Remote Policy URL or Rego specified condition for dynamic verification policies. #948
Comments
|
Thanks for your question, @ercfermi We will answer it as soon as we can. Best, |
|
Hello @ercfermi, thank you for your contribution! The uploadPolicy function is responsible for uploading the Rego code to the OPA server in both cases:
|
|
I understand that when the rego is provided, the policy url is also needed to upload the rego to the opa, verify policy and delete it afterwards. Now consider the case where the opa has been configured with the policy url via kubernetes configmap. Would it be a usable case to just provide the policy url without the rego code? This will provide benefits such as policy can be managed and version control separately providing audit and log capability. And will also remove the need of uploading and deleting the rego to the opa at each call. Thus allowing reusability of the policy deployed to the opa. And finally removing the need to learn rego for end user as they can just apply the desired policy via the policy url without providing the rego code. Would this be a usable case? |
No , You can either provide the |
Based on the Remote Policy Url in https://docs.walt.id/community-stack/verifier/api/credential-verification/policies/dynamic-verification-policies#prerequisites, the updatePolicy likely to be dependent on the settings of the rules. Specifically, if the rules is rego, then the uploadPolicy applies. Otherwise if the rules content is specified as policy_url then the uploadPolicy is not needed.
Would this be a correct intention @SuperBatata ?
waltid-identity/waltid-libraries/credentials/waltid-verification-policies/src/commonMain/kotlin/id/walt/policies/policies/DynamicPolicy.kt
Line 195 in a89c220
The text was updated successfully, but these errors were encountered: