The Open Policy Agent (OPA) is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack. OPA provides greater flexibility and expressiveness than hard-coded service logic or ad-hoc domain-specific languages and comes with powerful tooling to help anyone get started.
“Authorization is a problem you can’t wish away. A good authorization system supports diverse resource types and allows flexible policies. OPA gives us that flexibility,” said Manish Mehta, Senior Security Software Engineer at Netflix.
“As cloud native technology matures and enterprise adoption increases, the need for policy-based control has become vital,” said Torin Sandall, Software Engineer at Styra and Technical Lead for OPA. “OPA provides a purpose-built language and runtime that can be used to author and enforce authorization policy. As such, we see OPA as a valid addition to CNCF’s project portfolio and look forward to working with the growing community to foster its adoption.”
TOC sponsors of the project include Brian Grant and Ken Owens.
“As cloud native technology matures and enterprise adoption increases, there is a need for policy-based control technologies like OPA,” said Ken Owens, Vice President of Digital Native Architecture at Mastercard and member of the CNCF’s Technical Oversight Committee (TOC). “OPA provides a solution to control who can do what across microservice deployments because legacy approaches to access control do not satisfy the requirements of modern environments. This complements CNCF’s mission to accelerate adoption of cloud native technology in enterprises.”
Sandbox is a home for early stage projects will now replace the previous Inception maturity level — for further clarification around project maturity levels in CNCF, please visit our outlined Graduation Criteria.