ramoz 4 days ago

Can you explain why

Reply View 2 replies
  • rossjudson 4 days ago

    At scale, the larger companies end up needing to be able to make policy decisions (read: authn/authz, most of the time) across a large number of "policies" in an efficient way. Everybody starts with simple representations that can go fast but have limited expression, then moves to various forms of extensions/templating/substitution/rules/etc.

    OPA and Rego use a datalog variant to bring order to that bespoke mess. Think IAM policy, but you DRY because it's a real programming language with a library full of nice-to-have built-ins.

    OPA and Rego can basically "become" other types of access control systems (see https://www.openpolicyagent.org/docs/comparison-to-other-sys...).

    Reply View 1 reply
    • ramoz 4 days ago

      Thanks.

      I’m very familiar with opa.

      My only assumption for this was that Apple’s infrastructure needs have evolved to the point where they need quite a focused effort around policy.

      Styra either acquired or became available through a different form of change management. And Apple was already a major customer.

      Just blind guesses. I was hoping for more insight.

      Reply View 0 replies