Episode 077: 01‐09‐2025 How Cedar Simplies Authz for Developers - GluuFederation/identerati-office-hours GitHub Wiki
Title: How Cedar Simplies Authz for Developers
- Host: Mike Schwartz, Founder/CEO Gluu
- Guest: Dinesh Rajasekharan, Director of Product Management at Amazon
Description
"Ergonomic syntax" was a core design requirement of the Cedar language. In plain English, that means Cedar should be intutitive for developers to express complex access rules... and hopefully fun! By mapping easily to the application model, Cedar entites and resources integrate seamlessly with modern applications. Join us as we unpack Cedar’s core features and discuss how it empowers developers to deliver robust, secure authorization solutions without getting lost in complicated policy logic.
Homework
- Linkedin Post: Cedar Learning Path
Takeaways
⚡ Cedar is being used internally at Amazon, which was a precondition for the launch of the Amazon Verified Permissions "AVP" service. Amazon has determined that Cedar has a lower long term cost to maintain and adapt to new requirements. Businesses need to enforce increasingly complex policies, sometimes with little notice in response to new regulations.
⚡ Rego is very flexible but it requires custom data modeling and rule creation, which some developers find complex. Cedar's ergonomic syntax makes it easier to read, which is helpful for developers and auditors.
⚡ Writing externalized policies is a new part of the SDLC (software development lifecycle). It's also important for governance--not only what are the policies, but why are they needed by the enterprise?
⚡ New green-field apps should use externalized policy management, like Cedar. But it's too risky to change the authorization model for older systems and infrastructure. Perhaps an opportunity exists to "instrument" older systems--to log policy decisions without changing the actual authorization logic in the application.