diff --git a/oslo_policy/opts.py b/oslo_policy/opts.py
new file mode 100644
index 00000000..8191449e
--- /dev/null
+++ b/oslo_policy/opts.py
@@ -0,0 +1,36 @@
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+__all__ = [
+    'list_opts'
+]
+
+import copy
+
+from oslo_policy import policy
+
+
+def list_opts():
+    """Return a list of oslo.config options available in the library.
+    The returned list includes all oslo.config options which may be registered
+    at runtime by the library.
+    Each element of the list is a tuple. The first element is the name of the
+    group under which the list of elements in the second element will be
+    registered. A group name of None corresponds to the [DEFAULT] group in
+    config files.
+    This function is also discoverable via the 'oslo_messaging' entry point
+    under the 'oslo.config.opts' namespace.
+    The purpose of this is to allow tools like the Oslo sample config file
+    generator to discover the options exposed to users by this library.
+    :returns: a list of (group_name, opts) tuples
+    """
+    return [('oslo_policy', copy.deepcopy(policy._opts))]
diff --git a/oslo_policy/policy.py b/oslo_policy/policy.py
index 1fecfe7d..7557d21f 100644
--- a/oslo_policy/policy.py
+++ b/oslo_policy/policy.py
@@ -219,14 +219,16 @@ from oslo_policy._i18n import _, _LE, _LI
 from oslo_policy.openstack.common import fileutils
 
 
-policy_opts = [
+_opts = [
     cfg.StrOpt('policy_file',
                default='policy.json',
-               help=_('The JSON file that defines policies.')),
+               help=_('The JSON file that defines policies.'),
+               deprecated_group='DEFAULT'),
     cfg.StrOpt('policy_default_rule',
                default='default',
                help=_('Default rule. Enforced when a requested rule is not '
-                      'found.')),
+                      'found.'),
+               deprecated_group='DEFAULT'),
     cfg.MultiStrOpt('policy_dirs',
                     default=['policy.d'],
                     help=_('Directories where policy configuration files are '
@@ -234,7 +236,8 @@ policy_opts = [
                            'in the search path defined by the config_dir '
                            'option, or absolute paths. The file defined by '
                            'policy_file must exist for these directories to '
-                           'be searched.')),
+                           'be searched.'),
+                    deprecated_group='DEFAULT'),
 ]
 
 
@@ -243,11 +246,6 @@ LOG = logging.getLogger(__name__)
 _checks = {}
 
 
-def list_opts():
-    """Entry point for oslo-config-generator."""
-    return [(None, copy.deepcopy(policy_opts))]
-
-
 class PolicyNotAuthorized(Exception):
     """Default exception raised for policy enforcement failure."""
 
@@ -334,14 +332,15 @@ class Enforcer(object):
     def __init__(self, conf, policy_file=None, rules=None,
                  default_rule=None, use_conf=True, overwrite=True):
         self.conf = conf
-        self.conf.register_opts(policy_opts)
+        self.conf.register_opts(_opts, group='oslo_policy')
 
-        self.default_rule = default_rule or self.conf.policy_default_rule
+        self.default_rule = (default_rule or
+                             self.conf.oslo_policy.policy_default_rule)
         self.rules = Rules(rules, self.default_rule)
 
         self.policy_path = None
 
-        self.policy_file = policy_file or self.conf.policy_file
+        self.policy_file = policy_file or self.conf.oslo_policy.policy_file
         self.use_conf = use_conf
         self.overwrite = overwrite
 
@@ -387,7 +386,7 @@ class Enforcer(object):
 
             self._load_policy_file(self.policy_path, force_reload,
                                    overwrite=self.overwrite)
-            for path in self.conf.policy_dirs:
+            for path in self.conf.oslo_policy.policy_dirs:
                 try:
                     path = self._get_policy_path(path)
                 except cfg.ConfigFilesNotFoundError:
diff --git a/oslo_policy/tests/test_policy.py b/oslo_policy/tests/test_policy.py
index 16b553e3..054f8744 100644
--- a/oslo_policy/tests/test_policy.py
+++ b/oslo_policy/tests/test_policy.py
@@ -130,7 +130,7 @@ class PolicyBaseTestCase(test_base.BaseTestCase):
 class EnforcerTest(PolicyBaseTestCase):
 
     def test_load_file(self):
-        self.CONF.set_override('policy_dirs', [])
+        self.CONF.set_override('policy_dirs', [], group='oslo_policy')
         self.enforcer.load_rules(True)
         self.assertIsNotNone(self.enforcer.rules)
         self.assertIn('default', self.enforcer.rules)
@@ -145,7 +145,8 @@ class EnforcerTest(PolicyBaseTestCase):
 
     def test_load_multiple_directories(self):
         self.CONF.set_override('policy_dirs',
-                               ['policy.d', 'policy.2.d'])
+                               ['policy.d', 'policy.2.d'],
+                               group='oslo_policy')
         self.enforcer.load_rules(True)
         self.assertIsNotNone(self.enforcer.rules)
         loaded_rules = jsonutils.loads(str(self.enforcer.rules))
@@ -154,7 +155,8 @@ class EnforcerTest(PolicyBaseTestCase):
 
     def test_load_non_existed_directory(self):
         self.CONF.set_override('policy_dirs',
-                               ['policy.d', 'policy.x.d'])
+                               ['policy.d', 'policy.x.d'],
+                               group='oslo_policy')
         self.enforcer.load_rules(True)
         self.assertIsNotNone(self.enforcer.rules)
         self.assertIn('default', self.enforcer.rules)
@@ -314,7 +316,8 @@ class EnforcerTest(PolicyBaseTestCase):
 
     def test_enforcer_with_default_policy_file(self):
         enforcer = policy.Enforcer(cfg.CONF)
-        self.assertEqual(cfg.CONF.policy_file, enforcer.policy_file)
+        self.assertEqual(cfg.CONF.oslo_policy.policy_file,
+                         enforcer.policy_file)
 
     def test_enforcer_with_policy_file(self):
         enforcer = policy.Enforcer(cfg.CONF, policy_file='non-default.json')
@@ -335,7 +338,8 @@ class EnforcerTest(PolicyBaseTestCase):
     def test_enforcer_default_rule_name(self):
         enforcer = policy.Enforcer(cfg.CONF, default_rule='foo_rule')
         self.assertEqual('foo_rule', enforcer.rules.default_rule)
-        self.CONF.set_override('policy_default_rule', 'bar_rule')
+        self.CONF.set_override('policy_default_rule', 'bar_rule',
+                               group='oslo_policy')
         enforcer = policy.Enforcer(cfg.CONF, default_rule='foo_rule')
         self.assertEqual('foo_rule', enforcer.rules.default_rule)
         enforcer = policy.Enforcer(cfg.CONF, )
@@ -363,7 +367,9 @@ class CheckFunctionTestCase(PolicyBaseTestCase):
         self.assertEqual(result, ("target", "creds", self.enforcer))
 
     def test_check_no_rules(self):
-        cfg.CONF.set_override('policy_file', 'empty.json')
+        self.CONF.set_override('policy_file', 'empty.json',
+                               group='oslo_policy')
+        self.enforcer.conf = self.CONF
         self.enforcer.default_rule = None
         self.enforcer.load_rules()
         result = self.enforcer.enforce('rule', "target", "creds")
diff --git a/setup.cfg b/setup.cfg
index e9738349..b4614c0b 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -27,6 +27,10 @@ packages =
 [pbr]
 warnerrors = true
 
+[entry_points]
+oslo.config.opts =
+    oslo.policy = oslo_policy.opts:list_opts
+
 [build_sphinx]
 source-dir = doc/source
 build-dir = doc/build