At scale, the larger companies end up needing to be able to make policy decisions (read: authn/authz, most of the time) across a large number of "policies" in an efficient way. Everybody starts with simple representations that can go fast but have limited expression, then moves to various forms of extensions/templating/substitution/rules/etc.
OPA and Rego use a datalog variant to bring order to that bespoke mess. Think IAM policy, but you DRY because it's a real programming language with a library full of nice-to-have built-ins.
Can you explain why
At scale, the larger companies end up needing to be able to make policy decisions (read: authn/authz, most of the time) across a large number of "policies" in an efficient way. Everybody starts with simple representations that can go fast but have limited expression, then moves to various forms of extensions/templating/substitution/rules/etc.
OPA and Rego use a datalog variant to bring order to that bespoke mess. Think IAM policy, but you DRY because it's a real programming language with a library full of nice-to-have built-ins.
OPA and Rego can basically "become" other types of access control systems (see https://www.openpolicyagent.org/docs/comparison-to-other-sys...).
Thanks.
I’m very familiar with opa.
My only assumption for this was that Apple’s infrastructure needs have evolved to the point where they need quite a focused effort around policy.
Styra either acquired or became available through a different form of change management. And Apple was already a major customer.
Just blind guesses. I was hoping for more insight.