Open Policy Agent is now officially a member of the Cloud Native Computing Foundation’s graduating class of 2021.

The open-source general purpose policy engine had experienced 91% adoption, according to an OPA user survey, and has been placed in production for major enterprises, such as Netflix Inc., Pinterest Inc., T-Mobile USA Inc. and The Goldman Sachs Group Inc.

The OPA project, created by Styra Inc., achieved graduation from CNCF after completing a security audit, addressing vulnerabilities and defining its own governance. OPA’s mission is to extend user access beyond identity management and authentication into authorized actions.

“Identity management is really this problem of who you are, and it’s often solved from a user’s point of view by providing a username and a password or a thumbprint or multi-factor authentication,” explained Tim Hinrichs (pictured), co-founder of Styra. “Authorization is the next step. It’s about actions you can perform once you’ve convinced the machine who you are. That’s the piece that we focus on.”

Hinrichs spoke with Stu Miniman, host of theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed OPA’s popularity among enterprise users and Styra’s control plane for the open-source tool. (* Disclosure below.)

Validating API calls

OPA has proven to be especially popular as a tool for providing authorization solutions for core enterprise IT use cases, such as microservices and Kubernetes, according to Hinrichs.

“For Kubernetes, any time an end user is trying to spin up a resource, whether it’s a pod or ingress on the Kube cluster, you can integrate OPA with that Kube API server and allow OPA to make a decision: ‘Is this new resource safe to deploy on the cluster?’” Hinrichs noted. “Right now, we’re at roughly a million downloads per week.”

While Styra donated OPA to the open-source community, the company has built a proprietary business on its Declarative Authorization Service, designed to help manage OPA throughout the organization.

“The idea architecturally behind OPA is you don’t have one copy of OPA running; you might have 10 or 100 or 1,000 copies running,” Hinrichs said. “Styra’s Declarative Authorization Service is a control plane, a management plane, a single pane of glass that allows you to operationalize OPA at scale for the enterprise.”

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s CUBE Conversations. (* Disclosure: Styra Inc. sponsored this segment of theCUBE. Neither Styra nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE