Appendix F. Open Policy Agent

In a typical microservices deployment, we can enforce access-control policies in either of the following two locations or both:

The edge of the deployment--Typically, with an API gateway (which we discuss in chapter 5)
The edge of the service--Typically, with a service mesh or with a set of embedded libraries (which we discuss in chapter 7 and chapter 12)

Authorization at the service level enables each service to enforce access-control policies in the way it wants. Typically, you apply coarse-grained access-control policies at the API gateway (at the edge), and more fine-grained access-control policies at the service level. Also, it’s common to do data-level entitlements at the service level. For example, ...

Get Microservices Security in Action now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microservices Security in Action by Prabath Siriwardena, Wajjakkara Kankanamge Anthony Nuwan Dias

Appendix F. Open Policy Agent

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly