Save the Date for the next SAG: November 24–27, 2025 in Berlin

Conference program

iSAQB Software Architecture Gathering 2024

Register now

  • Session (45min)
  • Beginner
  • 13 Nov 2024
  • 14:00-14:45
  • Room Grenander 3

Make Your Security Policy Auditable

by Nicolas Fränkel

Nowadays, everybody realizes the importance of preventing undue access to one’s applications.
Many conceptual models are available: RBAC, ABAC, you name it.
Likewise, all popular stacks have frameworks and libraries to help developers implement your chosen policy access.
If your organization only has a handful of apps, that’s all fine and dandy, but problems appear at scale.

One such problem is keeping under control access configuration across dozens or even hundreds of apps.
It requires regular, if not continuous, auditing:
it’s impossible to achieve when the configuration is code, even worse if it’s a compiled language.
Open Policy Agent aims to externalize such configuration in a text format with specified semantics.

In this presentation, I’ll explain OPA in more detail and demo how to migrate from a regular Spring Boot application to an OPA-based approach in different steps.