Make Your Security Policy Auditable
Nowadays, everyone realizes the importance of preventing undue access to applications. Many conceptual models are available, such as RBAC and ABAC. Likewise, all popular software stacks offer frameworks and libraries to assist developers in implementing chosen access policies. However, when an organization operates only a handful of apps, managing access is straightforward, but challenges arise at scale.
One major problem is maintaining control over access configuration across dozens or even hundreds of apps. This necessitates regular, if not continuous, auditing, which becomes impractical when the configuration is embedded in code, especially in a compiled language. The Open Policy Agent (OPA) seeks to address this issue by externalizing such configurations into a text format with clear semantics.
In his presentation, Nicolas will elucidate OPA in more detail and demonstrate the transition from a traditional Spring Boot application to an OPA-based approach through various steps.