As enterprises build out application networks in modern service meshes, one critical objective is to formulate effective, repeatable, and consistent security policies when publishing your underlying applications to the world. But it often devolves into an every-project-for-itself mentality. What if you could offload this Undifferentiated Heavy Lifting from individual project teams and apply it consistently using declarative configuration across entire swaths of the organization?

We'll explore this and similar topics in this talk:
• Application-managed code vs. externalized policies
• Imperative vs. declarative security configuration
• Opaque keys vs. content-rich tokens
• Homegrown authZ vs. policy-driven Open Policy Agent

The talk will conclude with a live demonstration of applying these principles in an Istio-based service mesh environment.