Hi Shammi, OPA will be running as a standalone server. We will provide a format for the policy to create in the OPA server and a request format. From the identity server side will provide the ability to configure the OPA data endpoint. This is the idea at the moment and any suggestions are welcome.
Regards, On Thu, May 23, 2019, 8:43 AM Shammi Jayasinghe <sha...@wso2.com> wrote: > Hi Nirubikka, > > With this handler implementation, Are you planing to implement the UI for > configuring policy as we have for xacml in [1] as well? > What is the IS version we are planing add this? > > [1] https://docs.wso2.com/display/IS570/Creating+a+XACML+Policy > Thanks > shammi > > On Wed, May 15, 2019 at 10:50 PM Nilasini Thirunavukkarasu < > nilas...@wso2.com> wrote: > >> Hi, >> >> After analyzing online resources[1][2] and offline discussion with @Maduranga >> Siriwardena <madura...@wso2.com> could able to get the answers for the >> questions I have asked. >> >> - OPA is flexible, easy to use and maintainable so people tend to use OPA >> to write and make decisions hence we need to provide the capability >> to use OPA if someone needs. >> - At the same time, some people still will be using XACML hence we >> will be keeping both XACML and OPA. >> >> [1] https://www.infoq.com/news/2019/04/open-policy-agent-cncf >> [2] >> https://www.openpolicyagent.org/docs/latest/comparison-to-other-systems >> >> Thanks, >> Nila. >> >> >> >> On Wed, May 15, 2019 at 11:46 AM Nilasini Thirunavukkarasu < >> nilas...@wso2.com> wrote: >> >>> Hi Nirubikaa, >>> >>> On Wed, May 15, 2019 at 11:32 AM Nirubikaa Ravikumar <nirubi...@wso2.com> >>> wrote: >>> >>>> Hi all, >>>> >>>> >>>> >>>> I am working on implementing an Open Policy Agent(OPA) authorization >>>> handler for WSO2 Identity Server. >>>> >>>> >>>> OPA is a lightweight general-purpose policy engine. Policies in OPA are >>>> written in a high-level declarative language. You can find more information >>>> about OPA from [1]. >>>> >>>> >>>> The main Idea of this Authorization handler is to authorize a user >>>> based on the policy which is stored at the OPA server, similar to what we >>>> already do with XACML. >>>> >>> >>> According to the shared diagram, AFAIU OPA server will evaluate the >>> policy and sends the decision to IS. But we already have a XACML engine to >>> do the same job. In that case, could you please explain more on what is the >>> specific reason for implementing an OPA even though we already have XACML >>> engine to evaluate the policies?. Once we implement the OPA are we planning >>> to deprecate XAML engine? >>> >>> Thanks, >>> Nila. >>> >>> >>>> [1] https://www.openpolicyagent.org/docs/latest >>>> >>>> >>>> >>>> Please find the flow Diagram attached to this email. >>>> >>>> >>>> >>>> >>>> Thanks, >>>> >>>> >>>> -- >>>> R.Nirubikaa >>>> Software Engineering Intern | WSO2 >>>> M: O779108852 >>>> >>>> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "IAM team" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to iam-group+unsubscr...@wso2.com. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/wso2.com/d/msgid/iam-group/CA%2BP04X9vN_8m-ZELn8wVpxK8ZdZXjsqKeGdGMozcYCcaKLnQ4A%40mail.gmail.com >>>> <https://groups.google.com/a/wso2.com/d/msgid/iam-group/CA%2BP04X9vN_8m-ZELn8wVpxK8ZdZXjsqKeGdGMozcYCcaKLnQ4A%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> >>> >>> -- >>> Nilasini Thirunavukkarasu >>> Senior Software Engineer - WSO2 >>> >>> Email : nilas...@wso2.com >>> Mobile : +94775241823 >>> Web : http://wso2.com/ >>> >>> >>> <http://wso2.com/signature> >>> >> >> >> -- >> Nilasini Thirunavukkarasu >> Senior Software Engineer - WSO2 >> >> Email : nilas...@wso2.com >> Mobile : +94775241823 >> Web : http://wso2.com/ >> >> >> <http://wso2.com/signature> >> _______________________________________________ >> Architecture mailing list >> Architecture@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> > > > -- > Best Regards, > > * Shammi Jayasinghe* > > > *Senior Technical Lead* > *WSO2, Inc.* > *+1-812-391-7730* > *+1-812-327-3505* > > *http://shammijayasinghe.blogspot.com > <http://shammijayasinghe.blogspot.com>* > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
