Oracle Cloud Infrastructure is proud to announce the general availability of Speedle, an open source policy management and enforcement solution developed by Oracle. This general-purpose policy engine enables unified, context-aware policy enforcement across applications. Speedle dramatically simplifies the configuration, management, and enforcement of security and authorization policies within cloud native environments.
Many companies are modernizing their existing applications to become more agile and innovate faster. Microservices-based architecture enables teams to independently test services and continuously deliver changes to applications. The number of applications developed and used within an enterprise is continuing to grow rapidly.
Cloud native and DevSecOps are about reducing variability and human-error, increasing repeatability, and implementing practices underpinned by policies to deliver applications and features reliably and efficiently. To truly operate at cloud scale, policy-based automation is a key requirement. Administrators and developers spend many hours authoring security policies within each application, and this is a repetitive effort for every application developed within the organization. Managing and maintaining these application-specific policies is another key concern.
Existing access control and authorization solutions have the following shortcomings:
Speedle solves these shortcomings by providing powerful and dynamic access control capabilities that are decoupled from the application. It offers several capabilities to handle complex policies, such as who can access what under what conditions. It provides these capabilities in a centralized and domain-agnostic way, managing and maintaining policies across several applications. These policies can be created and evaluated as needed, reducing costs and saving time.
In a setting with one or more cloud native applications, application developers no longer need to hardcode policies within the application. Speedle provides a high-level declarative language for authoring policies and simple APIs to answer policy queries. Speedle is licensed under the Universal Permissive License (UPL) version 1.0, so you can integrate Speedle with your own systems.
Using Speedle, developers can offload policy decisions such as the following ones from the core service or application:
Before Speedle, the policy effort for each application included:
With Speedle, the policy effort for each application is simply integration with Speedle.
Speedle: Before and After
Speedle has the following components:
Implementing admission control policies in Kubernetes is a key use case of Speedle. Here is one policy example: prevent images with known vulnerabilities from getting deployed onto Kubernetes. Speedle can intercept requests to the Kubernetes API server before the relative objects, providing intent for the desired cluster state, and can be persisted to the etcd key/value object store.
Additional sample use cases:
I encourage all of you to try Speedle. Please let us know if you have questions or comments. There are also opportunities to further contribute and enhance Speedle. Please feel free to reach me at firstname.lastname@example.org.
Here are some key links to project Speedle: