## Summary: The doctrine consumes messages from a NATS message service bus. The doctrine service then queries Open Policy Agent which returns control messages. The doctrine service sends these control messages on the service bus. ## Open Policy Agent: The use of OPA provides for extremely fast decision times, microservice architecture, and allows for cryptographic attestation of doctrine code and a fully auditable decision log. OPA provides a unified policy framework that can be used throughout the AEGIS system. Currently Platform One uses OPA for Kubernetes admission control. We use the same software to evaluate track (COT) messages against loaded doctrine. We chose to use OPA to allow us to abstract the doctrine code into small, easily auditable, and testable components. As part of the challenge, we are using the commercially supported version of OPA called Styra DAS. This allows us to easily load and unload doctrine into the system leveraging code signing and DevSecOps principles. ## Docterine Service The docterine service used the adapter pattern to convert NATS json messages into REST requests to be serviced by OPA. The docterine service orders the responses received from Open Policy Agent and sends the highest priority control message over the message bus. ## Message Bus