OPA for HTTP Authorization

Open Policy Agent[1] is a promising, light weight and very generic policy engine to govern authorization is any type of domain. I found this comparion[2] very attractive in evaluating OPA for a project I am currently working on, where they demonstrate how OPA can cater same functionality defined in RBAC, RBAC with Seperation of Duty, ABAC and XACML.  
Here are the steps to a brief demonstration of OPA used for HTTP API authorization based on the sample [3], taking it another level up.
Running OPA Server First we need to download OPA from [4], based on the operating system we are running on.  For linux, curl -L -o opa https://github.com/open-policy-agent/opa/releases/download/v0.10.3/opa_linux_amd64 Make it executable, chmod 755 ./opa Once done, we can start OPA policy engine as a server.
./opa run --server Define Data and Rules Next we need to load data and authorization rules to the server, so it can make decisions. OPA defines these in files in the format of .rego. Below is a sample …

GSoC2012 with Apache Wookie

Today I got the news of the proposal I submitted to GSoC2012, is accepted. I consider it a great achievement and so excited to make the project a success. With the nature of the program it is no wonder anyone get excited about it. Firstly having the chance to work for a recognized company(In my case Apache) and the global reputation a gsocer can have is so motivational. Also getting started to work with a strange team, getting to know them, work remotely, add good experience to life and high professional value as I guess. It's amazing to work with the community. Also it is a great chance to broaden the horizons in technical skills while having guidance from an expert in the area, having hands on it.

Also I'm glad to share about my project, which is to implement 'W3C XML Digital Signatures for Widgets Specification in Apache Wookie. Computer Security has become the favorite field of me followed by Big data after my internship at WSO2 Lanka(pvt) Ltd, with experience I had there, relevantly. So no wonder when I saw this idea in the page, I knew it is ideal for me. Also Wookie is an interesting project currently at incubating stage at Apache. It is based on W3C widget specification and also include widgets that use extended APIs such as OpenSocial and Google Wave Gadgets. It will soon graduate with the passionate developer community and glad I can contribute actively. My mentor Scott Wilson is a very friendly and helpful person who guided me in submitting a better proposal and who will be guiding me through out GSoC2012. Here is a blogpost by Scott mentioning of Wookie acceptance to Apache Incubator.

Hoping for a fruitful time ahead and to become a gsocer while contributing to open source world!!! Thank you GSoC organizers, Wookie community, Department of Computer Science and Engineering,University of Moratuwa and WSO2 for the knowledge I gathered and everyone who helped me in my way!!!

The completed project details are can be found at [1].
[1] - http://pushpalankajaya.blogspot.com/2012/08/apache-wookie-w3c-widget-digital.html


Popular posts from this blog

Signing SOAP Messages - Generation of Enveloped XML Signatures

OPA for HTTP Authorization

How to Write a Custom User Store Manager - WSO2 Identity Server 4.5.0