CEDAR

CEDAR is a language designed by AWS (Amazon Web Services) for authoring authorization policies. It is specifically created to define and manage fine-grained authorizations across complex systems in a precise, auditable, and scalable way.

Key Features of CEDAR:

1. Policy-Based Access Control: CEDAR allows users to write authorization policies that define who can access which resources and under what conditions. These policies can specify different conditions, roles, and relationships to determine access rights.

2. Fine-Grained Authorization: Unlike traditional Role-Based Access Control (RBAC), which is often too coarse for complex environments, CEDAR supports more detailed, attribute-based, and relationship-based access control. This flexibility allows it to model sophisticated access control scenarios.

3. Open Source: By releasing CEDAR under the Apache license, AWS makes the language available for use, extension, and integration across a variety of environments and platforms, not just within AWS. This fosters a broader adoption and development community around the language.

CEDAR's Place in the Access Control Landscape:

CEDAR competes other authorization policy languages like:

• XACML (eXtensible Access Control Markup Language)

• REGO (used in the Open Policy Agent)

• Zanzibar (Google’s authorization model)

Given its expressiveness and integration potential, CEDAR could play a significant role in bridging Identity and Access Management (IAM) solutions, which focus on controlling access in applications, and Identity Governance and Administration (IAG), which focuses on the administration, auditing, and governance of those access policies.