Tim Hinrichs and Teemu Koponen recognized that cloud computing was going to change how software authorization was done. The authorization problem--how approval was given for access and rights--was complex and only going to get more complicated. Hinrichs and Koponen wanted to solve this widespread and foundational problem, with the help of experts across industries that use cloud-native applications.

After building the core technology, Hinrichs and Koponen made an unusual choice. They decided to give it away for free.

That was 2016. The technology, called Open Policy Agent (OPA), is an open-source project approaching 100 million downloads, and it has a thriving community of support. OPA provides the building blocks for app developers to implement authorization rules and policies for the cloud-first world.

The open-source community approach

Open source is “a modern approach to building software,” Hinrichs says. Social media, streaming platforms, banks, and food delivery apps rely on open source, he says. “It’s freely available, and everyone can understand the lines of code and what they do.” Like OPA, a lot of open-source projects are what Hinrichs calls “building block technology” that make up the foundation of the apps used every day.

Successful open-source projects need communities around them, which take time and energy to build. Community members give talks about the problem and solution, publish blog posts, and create forums to share best practices. Some open-source projects mistakenly expect communities to grow by themselves, he says. But the community must be actively nurtured from the start, to foster growth and ensure the project is solving real problems.

Those writing open-source code must be willing to let competitors build on it. Hinrichs takes that as a sign of success, though. “The goal of the OPA project was to get authorization everywhere, make it a standard” with an ecosystem, just as the electrical system is a standard. For some users, OPA is enough, but others need help managing OPA the more they use it. That’s where Styra comes in.

Value: additional functionality

Styra started by building OPA, and the company continues investing heavily in the software and the community. But Styra offers a commercial product as well, called Styra Declarative Authorization Service (DAS), which manages OPA at scale. A company can have hundreds of instances of OPA running in a single app, and Styra DAS provides one place to manage all those OPA instances. By the time customers are interested in Styra DAS, most have already been using OPA.  The open-source approach also makes it easier to hire employees. “I often feel like they know us already,” Hinrichs says. Even if they don’t, Styra values education, one of the reasons it was named an Inc. Best Workplace Honoree. “To be successful at Styra, you need the mindset that your job is to educate the world. That same value is an internal one.”