POLICY language

blee · August 23, 2023, 2:48pm

Hi
Is there a specification of the policy language anywhere? over and above the documentation at

Thanks
blee

TheLumberjack · August 23, 2023, 4:11pm

Hi @blee, welcome to the community and to OpenZiti!

At this time there's no "language" associated with policies. There are a fixed set of policies one can create. There are "edge router policies" (identities -- routers), "service policies" (identities -- services) and "service edge router policies"(services -- routers). They allow the operator to associate identities/services/routers.

There's no expressive evaluation done or complex logic involved. It's mapping either attributes (denoted with #) or direct references (denoted with @) to be mapped together.

Is there a specific question that you were wondering about other than that we might help with?

blee · August 24, 2023, 6:57pm

Yes, I was wondering if its possible to extend the policy capabilies - e.g. by introducing new context/posture attributes ?

TheLumberjack · August 24, 2023, 7:02pm

I am sure it's possible. @andrew.martinez probably would be the one to offer other thoughts.

@blee do you have any specific types of requests or thoughts? What kind of thing were you looking to introduce?

andrew.martinez · August 29, 2023, 2:13pm

The posture and policy system is pretty static at the moment.

We discussed briefly allowing custom posture checks (including requesting data from SDKs and replying from SDKs). However, we never undertook it.

We have never discussed it for policies.

Topic		Replies	Views
Taking a closer look at policies	7	407	January 28, 2022
Miscellaneous questions General Questions	3	203	September 16, 2022
Want to know more about Ziti concepts General Questions	3	624	May 1, 2022
Does OpenZiti create any policies on the admin's behalf?	2	95	February 26, 2024
Edge router policy vs Edge service policy	3	163	March 20, 2023

POLICY language

Related topics