Zero Trust API Authorization with Open Policy Agent

A talk given by Anders Eknert from Styra at the 2023 Platform Summit in Stockholm. Should user Alice be allowed to read credit reports? Should a cloud instance be deployable without basic security configuration in place? Should service X be allowed to query the database? Policy defines the rules of our systems, but how do we ensure our policies are enforced consistently in increasingly distributed and diverse API stacks? In this talk we’ll explore the benefits of decoupling the policy from our applications, deployment pipelines and platforms, and how Open Policy Agent (OPA) can help unify the way we work with policy across the API stack.