Continuous Authorization
Continuous authorization means every sensitive action is evaluated at runtime with current context — not granted once at login and assumed until session end.
Perimeter Zero Trust is not enough
Network Zero Trust gets you to the door. Authorization decides what happens inside: which API, row, bucket, or tool call is allowed right now.
What to log
Every decision should capture:
- Principal (human, service, AI agent)
- Action and resource
- Policy version
- Outcome (allow / deny) and rationale where available
EnforceAuth ingests OPA decision logs and surfaces them for investigation and audit export.
Compliance angle
Frameworks (SOC 2, HIPAA, GDPR) ask for evidence of access control. Immutable decision logs replace weeks of manual evidence collection.