Service mesh technologies have emerged as a powerful tool for managing communications in microservices-oriented architectures. However, enforcing complex access control policies often requires stateful mechanisms, which are not directly supported by policy languages like Rego. To address this limitation, we propose the OPA Wrapper State Manager (OWSM). OWSM maintains a separate state store that can be accessed during policy evaluation. This enables the specification and enforcement of stateful access control policies using Rego’s declarative syntax. We evaluate the performance and overhead of OWSM through experiments, demonstrating its effectiveness in enhancing the capabilities of service mesh environments.
OWSM: Empowering Rego for Stateful Access Control
Baldo M.;Miculan M.;Riccio V.
2025-01-01
Abstract
Service mesh technologies have emerged as a powerful tool for managing communications in microservices-oriented architectures. However, enforcing complex access control policies often requires stateful mechanisms, which are not directly supported by policy languages like Rego. To address this limitation, we propose the OPA Wrapper State Manager (OWSM). OWSM maintains a separate state store that can be accessed during policy evaluation. This enables the specification and enforcement of stateful access control policies using Rego’s declarative syntax. We evaluate the performance and overhead of OWSM through experiments, demonstrating its effectiveness in enhancing the capabilities of service mesh environments.| File | Dimensione | Formato | |
|---|---|---|---|
|
OWSM-ITASEC.pdf
accesso aperto
Licenza:
Creative commons
Dimensione
1.56 MB
Formato
Adobe PDF
|
1.56 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
