With policy-as-code, development and security teams can interface through one language that seamlessly integrates with their CI/CD pipelines. If a change or update needs to be made to an authorization policy, engineers can do so by modifying the policy directly in code with the confidence that they are complying with security as well as their DevOps requirements.
To support the ongoing acceleration of innovation, policy-as-code enables organizations to experience an increase in their ability to scale policy, create visibility, support cross-functional collaboration, and automate testing.
Below is an example of how ALFA supports a DevOps pipeline through policy-as-code:
The central authorization team enables a process to manage requests for new authorization policies or updates to existing policies.
This central authorization team is aligned to the DevOps process as well as team. Policies are created/updated either “as code” (e.g. ALFA) or through a web based policy editor.
Policy changes are compiled, committed and pushed to the source repository (e.g. Github).
Policies are automatically deployed as part of the organizations CI/CD process. Axiomatics allows for automated workflows to be created and integrated into the deployment tools (e.g. Jenkins).
Policies are automatically tested as part of the DevOps pipeline.
Policies are deployed to the policy decision services (PDP) to serve target resources (front-end web apps, APIs, microservices, etc.) with the desired authorization outcomes.
Axiomatics solution for Policy-as-code is the Abbreviated Language for Authorization (ALFA). Built specifically to support developers and DevOps with the creation and management of authorization policies, ALFA is a lightweight language that can plug into the solutions and tools that developers use to express authorization policies, such as Visual Studio Code.
With ALFA, developers can benefit from the ability to:
Below is a screenshot showing an example of authorization policies written in Visual Studio Code:
Axiomatics has the experience and expertise that will help you through common deployment challenges. Axiomatics follows a well-tested and repeatable approach that is your blueprint for success.
In as little as three to six months, we empower any organization to successfully deploy authorization solutions and future-proof any access management strategy.
There is no one right answer here. Depending on size and environment complexity and other variables, an enterprise may find they need ALFA or OPA or both to create the policy–as-code strategy that works best to meet their needs.
The Abbreviated Language For Authorization (ALFA) is a domain-specific language used to express access control and authorization policies. Based on the de facto access control standard from OASIS, eXtensible Access Control Markup Language (XACML), ALFA provides a simple way to write these policies in a language akin to software development languages like Java and Python.
Open Policy Agent is an open source, general-purpose policy engine used to unify policy enforcement across the stack.
Our Orchestrated Authorization approach includes multiple formats in which you can author policies:
Meet with our experts to see how our solution helps businesses worldwide meet their access control needs.Contact us