Application Code of Conduct - Full Stack Policy as Code

The increasing complexity of applications and the need for fine-grained authorization mechanisms have made it necessary to build a comprehensive policy management system that covers the entire stack. With the rise of Policy as Code, it's now possible to codify policies and enforce them at different layers of the application.

One of the biggest challenges in implementing policy as code is ensuring that the policies are consistently enforced throughout the stack, and streamlining policies across multi-functional applications and business functions. It's important to have a solution that can handle policies across the full stack, from the back-end to the front-end, while also being flexible enough to support the unique needs of different business functions.

In this talk, we'll share our journey of building a full-stack authorization solution using open-source tools such as Rego and the Open Policy Agent. We'll show how we used these tools to build an open-source administration layer, run sidecars in applications, and integrate with the front-end using CASL to enforce policies in the web app. Come and learn about our experience and how you can implement a similar solution for your applications.