rossjudson 4 days ago

At scale, the larger companies end up needing to be able to make policy decisions (read: authn/authz, most of the time) across a large number of "policies" in an efficient way. Everybody starts with simple representations that can go fast but have limited expression, then moves to various forms of extensions/templating/substitution/rules/etc.

OPA and Rego use a datalog variant to bring order to that bespoke mess. Think IAM policy, but you DRY because it's a real programming language with a library full of nice-to-have built-ins.

OPA and Rego can basically "become" other types of access control systems (see https://www.openpolicyagent.org/docs/comparison-to-other-sys...).

Reply View 1 reply
  • ramoz 4 days ago

    Thanks.

    I’m very familiar with opa.

    My only assumption for this was that Apple’s infrastructure needs have evolved to the point where they need quite a focused effort around policy.

    Styra either acquired or became available through a different form of change management. And Apple was already a major customer.

    Just blind guesses. I was hoping for more insight.

    Reply View 0 replies