Hi Maduranga, Thanks for explaining. Is there any possibility that we can ship this OPA server within the product. Basically, Here we seems to be expecting the IS user to have a separate OPA server. Is that practical that there will be a separate OPA server running in a deployment. If that is a http call, There can be network delays/ connectivity issues due to this model.
Thanks shammi On Thu, May 23, 2019 at 5:23 AM Maduranga Siriwardena <madura...@wso2.com> wrote: > Hi Shammi, > > OPA will be running as a standalone server. We will provide a format for > the policy to create in the OPA server and a request format. From the > identity server side will provide the ability to configure the OPA data > endpoint. This is the idea at the moment and any suggestions are welcome. > > Regards, > > > On Thu, May 23, 2019, 8:43 AM Shammi Jayasinghe <sha...@wso2.com> wrote: > >> Hi Nirubikka, >> >> With this handler implementation, Are you planing to implement the UI for >> configuring policy as we have for xacml in [1] as well? >> What is the IS version we are planing add this? >> >> [1] https://docs.wso2.com/display/IS570/Creating+a+XACML+Policy >> Thanks >> shammi >> >> On Wed, May 15, 2019 at 10:50 PM Nilasini Thirunavukkarasu < >> nilas...@wso2.com> wrote: >> >>> Hi, >>> >>> After analyzing online resources[1][2] and offline discussion with >>> @Maduranga >>> Siriwardena <madura...@wso2.com> could able to get the answers for the >>> questions I have asked. >>> >>> - OPA is flexible, easy to use and maintainable so people tend to >>> use OPA to write and make decisions hence we need to provide the >>> capability to use OPA if someone needs. >>> - At the same time, some people still will be using XACML hence we >>> will be keeping both XACML and OPA. >>> >>> [1] https://www.infoq.com/news/2019/04/open-policy-agent-cncf >>> [2] >>> https://www.openpolicyagent.org/docs/latest/comparison-to-other-systems >>> >>> Thanks, >>> Nila. >>> >>> >>> >>> On Wed, May 15, 2019 at 11:46 AM Nilasini Thirunavukkarasu < >>> nilas...@wso2.com> wrote: >>> >>>> Hi Nirubikaa, >>>> >>>> On Wed, May 15, 2019 at 11:32 AM Nirubikaa Ravikumar < >>>> nirubi...@wso2.com> wrote: >>>> >>>>> Hi all, >>>>> >>>>> >>>>> >>>>> I am working on implementing an Open Policy Agent(OPA) authorization >>>>> handler for WSO2 Identity Server. >>>>> >>>>> >>>>> OPA is a lightweight general-purpose policy engine. Policies in OPA >>>>> are written in a high-level declarative language. You can find more >>>>> information about OPA from [1]. >>>>> >>>>> >>>>> The main Idea of this Authorization handler is to authorize a user >>>>> based on the policy which is stored at the OPA server, similar to what we >>>>> already do with XACML. >>>>> >>>> >>>> According to the shared diagram, AFAIU OPA server will evaluate the >>>> policy and sends the decision to IS. But we already have a XACML engine to >>>> do the same job. In that case, could you please explain more on what is the >>>> specific reason for implementing an OPA even though we already have XACML >>>> engine to evaluate the policies?. Once we implement the OPA are we planning >>>> to deprecate XAML engine? >>>> >>>> Thanks, >>>> Nila. >>>> >>>> >>>>> [1] https://www.openpolicyagent.org/docs/latest >>>>> >>>>> >>>>> >>>>> Please find the flow Diagram attached to this email. >>>>> >>>>> >>>>> >>>>> >>>>> Thanks, >>>>> >>>>> >>>>> -- >>>>> R.Nirubikaa >>>>> Software Engineering Intern | WSO2 >>>>> M: O779108852 >>>>> >>>>> >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "IAM team" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to iam-group+unsubscr...@wso2.com. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/wso2.com/d/msgid/iam-group/CA%2BP04X9vN_8m-ZELn8wVpxK8ZdZXjsqKeGdGMozcYCcaKLnQ4A%40mail.gmail.com >>>>> <https://groups.google.com/a/wso2.com/d/msgid/iam-group/CA%2BP04X9vN_8m-ZELn8wVpxK8ZdZXjsqKeGdGMozcYCcaKLnQ4A%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> >>>> >>>> -- >>>> Nilasini Thirunavukkarasu >>>> Senior Software Engineer - WSO2 >>>> >>>> Email : nilas...@wso2.com >>>> Mobile : +94775241823 >>>> Web : http://wso2.com/ >>>> >>>> >>>> <http://wso2.com/signature> >>>> >>> >>> >>> -- >>> Nilasini Thirunavukkarasu >>> Senior Software Engineer - WSO2 >>> >>> Email : nilas...@wso2.com >>> Mobile : +94775241823 >>> Web : http://wso2.com/ >>> >>> >>> <http://wso2.com/signature> >>> _______________________________________________ >>> Architecture mailing list >>> Architecture@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >> >> >> -- >> Best Regards, >> >> * Shammi Jayasinghe* >> >> >> *Senior Technical Lead* >> *WSO2, Inc.* >> *+1-812-391-7730* >> *+1-812-327-3505* >> >> *http://shammijayasinghe.blogspot.com >> <http://shammijayasinghe.blogspot.com>* >> >> _______________________________________________ >> Architecture mailing list >> Architecture@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > -- Best Regards, * Shammi Jayasinghe* *Senior Technical Lead* *WSO2, Inc.* *+1-812-391-7730* *+1-812-327-3505* *http://shammijayasinghe.blogspot.com <http://shammijayasinghe.blogspot.com>*
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture