Cedar Joins CNCF as a Sandbox Project
Briefly

Cedar Joins CNCF as a Sandbox Project
"Cedar, an open-source authorisation policy language and SDK, has officially joined the Cloud Native Computing Foundation (CNCF) as a Sandbox project. Originally architected by Amazon Web Services (AWS), the project aims to provide a vendor-neutral standard for defining and enforcing fine-grained permissions in modern applications. Managing access control in cloud-native environments has traditionally relied on hard-coded logic or general-purpose policy engines. Cedar solves this by allowing developers to express permissions as policies, effectively decoupling access control from application logic."
"The language supports common authorisation models, including Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and Relationship-Based Access Control (ReBAC). A distinguishing feature of Cedar is its focus on assurance and safety through formal verification. The language specification is formally verified using the Lean theorem prover, and its Rust implementation undergoes differential random testing against this formal specification. This mathematical rigour ensures that the policy engine behaves exactly as intended, a critical requirement for security-sensitive operations."
Cedar joined the Cloud Native Computing Foundation Sandbox as an open-source authorization policy language and SDK. Amazon Web Services originally architected Cedar to provide a vendor-neutral standard for defining and enforcing fine-grained permissions in modern applications. Developers can express permissions as policies, decoupling access control from application logic and enabling updates without redeploying code (policy-as-code). Cedar supports RBAC, ABAC, and ReBAC. The language specification is formally verified with the Lean theorem prover, and the Rust implementation undergoes differential random testing against that specification. Automated reasoning enables a policy validator and mathematical analysis to determine whether specific requests will be allowed or denied.
#cedar #authorization #policy-as-code #formal-verification #cncf-sandbox
Read at InfoQ
Unable to calculate read time
[
|
]