Episode 146 - GluuFederation/identerati-office-hours GitHub Wiki

Title: Top 5 Reasons To Use Cedar

Channels

Description

Join us to count down the Top 5 reasons to use Cedar—Amazon’s powerful policy language for modern authorization. We’ll explore how Cedar enables fine-grained authorization for a range of access control models. Whether you’re a developer, security engineer, or identity architect, you’ll leave with practical insights on which situations Cedar excels.

Homework

Takeaways

Why adopt Cedar? Emina Torlak from Amazon Web Services (AWS) and former Google Cloud IAM product manager Rohit Khare joined Identerati Office Hours Episode 146 to add some background for those who want to know a little bit more about this critical authz invention.

  • ⚡ Cedar's safety and analyzability are related, but a little different. If policies are not analyzable, it might be hard to know if they are safe. But analysis enables declarative security, which is important by itself.

  • ⚡ Analyzability and expressiveness are complimentary--the more you have of one, the less of the other. The design of Cedar strives to maximize expressability while still allowing analysis.

  • ⚡ The top five Cedar features we wanted to emphasize were: Analyzablity, Ergonomic Syntax, Expressiveness, Safety, Performance. While we didn't get to discuss all these in our livestream, I realized one feature that was really critical for the Cedarling was "portablity"--the abilty to run a Cedar engine in the browser, cloud, or even a database.

  • ⚡ Automated reasoning is an effective strategy to protect against the policies generated by AI, which is a very productive way to kickstart the generation of Cedar policies. Trust but validate!

Livestream Audio Archive

here