Comment by timsneath
4 days ago
OPA solves the problem of defining and enforcing policies across a system. Some examples:
- How do I enforce that inbound API requests come only from trusted sources?
- How do I enforce fine-grained access to user records?
- How do I enforce a set of naming conventions for a data update?
Many such policies may come from regulatory requirements, may be regional in nature, and may change in otherwise stable codebases. And it's even harder when you're applying this to a highly-scalable production internet service. As a result, defining policy at an organizational level with auditing is a challenge for large enterprises. OPA helps enterprises administer and enforce policies.
More details on what OPA does here: https://www.openpolicyagent.org/docs/philosophy
And you can see some examples of Rego (the policy language) here: https://play.openpolicyagent.org
That's still not saying what it is, though. Is it a thing you put in front of your backend to allow/deny requests? Is it an endpoint something like nginx calls with an auth token and the http verb and url that responds with 200/403 that nginx can react to? Is it a library you embed in your application? Is it an agentic AI?
It's as though you're describing a car to someone who's never seen a car before by listing all the places you can go in a car.
Fundamentally it's a programming language so all the normal ways of running it apply:
Use their library in your application to evaluate policies.
Run it from the cli.
Embed it in some service like nginx.
The language itself is pretty focused on some prolog-ish describing of what constitutes an allow/deny decision.