You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@apisix.apache.org by Zeping Bai <bz...@apache.org> on 2021/12/06 09:09:12 UTC

[DISCUSS] APISIX support OpenPolicyAgent for access control

Hi, everyone.

OPA is an open source lightweight general-purpose policy engine, which is a
full-featured policy engine that can replace the built-in policy module in
your
software and decouple the service from the policy engine.

We can implement a plugin that supports access control using OPA. Use more
flexible access policies to help APIs improve security.

For this, I have created a proposal *[1]* describing my solution, and if
you have
any suggestions or questions about it, you can respond in a GitHub issue or
in this email.

*[1] *https://github.com/apache/apisix/issues/5714

Best regards!
Zeping Bai  @bzp2010

Re: [DISCUSS] APISIX support OpenPolicyAgent for access control

Posted by yeliang wang <wa...@gmail.com>.

Great!

Zexuan Luo <sp...@apache.org> 于2021年12月7日周二 09:06写道：

> LGTM
>
> Zeping Bai <bz...@apache.org> 于2021年12月6日周一 17:09写道：
> >
> > Hi, everyone.
> >
> > OPA is an open source lightweight general-purpose policy engine, which
> is a
> > full-featured policy engine that can replace the built-in policy module
> in
> > your
> > software and decouple the service from the policy engine.
> >
> > We can implement a plugin that supports access control using OPA. Use
> more
> > flexible access policies to help APIs improve security.
> >
> > For this, I have created a proposal *[1]* describing my solution, and if
> > you have
> > any suggestions or questions about it, you can respond in a GitHub issue
> or
> > in this email.
> >
> > *[1] *https://github.com/apache/apisix/issues/5714
> >
> > Best regards!
> > Zeping Bai  @bzp2010
>

Re: [DISCUSS] APISIX support OpenPolicyAgent for access control

Posted by Zhiyuan Ju <ju...@apache.org>.

SGTM!

Once this feature is released, we could add Apache APISIX to OPA's
ecosystem, see https://www.openpolicyagent.org/docs/latest/ecosystem/

Best Regards!
@ Zhiyuan Ju <https://github.com/juzhiyuan>


Zexuan Luo <sp...@apache.org> 于2021年12月7日周二 09:06写道：

> LGTM
>
> Zeping Bai <bz...@apache.org> 于2021年12月6日周一 17:09写道：
> >
> > Hi, everyone.
> >
> > OPA is an open source lightweight general-purpose policy engine, which
> is a
> > full-featured policy engine that can replace the built-in policy module
> in
> > your
> > software and decouple the service from the policy engine.
> >
> > We can implement a plugin that supports access control using OPA. Use
> more
> > flexible access policies to help APIs improve security.
> >
> > For this, I have created a proposal *[1]* describing my solution, and if
> > you have
> > any suggestions or questions about it, you can respond in a GitHub issue
> or
> > in this email.
> >
> > *[1] *https://github.com/apache/apisix/issues/5714
> >
> > Best regards!
> > Zeping Bai  @bzp2010
>

Re: [DISCUSS] APISIX support OpenPolicyAgent for access control

Posted by Zexuan Luo <sp...@apache.org>.

LGTM

Zeping Bai <bz...@apache.org> 于2021年12月6日周一 17:09写道：
>
> Hi, everyone.
>
> OPA is an open source lightweight general-purpose policy engine, which is a
> full-featured policy engine that can replace the built-in policy module in
> your
> software and decouple the service from the policy engine.
>
> We can implement a plugin that supports access control using OPA. Use more
> flexible access policies to help APIs improve security.
>
> For this, I have created a proposal *[1]* describing my solution, and if
> you have
> any suggestions or questions about it, you can respond in a GitHub issue or
> in this email.
>
> *[1] *https://github.com/apache/apisix/issues/5714
>
> Best regards!
> Zeping Bai  @bzp2010