• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..03-May-2022-

images/H03-May-2022-

layouts/H03-May-2022-

styles/H22-Jun-2018-822709

tutorials/H22-Jun-2018-268246

README.mdH A D22-Jun-20182.2 KiB5339

SUMMARY.mdH A D22-Jun-20186.7 KiB129124

best-practice-identity.mdH A D22-Jun-20189.5 KiB12779

book.jsonH A D22-Jun-2018307 2019

bundles.mdH A D22-Jun-20184.1 KiB132105

comparison-to-other-systems.mdH A D22-Jun-201813.7 KiB412345

decision_logs.mdH A D22-Jun-20184 KiB11798

deployments.mdH A D22-Jun-20187.5 KiB186127

docker-authorization.mdH A D22-Jun-20186.9 KiB274196

faq.mdH A D22-Jun-20182.1 KiB6346

get-started.mdH A D22-Jun-20189.1 KiB306241

how-do-i-write-policies.mdH A D22-Jun-201840.5 KiB1,4401,103

how-does-opa-work.mdH A D22-Jun-201813.1 KiB512440

http-api-authorization.mdH A D22-Jun-20189.6 KiB316234

kafka-authorization.mdH A D22-Jun-201812.7 KiB382294

kubernetes-admission-control.mdH A D22-Jun-20189 KiB285207

language-reference.mdH A D22-Jun-201816.2 KiB234195

monitoring-diagnostics.mdH A D22-Jun-20183 KiB7659

rest-api.mdH A D22-Jun-201840.3 KiB1,6651,400

security.mdH A D22-Jun-20187.1 KiB264199

ssh-and-sudo-authorization.mdH A D22-Jun-201812.1 KiB399304

status.mdH A D22-Jun-20183.3 KiB10684

terraform.mdH A D22-Jun-201811.7 KiB373311

README.md

1# Introduction
2
3A policy is a set of rules that governs the behavior of a service.
4Policy-enablement empowers users to read, write, and manage these rules without
5needing specialized development or operational expertise. When your users can
6implement policies without recompiling your source code, then your service is
7policy enabled.
8
9## What is Policy?
10
11All organizations have policies. Policies are essential to the long-term
12success of organizations because they encode important knowledge about how to
13comply with legal requirements, work within technical constraints, avoid
14repeating mistakes, and so on.
15
16In their simplest form, policies can be applied manually based on rules that
17are written down or conventions that are unspoken but permeate an
18organization’s culture. Policies may also be enforced with application logic or
19statically configured at deploy time.
20
21## What is Policy Enablement?
22
23Policy-enabled services allow policies to be specified declaratively, updated
24at any time without recompiling or redeploying, and enforced automatically
25(which is especially valuable when decisions need to be made faster than
26humanly possible). They make deployments more adaptable to changing business
27requirements, improve the ability to discover violations and conflicts,
28increase the consistency of policy compliance, and mitigate the risk of human
29error.
30
31A policy-enabled service is able to answer questions by comparing relevant
32input from its environment to policy statements written by administrators. For
33example, a cloud computing service could answer questions such as:
34
35* Can I add compute capacity?
36* In what regions can I add compute capacity?
37* Which instances are currently running in the wrong region?
38
39## What is OPA?
40
41OPA is a lightweight general-purpose policy engine that can be co-located with
42your service. You can integrate OPA as a sidecar, host-level daemon, or
43library.
44
45Services offload policy decisions to OPA by executing *queries*. OPA evaluates
46policies and data to produce query results (which are sent back to the client).
47Policies are written in a high-level declarative language and can be loaded
48into OPA via the filesystem or well-defined APIs.
49
50## Why use OPA?
51
52![benefits](images/benefits.svg "benefits")
53