Here are the steps to a brief demonstration of OPA used for HTTP API authorization based on the sample [3], taking it another level up.
Running OPA Server First we need to download OPA from [4], based on the operating system we are running on.  For linux, curl -L -o opa https://github.com/open-policy-agent/opa/releases/download/v0.10.3/opa_linux_amd64 Make it executable, chmod 755 ./opa Once done, we can start OPA policy engine as a server.
./opa run --server Define Data and Rules Next we need to load data and authorization rules to the server, so it can make decisions. OPA defines these in files in the format of .rego. Below is a sample …

WSO2Con - 2011

WSO2Con - 2011, the event of the year!

I found it a great a pleasure to have a chance to attend this event, which is to be a huge event in middle-ware industry with participations from Google, IBM and eBay and a perfect pool for technology lovers. Only few lucky students will get the chance to be there at student rates. But the great news is still you can reserve your place for a very low price regrading the value of this three-day conference with two more days in tutorials. Try and see whether you can catch the early bird rates too.

Check out event agenda and the registration page for more information. Here is what Dr. Sanjiva Weerawarna CEO-WSO2 has to say about the event.






Comments

Popular posts from this blog

Signing SOAP Messages - Generation of Enveloped XML Signatures

How to send an HTML email in Java (Using Google SMTP Server)

How to convert WSDL to Java