Policies

OPA

Open Policy Agent

Adopt Foundation CNCF (Graduated) Since 2016

Judgement: Adopt

General-purpose policy engine; mature Rego ecosystem.

General-purpose policy engine that decouples policy decisions from your services. Policies are written in Rego and evaluated at request time.

In a data mesh, OPA shows up wherever federated governance needs to enforce rules — access requests, contract gates in CI, infrastructure guard-rails — without putting the rules into application code.

Why it counts as a standard

Rego — the policy language OPA defines — has become the portable way to express authorization rules across cloud-native systems. Kubernetes admission control, service meshes, CI gates, and data-mesh governance all consume the same Rego policies. The language and the OPA evaluation API are the standard, with multiple compatible runtimes.

At a glance

Category
Policies
Governance
CNCF (Graduated)
Status
Stable; de-facto policy engine for cloud-native
First released
2016

Links

Related standards

Other standards in Policies.

See OPA in context

Open the interactive Data Landscape to compare OPA against every other open standard, or grab the raw JSON. Spotted something wrong? Open an issue.