← Back to context

Comment by ambentzen

4 days ago

I was left with the somewhat opposite feeling. I still don’t know what OPA actually is or does. It has a nice paragraph describing it without saying anything at all.

5 comments

ambentzen

Reply
timsneath  4 days ago

OPA solves the problem of defining and enforcing policies across a system. Some examples:

- How do I enforce that inbound API requests come only from trusted sources?

- How do I enforce fine-grained access to user records?

- How do I enforce a set of naming conventions for a data update?

Many such policies may come from regulatory requirements, may be regional in nature, and may change in otherwise stable codebases. And it's even harder when you're applying this to a highly-scalable production internet service. As a result, defining policy at an organizational level with auditing is a challenge for large enterprises. OPA helps enterprises administer and enforce policies.

More details on what OPA does here: https://www.openpolicyagent.org/docs/philosophy

And you can see some examples of Rego (the policy language) here: https://play.openpolicyagent.org

  • robertlagrant  3 days ago

    That's still not saying what it is, though. Is it a thing you put in front of your backend to allow/deny requests? Is it an endpoint something like nginx calls with an auth token and the http verb and url that responds with 200/403 that nginx can react to? Is it a library you embed in your application? Is it an agentic AI?

    It's as though you're describing a car to someone who's never seen a car before by listing all the places you can go in a car.

    • shanemhansen  3 days ago

      Fundamentally it's a programming language so all the normal ways of running it apply:

      Use their library in your application to evaluate policies.

      Run it from the cli.

      Embed it in some service like nginx.

      The language itself is pretty focused on some prolog-ish describing of what constitutes an allow/deny decision.

MBCook  4 days ago

I guess I’m familiar with the general concept/domain it’s in. I haven’t used it myself, but having it spelled out was enough base knowledge for me to grab on to.

Looking again, I see your point. If you don’t know what it is having the acronym spelled out doesn’t help much at all.

Still it clears the low bar provided by those announcements that just say something like:

“BEOTZ’s developers are joining Flmp.io. As well all know BEOTZ is popular and Flmp.io is a top provider to enterprises. We look forward to exciting things coming soon.”

goyagoji  4 days ago

The nice things about such an obituary is that it isn't a person so we don't have to feel bad and we don't need to know what it was going to do.