I understand the intent of the initialisims was to simplify things, but PEP vs PDP vs PAP vs PIP? It made it basically impossible to actively follow what was going on.
Hi, thanks for the valuable feedback! I definitely agree and realized (later) that the OPA acronym soup became a bit unwieldy :) Just to simplify: - The Enforcement Point (somewhere in the code path) asks the Decision Point for ALLOW or DENY, providing any necessary information. - The Decision Point evaluates a specific policy and returns the decision. (The other components simply relate to how policies are packaged and deployed from an administrative point of view [PAP], and how a decision that might require additional information can request/receive it [PIP]) I'll incorporate the feedback into upcoming presentations, and let me know if you have any questions! Cheers /Marc
Are there any examples of how to request those tokens with the hash as a claim? I'm having a hard time understanding how to do this with keycloak.
I understand the intent of the initialisims was to simplify things, but PEP vs PDP vs PAP vs PIP? It made it basically impossible to actively follow what was going on.
Hi, thanks for the valuable feedback! I definitely agree and realized (later) that the OPA acronym soup became a bit unwieldy :)
Just to simplify:
- The Enforcement Point (somewhere in the code path) asks the Decision Point for ALLOW or DENY, providing any necessary information.
- The Decision Point evaluates a specific policy and returns the decision.
(The other components simply relate to how policies are packaged and deployed from an administrative point of view [PAP], and how a decision that might require additional information can request/receive it [PIP])
I'll incorporate the feedback into upcoming presentations, and let me know if you have any questions! Cheers /Marc