Prabath Siriwardena, profile picture
Uploaded byPrabath Siriwardena
1,235 views

Microservices Security Landscape

This document discusses security in microservices architectures. It begins by comparing monolithic and microservices approaches. It then covers edge security using API gateways and OAuth 2.0 authorization. Other topics include service-to-service security using TLS mutual authentication, JSON Web Tokens (JWTs), and SPIFFE/SPIRE for identity management. Patterns like JWTs, nested JWTs, and token exchange are presented for secure communication between services. The document also discusses access control and policy evaluation using approaches like embedded policy decision points and the Open Policy Agent (OPA) framework.

Embed presentation

Downloaded 53 times
MICROSERVICES SECURITY LANDSCAPE Prabath Siriwardena prabath@wso2.com | prabath@apache.org
● 11 years @ WSO2, leading the open source WSO2 Identity Server ● Blog: http://blog.facilelogin.com/ | Vlog: http://vlog.facilelogin.com ● Books ● Microservices Security in Action ~ April, 2019 ABOUT ME 2
MICROSERVICES
MONOLITHIC 4
MICROSERVICES 5
EDGE SECURITY
7 API GATEWAY PATTERN
8 API GATEWAY PATTERN
OAUTH 2.0
OAUTH 2.0 10
AUTHORIZATION CODE GRANT TYPE 11
12
SERVICE TO SERVICE SECURITY
TRUST THE NETWORK ▪ TLS Mutual Authentication ▪ JWT (JSON Web Token) 14
CERTIFICATES
TLS MUTUAL AUTHENTICATION ▪ Each microservice will have its own certificate to prove its identity ▪ How do we provision certificates to each microservice? ▪ How do we deal with certificate revocations? ▪ How do we deal with trust bootstrap? ▪ How do we deal with key rotation? 16
SPIFFE / SPIRE ▪ Secure Production Identity Framework for Everyone. ▪ SPIFFE tries to solve the trust bootstrap problem in a platform agnostic manner. ▪ SPIFFE provides an identity to each workload in a microservices deployment, which is known as the SPIFFE ID. E.g.: spiffe://acme.com/billing/payments 17
SPIFFE / SPIRE 18
SPIFFE + OAUTH 2.0 19
JWT
JWT (JSON WEB TOKEN) ▪ Defines a container to transport data between interested parties. ▪ There are multiple applications of JWT - in OpenID Connect the id_token is represented as a JWT. ▪ Propagate one’s identity between interested parties. ▪ Propagate user entitlements between interested parties. ▪ Transfer data securely between interested parties over a unsecured channel. ▪ Assert one’s identity, given that the recipient of the JWT trusts the asserting party. 21
JWT (JSON WEB TOKEN) ▪ A JWT does not exist itself — either it has to be a JWS or a JWE (JSON Web Encryption). ▪ It’s like an abstract class — the JWS and JWE are the concrete implementations. ▪ We call a JWS or JWE, a JWT only if it follows the compact serialization. 22
JWT (JSON WEB TOKEN) 23
JWT (JSON WEB TOKEN) eyJhbGciOiJSUzI1NiIsImtpZCI6Ijc4YjRjZjIzNjU2ZGMzOTUzNjRmMWI2YzAyOTA3NjkxZjJjZGZmZTEifQ.eyJpc 3MiOiJhY2NvdW50cy5nb29nbGUuY29tIiwic3ViIjoiMTEwNTAyMjUxMTU4OTIwMTQ3NzMyIiwiYXpwIjoiODI1 MjQ5ODM1NjU5LXRlOHFnbDcwMWtnb25ub21ucDRzcXY3ZXJodTEyMTFzLmFwcHMuZ29vZ2xldXNlcmNvbn RlbnQuY29tIiwiZW1haWwiOiJwcmFiYXRoQHdzbzIuY29tIiwiYXRfaGFzaCI6InpmODZ2TnVsc0xCOGdGYXFSd 2R6WWciLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiYXVkIjoiODI1MjQ5ODM1NjU5LXRlOHFnbDcwMWtnb25ub 21ucDRzcXY3ZXJodTEyMTFzLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiaGQiOiJ3c28yLmNvbSIsImlhd CI6MTQwMTkwODI3MSwiZXhwIjoxNDAxOTEyMTcxfQ.TVKv-pdyvk2gW8sGsCbsnkqsrS0T-H00xnY6ETkIfg IxfotvFn5IwKm3xyBMpy0FFe0Rb5Ht8AEJV6PdWyxz8rMgX2HROWqSo_RfEfUpBb4iOsq4W28KftW5H0I A44VmNZ6zU4YTqPSt4TPhyFC9fP2D_Hg7JQozpQRUfbWTJI 24
25 SELF-CONTAINED ACCESS TOKENS
26 JWT DEMO WITH BALLERINA
SERVICE TO SERVICE INTERACTION PATTERNS
TRUST THE NETWORK 28
SHARED JWT + mTLS 29
NESTED JWT 30
JWT WITH TOKEN EXCHANGE 31
CROSS DOMAIN 32
ACCESS CONTROL
POLICY EVALUATION (CENTRAL PDP) 34
POLICY EVALUATION (EMBEDDED PDP) 35
OPEN POLICY AGENT (OPA) ▪ A lightweight general-purpose policy engine that can be co-located with your service. ▪ Policies are written in Rego ▪ Can integrate OPA as a sidecar, host-level daemon, or library. ▪ Integrated with Spring, Service Mesh implementations (Istio, Linkerd), Kafka https://istio.io/docs/reference/config/policy-and-telemetry/adapters/opa/ ▪ Netflix is an early adopter of OPA 36
THANK YOU wso2.com

More Related Content

PPTX
Microservices Security Landscape
byPrabath Siriwardena
 
PPTX
Secure Authorization for your Printer: The OAuth Device Flow (DevSum 2018)
byScott Brady
 
PPTX
Modern Authentication for ASP.NET Core with IdentityServer 4 (Progressive .NE...
byScott Brady
 
PPTX
FREE Crypto Guide to EARN passive income online, DONT wait Start Now!
byMatthew
 
PDF
BrodTech 2021: Blockchain | Mak Muftić (ChainSafe)
byBrod Tech
 
PPTX
Euklid (1)
byAntonio Simeone
 
PPTX
Sidechains introduction
byLin Lin (Wendy)
 
ODP
Developers Guide To Blockchain, Bitcoin and Cryptocurrencies
bySam Dias
 
Microservices Security Landscape
byPrabath Siriwardena
 
Secure Authorization for your Printer: The OAuth Device Flow (DevSum 2018)
byScott Brady
 
Modern Authentication for ASP.NET Core with IdentityServer 4 (Progressive .NE...
byScott Brady
 
FREE Crypto Guide to EARN passive income online, DONT wait Start Now!
byMatthew
 
BrodTech 2021: Blockchain | Mak Muftić (ChainSafe)
byBrod Tech
 
Euklid (1)
byAntonio Simeone
 
Sidechains introduction
byLin Lin (Wendy)
 
Developers Guide To Blockchain, Bitcoin and Cryptocurrencies
bySam Dias
 

What's hot

PPTX
Cryptocurrency - Digital Currency
bySameer Satyam
 
PDF
Identity and Access Management At Mozilla
byMichael Van Kleeck
 
PDF
Introduction to Security Vulnerabilities
byvodQA
 
PPTX
WS - SecurityPolicy
byPrabath Siriwardena
 
PDF
Defense in Depth: Lessons Learned Securing 200,000 Sites
byPantheon
 
PPTX
AWS SSH Bastion
byGroots Software Technologies.
 
PDF
Defense in Depth: Securing your new Kubernetes cluster from the challenges th...
byCloudOps2005
 
PDF
Real world blockchains
byDmitry Meshkov
 
PPTX
Ssl certificate in internet world
byjamesbarns729
 
PPTX
Top 10 Web Hacks 2013
byMatt Johansen
 
PDF
HTTPS, Here and Now
byPhilippe De Ryck
 
PDF
Insecurity-In-Security version.1 (2010)
byAbhishek Kumar
 
PDF
Cryptocurrency - The Future of Payments
bySandy Palacios
 
PDF
Let's Encrypt! Wait. Why? How? - WC Pune
byNancy Thanki
 
PDF
Let's Encrypt! Wait. Why? How?
byNancy Thanki
 
PDF
Insecurity-In-Security version.2 (2011)
byAbhishek Kumar
 
PDF
Web security at Meteor (Pivotal Labs)
byEmily Stark
 
PDF
WPNYC: Moving your site to HTTPS
byPaul Schreiber
 
PDF
Registro de Informações no Blockchain da rede Bitcoin
byEdilson Osorio Junior
 
Cryptocurrency - Digital Currency
bySameer Satyam
 
Identity and Access Management At Mozilla
byMichael Van Kleeck
 
Introduction to Security Vulnerabilities
byvodQA
 
WS - SecurityPolicy
byPrabath Siriwardena
 
Defense in Depth: Lessons Learned Securing 200,000 Sites
byPantheon
 
AWS SSH Bastion
byGroots Software Technologies.
 
Defense in Depth: Securing your new Kubernetes cluster from the challenges th...
byCloudOps2005
 
Real world blockchains
byDmitry Meshkov
 
Ssl certificate in internet world
byjamesbarns729
 
Top 10 Web Hacks 2013
byMatt Johansen
 
HTTPS, Here and Now
byPhilippe De Ryck
 
Insecurity-In-Security version.1 (2010)
byAbhishek Kumar
 
Cryptocurrency - The Future of Payments
bySandy Palacios
 
Let's Encrypt! Wait. Why? How? - WC Pune
byNancy Thanki
 
Let's Encrypt! Wait. Why? How?
byNancy Thanki
 
Insecurity-In-Security version.2 (2011)
byAbhishek Kumar
 
Web security at Meteor (Pivotal Labs)
byEmily Stark
 
WPNYC: Moving your site to HTTPS
byPaul Schreiber
 
Registro de Informações no Blockchain da rede Bitcoin
byEdilson Osorio Junior
 

Similar to Microservices Security Landscape

PPTX
3783daf0-8a4d-45ad-a2f3-2a787053f90e.pptx
byNicoleFalcao1
 
PPTX
Microservices Security landscape
bySagara Gunathunga
 
PDF
Talk Microservices to Me: The Role of IAM in Microservice Architecture
byWSO2
 
PPTX
Cloud Identity Management
byDamian T. Gordon
 
PDF
muCon 2016: Authentication in Microservice Systems By David Borsos
byOpenCredo
 
PDF
Securing Web Applications with Token Authentication
byStormpath
 
PDF
Json web token api authorization
byGiulio De Donato
 
PDF
Authorization and Authentication in Microservice Environments
byLeanIX GmbH
 
PDF
Autenticação com Json Web Token (JWT)
byIvan Rosolen
 
PDF
JWT stands for JSON Web Token. It's a compact, URL-safe means of representing...
byVarun Mithran
 
PDF
Protecting Java Microservices: Best Practices and Strategies
byRodrigo Cândido da Silva
 
PPTX
Micro Web Service - Slim and JWT
byTuyen Vuong
 
PPTX
Microservices security - jpmc tech fest 2018
byMOnCloud
 
PDF
Authentication in microservice systems
byDavid Borsos
 
PDF
Are You Properly Using JWTs?
by42Crunch
 
PDF
API Security In Cloud Native Era
byWSO2
 
PDF
PHP Experience 2016 - [Palestra] Json Web Token (JWT)
byiMasters
 
PDF
Apidays Paris 2023 - I Have an OAuth2 Access Token, Now what do I do with it,...
byapidays
 
PDF
Secured REST Microservices with Spring Cloud
byOrkhan Gasimov
 
PPTX
OAuth Well Played – Mods and Combos for the Cloud Native API Security Game - ...
byNordic APIs
 
3783daf0-8a4d-45ad-a2f3-2a787053f90e.pptx
byNicoleFalcao1
 
Microservices Security landscape
bySagara Gunathunga
 
Talk Microservices to Me: The Role of IAM in Microservice Architecture
byWSO2
 
Cloud Identity Management
byDamian T. Gordon
 
muCon 2016: Authentication in Microservice Systems By David Borsos
byOpenCredo
 
Securing Web Applications with Token Authentication
byStormpath
 
Json web token api authorization
byGiulio De Donato
 
Authorization and Authentication in Microservice Environments
byLeanIX GmbH
 
Autenticação com Json Web Token (JWT)
byIvan Rosolen
 
JWT stands for JSON Web Token. It's a compact, URL-safe means of representing...
byVarun Mithran
 
Protecting Java Microservices: Best Practices and Strategies
byRodrigo Cândido da Silva
 
Micro Web Service - Slim and JWT
byTuyen Vuong
 
Microservices security - jpmc tech fest 2018
byMOnCloud
 
Authentication in microservice systems
byDavid Borsos
 
Are You Properly Using JWTs?
by42Crunch
 
API Security In Cloud Native Era
byWSO2
 
PHP Experience 2016 - [Palestra] Json Web Token (JWT)
byiMasters
 
Apidays Paris 2023 - I Have an OAuth2 Access Token, Now what do I do with it,...
byapidays
 
Secured REST Microservices with Spring Cloud
byOrkhan Gasimov
 
OAuth Well Played – Mods and Combos for the Cloud Native API Security Game - ...
byNordic APIs
 

More from Prabath Siriwardena

PPTX
API Security : Patterns and Practices
byPrabath Siriwardena
 
PDF
API Security Best Practices & Guidelines
byPrabath Siriwardena
 
PDF
OAuth 2.0 for Web and Native (Mobile) App Developers
byPrabath Siriwardena
 
PDF
Blockchain-based Solutions for Identity & Access Management
byPrabath Siriwardena
 
PDF
OAuth 2.0 Threat Landscapes
byPrabath Siriwardena
 
PPTX
Next-Gen Apps with IoT and Cloud
byPrabath Siriwardena
 
PDF
Identity Management for Web Application Developers
byPrabath Siriwardena
 
PDF
Cloud Native Identity with SPIFFE
byPrabath Siriwardena
 
PPTX
OAuth 2.0 Threat Landscape
byPrabath Siriwardena
 
PPTX
Securing Insecure
byPrabath Siriwardena
 
PDF
Securing Single-Page Applications with OAuth 2.0
byPrabath Siriwardena
 
PPTX
Evolution of Internet Identity
byPrabath Siriwardena
 
PPTX
The Evolution of Internet Identity
byPrabath Siriwardena
 
PDF
Open Standards in Identity Management
byPrabath Siriwardena
 
PDF
API Security Best Practices & Guidelines
byPrabath Siriwardena
 
PPTX
Connected Identity : The Role of the Identity Bus
byPrabath Siriwardena
 
PPTX
Best Practices in Building an API Security Ecosystem
byPrabath Siriwardena
 
PDF
Identity is Eating the World!
byPrabath Siriwardena
 
PDF
GDPR for Identity Architects
byPrabath Siriwardena
 
PPTX
Connected Identity : Benefits, Risks & Challenges
byPrabath Siriwardena
 
API Security : Patterns and Practices
byPrabath Siriwardena
 
API Security Best Practices & Guidelines
byPrabath Siriwardena
 
OAuth 2.0 for Web and Native (Mobile) App Developers
byPrabath Siriwardena
 
Blockchain-based Solutions for Identity & Access Management
byPrabath Siriwardena
 
OAuth 2.0 Threat Landscapes
byPrabath Siriwardena
 
Next-Gen Apps with IoT and Cloud
byPrabath Siriwardena
 
Identity Management for Web Application Developers
byPrabath Siriwardena
 
Cloud Native Identity with SPIFFE
byPrabath Siriwardena
 
OAuth 2.0 Threat Landscape
byPrabath Siriwardena
 
Securing Insecure
byPrabath Siriwardena
 
Securing Single-Page Applications with OAuth 2.0
byPrabath Siriwardena
 
Evolution of Internet Identity
byPrabath Siriwardena
 
The Evolution of Internet Identity
byPrabath Siriwardena
 
Open Standards in Identity Management
byPrabath Siriwardena
 
API Security Best Practices & Guidelines
byPrabath Siriwardena
 
Connected Identity : The Role of the Identity Bus
byPrabath Siriwardena
 
Best Practices in Building an API Security Ecosystem
byPrabath Siriwardena
 
Identity is Eating the World!
byPrabath Siriwardena
 
GDPR for Identity Architects
byPrabath Siriwardena
 
Connected Identity : Benefits, Risks & Challenges
byPrabath Siriwardena
 

Recently uploaded

PDF
BÀI GIẢNG POWERPOINT CHÍNH KHÓA PHIÊN BẢN AI TIẾNG ANH 6 CẢ NĂM, THEO TỪNG BÀ...
byNguyen Thanh Tu Collection
 
PDF
Agents in Artificial Intelligence: Types, Architecture and Real-World Examples
byARTHIDEVARANIP
 
PDF
workbook-de-ingles-completo-english-path-1.pdf
bystefaniemartinezcarc
 
PPTX
bundle of care.pptx Priti Bala @ BRD med
bypritibala13
 
PDF
To synthesis and submit Benzamide synthesis.pdf
byPradeep Swarnkar
 
PDF
McDowell Technical Community College Early Childhood Program Equitable Workfo...
byEducationNC
 
PPTX
How to Add or Remove Multiple Followers in a Records
byCeline George
 
PPTX
How to Create & Manage Wizard in Odoo 18
byCeline George
 
PPTX
Maja Videnovik - Transforming Cybersecurity Learning into an Adventure
bybvtricks
 
PPTX
The Creation Pattern Physical Health.pptx
byTammy Hulse
 
PPTX
How to create Article in Odoo 18 Knowledge App
byCeline George
 
PPTX
VITAMINS CHAPTER NO.05 PHARMACOGNOSY D. PHARMACY
byGanu Gavade
 
PDF
Problem Solving Agents in Artificial Intelligence with Examples and Water Jug...
byARTHIDEVARANIP
 
PDF
NCA New Family Orientation 2026 Dosemagen.pdf
bytimdosemagen1
 
PPTX
Alma Šuto - From Tradition to Innovation: Creative AI in Education
bybvtricks
 
PPTX
Introduction of Carbohydrates - Dr.M.Jothimuniyandi
byJothimuniyandi
 
PPTX
How to Create Opening Balance in Odoo 18
byCeline George
 
PPTX
VAGINAL IRRIGATION..................pptx
byAneetaSharma15
 
PPTX
OXYGEN ADMINISTRATION/THERAPY ......pptx
byAneetaSharma15
 
PPTX
Burnout_among_medical teachers_&_mentoring .pptx
byAhmadUzairQureshi
 
BÀI GIẢNG POWERPOINT CHÍNH KHÓA PHIÊN BẢN AI TIẾNG ANH 6 CẢ NĂM, THEO TỪNG BÀ...
byNguyen Thanh Tu Collection
 
Agents in Artificial Intelligence: Types, Architecture and Real-World Examples
byARTHIDEVARANIP
 
workbook-de-ingles-completo-english-path-1.pdf
bystefaniemartinezcarc
 
bundle of care.pptx Priti Bala @ BRD med
bypritibala13
 
To synthesis and submit Benzamide synthesis.pdf
byPradeep Swarnkar
 
McDowell Technical Community College Early Childhood Program Equitable Workfo...
byEducationNC
 
How to Add or Remove Multiple Followers in a Records
byCeline George
 
How to Create & Manage Wizard in Odoo 18
byCeline George
 
Maja Videnovik - Transforming Cybersecurity Learning into an Adventure
bybvtricks
 
The Creation Pattern Physical Health.pptx
byTammy Hulse
 
How to create Article in Odoo 18 Knowledge App
byCeline George
 
VITAMINS CHAPTER NO.05 PHARMACOGNOSY D. PHARMACY
byGanu Gavade
 
Problem Solving Agents in Artificial Intelligence with Examples and Water Jug...
byARTHIDEVARANIP
 
NCA New Family Orientation 2026 Dosemagen.pdf
bytimdosemagen1
 
Alma Šuto - From Tradition to Innovation: Creative AI in Education
bybvtricks
 
Introduction of Carbohydrates - Dr.M.Jothimuniyandi
byJothimuniyandi
 
How to Create Opening Balance in Odoo 18
byCeline George
 
VAGINAL IRRIGATION..................pptx
byAneetaSharma15
 
OXYGEN ADMINISTRATION/THERAPY ......pptx
byAneetaSharma15
 
Burnout_among_medical teachers_&_mentoring .pptx
byAhmadUzairQureshi
 

Microservices Security Landscape

  • 1.
    MICROSERVICES SECURITY LANDSCAPE PrabathSiriwardena prabath@wso2.com | prabath@apache.org
  • 2.
    ● 11 years@ WSO2, leading the open source WSO2 Identity Server ● Blog: http://blog.facilelogin.com/ | Vlog: http://vlog.facilelogin.com ● Books ● Microservices Security in Action ~ April, 2019 ABOUT ME 2
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
    TRUST THE NETWORK ▪TLS Mutual Authentication ▪ JWT (JSON Web Token) 14
  • 15.
  • 16.
    TLS MUTUAL AUTHENTICATION ▪Each microservice will have its own certificate to prove its identity ▪ How do we provision certificates to each microservice? ▪ How do we deal with certificate revocations? ▪ How do we deal with trust bootstrap? ▪ How do we deal with key rotation? 16
  • 17.
    SPIFFE / SPIRE ▪Secure Production Identity Framework for Everyone. ▪ SPIFFE tries to solve the trust bootstrap problem in a platform agnostic manner. ▪ SPIFFE provides an identity to each workload in a microservices deployment, which is known as the SPIFFE ID. E.g.: spiffe://acme.com/billing/payments 17
  • 18.
  • 19.
  • 20.
  • 21.
    JWT (JSON WEBTOKEN) ▪ Defines a container to transport data between interested parties. ▪ There are multiple applications of JWT - in OpenID Connect the id_token is represented as a JWT. ▪ Propagate one’s identity between interested parties. ▪ Propagate user entitlements between interested parties. ▪ Transfer data securely between interested parties over a unsecured channel. ▪ Assert one’s identity, given that the recipient of the JWT trusts the asserting party. 21
  • 22.
    JWT (JSON WEBTOKEN) ▪ A JWT does not exist itself — either it has to be a JWS or a JWE (JSON Web Encryption). ▪ It’s like an abstract class — the JWS and JWE are the concrete implementations. ▪ We call a JWS or JWE, a JWT only if it follows the compact serialization. 22
  • 23.
    JWT (JSON WEBTOKEN) 23
  • 24.
    JWT (JSON WEBTOKEN) eyJhbGciOiJSUzI1NiIsImtpZCI6Ijc4YjRjZjIzNjU2ZGMzOTUzNjRmMWI2YzAyOTA3NjkxZjJjZGZmZTEifQ.eyJpc 3MiOiJhY2NvdW50cy5nb29nbGUuY29tIiwic3ViIjoiMTEwNTAyMjUxMTU4OTIwMTQ3NzMyIiwiYXpwIjoiODI1 MjQ5ODM1NjU5LXRlOHFnbDcwMWtnb25ub21ucDRzcXY3ZXJodTEyMTFzLmFwcHMuZ29vZ2xldXNlcmNvbn RlbnQuY29tIiwiZW1haWwiOiJwcmFiYXRoQHdzbzIuY29tIiwiYXRfaGFzaCI6InpmODZ2TnVsc0xCOGdGYXFSd 2R6WWciLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiYXVkIjoiODI1MjQ5ODM1NjU5LXRlOHFnbDcwMWtnb25ub 21ucDRzcXY3ZXJodTEyMTFzLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiaGQiOiJ3c28yLmNvbSIsImlhd CI6MTQwMTkwODI3MSwiZXhwIjoxNDAxOTEyMTcxfQ.TVKv-pdyvk2gW8sGsCbsnkqsrS0T-H00xnY6ETkIfg IxfotvFn5IwKm3xyBMpy0FFe0Rb5Ht8AEJV6PdWyxz8rMgX2HROWqSo_RfEfUpBb4iOsq4W28KftW5H0I A44VmNZ6zU4YTqPSt4TPhyFC9fP2D_Hg7JQozpQRUfbWTJI 24
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
    SHARED JWT +mTLS 29
  • 30.
  • 31.
    JWT WITH TOKENEXCHANGE 31
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
    OPEN POLICY AGENT(OPA) ▪ A lightweight general-purpose policy engine that can be co-located with your service. ▪ Policies are written in Rego ▪ Can integrate OPA as a sidecar, host-level daemon, or library. ▪ Integrated with Spring, Service Mesh implementations (Istio, Linkerd), Kafka https://istio.io/docs/reference/config/policy-and-telemetry/adapters/opa/ ▪ Netflix is an early adopter of OPA 36
  • 37.