UPDATED 10:38 EST / FEBRUARY 10 2021


OPA’s graduation from CNCF signals growing interest in unified authorization solution

Open Policy Agent is now officially a member of the Cloud Native Computing Foundation’s graduating class of 2021.

The open-source general purpose policy engine had experienced 91% adoption, according to an OPA user survey, and has been placed in production for major enterprises, such as Netflix Inc., Pinterest Inc., T-Mobile USA Inc. and The Goldman Sachs Group Inc.

The OPA project, created by Styra Inc., achieved graduation from CNCF after completing a security audit, addressing vulnerabilities and defining its own governance. OPA’s mission is to extend user access beyond identity management and authentication into authorized actions.

“Identity management is really this problem of who you are, and it’s often solved from a user’s point of view by providing a username and a password or a thumbprint or multi-factor authentication,” explained Tim Hinrichs (pictured), co-founder of Styra. “Authorization is the next step. It’s about actions you can perform once you’ve convinced the machine who you are. That’s the piece that we focus on.”

Hinrichs spoke with Stu Miniman, host of theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed OPA’s popularity among enterprise users and Styra’s control plane for the open-source tool. (* Disclosure below.)

Validating API calls

OPA has proven to be especially popular as a tool for providing authorization solutions for core enterprise IT use cases, such as microservices and Kubernetes, according to Hinrichs.

“For Kubernetes, any time an end user is trying to spin up a resource, whether it’s a pod or ingress on the Kube cluster, you can integrate OPA with that Kube API server and allow OPA to make a decision: ‘Is this new resource safe to deploy on the cluster?’” Hinrichs noted. “Right now, we’re at roughly a million downloads per week.”

While Styra donated OPA to the open-source community, the company has built a proprietary business on its Declarative Authorization Service, designed to help manage OPA throughout the organization.

“The idea architecturally behind OPA is you don’t have one copy of OPA running; you might have 10 or 100 or 1,000 copies running,” Hinrichs said. “Styra’s Declarative Authorization Service is a control plane, a management plane, a single pane of glass that allows you to operationalize OPA at scale for the enterprise.”

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s CUBE Conversations. (* Disclosure: Styra Inc. sponsored this segment of theCUBE. Neither Styra nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

Click here to join the free and open Startup Showcase event.

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.

Click here to join the free and open Startup Showcase event.