{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,12]],"date-time":"2026-06-12T10:09:01Z","timestamp":1781258941507,"version":"3.54.1"},"reference-count":55,"publisher":"Association for Computing Machinery (ACM)","issue":"OOPSLA1","license":[{"start":{"date-parts":[[2024,4,29]],"date-time":"2024-04-29T00:00:00Z","timestamp":1714348800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Program. Lang."],"published-print":{"date-parts":[[2024,4,29]]},"abstract":"<jats:p>Cedar is a new authorization policy language designed to be ergonomic, fast, safe, and analyzable. Rather than embed authorization logic in an application\u2019s code, developers can write that logic as Cedar policies and delegate access decisions to Cedar\u2019s evaluation engine. Cedar\u2019s simple and intuitive syntax supports common authorization use-cases with readable policies, naturally leveraging concepts from role-based, attribute-based, and relation-based access control models. Cedar\u2019s policy structure enables access requests to be decided quickly. Cedar\u2019s policy validator leverages optional typing to help policy writers avoid mistakes, but not get in their way. Cedar\u2019s design has been finely balanced to allow for a sound and complete logical encoding, which enables precise policy analysis, e.g., to ensure that when refactoring a set of policies, the authorized  \npermissions do not change. We have modeled Cedar in the Lean programming language, and used Lean\u2019s proof assistant to prove important properties of Cedar\u2019s design. We have implemented Cedar in Rust, and released it open-source. Comparing Cedar to two open-source languages, OpenFGA and Rego, we find (subjectively) that Cedar has equally or more readable policies, but (objectively) performs far better.<\/jats:p>","DOI":"10.1145\/3649835","type":"journal-article","created":{"date-parts":[[2024,4,29]],"date-time":"2024-04-29T17:53:50Z","timestamp":1714413230000},"page":"670-697","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":16,"title":["Cedar: A New Language for Expressive, Fast, Safe, and Analyzable Authorization"],"prefix":"10.1145","volume":"8","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9399-9308","authenticated-orcid":false,"given":"Joseph W.","family":"Cutler","sequence":"first","affiliation":[{"name":"University of Pennsylvania, Philadelphia, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4358-2963","authenticated-orcid":false,"given":"Craig","family":"Disselkoen","sequence":"additional","affiliation":[{"name":"Amazon Web Services, Arlington, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9105-4922","authenticated-orcid":false,"given":"Aaron","family":"Eline","sequence":"additional","affiliation":[{"name":"Amazon Web Services, Arlington, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9899-6226","authenticated-orcid":false,"given":"Shaobo","family":"He","sequence":"additional","affiliation":[{"name":"Amazon Web Services, Santa Clara, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4880-4150","authenticated-orcid":false,"given":"Kyle","family":"Headley","sequence":"additional","affiliation":[{"name":"Unaffiliated, Arlington, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2759-9223","authenticated-orcid":false,"given":"Michael","family":"Hicks","sequence":"additional","affiliation":[{"name":"Amazon Web Services, Arlington, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2724-0974","authenticated-orcid":false,"given":"Kesha","family":"Hietala","sequence":"additional","affiliation":[{"name":"Amazon Web Services, Arlington, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2749-797X","authenticated-orcid":false,"given":"Eleftherios","family":"Ioannidis","sequence":"additional","affiliation":[{"name":"University of Pennsylvania, Philadelphia, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1273-5990","authenticated-orcid":false,"given":"John","family":"Kastner","sequence":"additional","affiliation":[{"name":"Amazon Web Services, Arlington, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-1184-7206","authenticated-orcid":false,"given":"Anwar","family":"Mamat","sequence":"additional","affiliation":[{"name":"University of Maryland, College Park, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-4005-1817","authenticated-orcid":false,"given":"Darin","family":"McAdams","sequence":"additional","affiliation":[{"name":"Amazon Web Services, Seattle, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4814-5148","authenticated-orcid":false,"given":"Matt","family":"McCutchen","sequence":"additional","affiliation":[{"name":"Unaffiliated, Rockville, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5143-8940","authenticated-orcid":false,"given":"Neha","family":"Rungta","sequence":"additional","affiliation":[{"name":"Amazon Web Services, Seattle, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1155-2711","authenticated-orcid":false,"given":"Emina","family":"Torlak","sequence":"additional","affiliation":[{"name":"Amazon Web Services, Seattle, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7780-2122","authenticated-orcid":false,"given":"Andrew M.","family":"Wells","sequence":"additional","affiliation":[{"name":"Amazon Web Services, Santa Clara, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2024,4,29]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1007\/BFb0022243"},{"key":"e_1_2_1_2_1","unstructured":"authzed-spicedb 2024. spicedb. https:\/\/github.com\/authzed\/spicedb. Open Source Google Zanzibar-inspired permissions database to enable fine-grained access control for customer applications."},{"key":"e_1_2_1_3_1","unstructured":"aws-iam 2024. Access Management \u2013 AWS Identity and Access Management (IAM). https:\/\/aws.amazon.com\/iam\/."},{"key":"e_1_2_1_4_1","unstructured":"azure-policy 2024. Azure policy documentation. https:\/\/learn.microsoft.com\/en-us\/azure\/governance\/policy\/."},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","unstructured":"John Backes Pauline Bolignano Byron Cook Catherine Dodge Andrew Gacek Kasper Luckow Neha Rungta Oksana Tkachuk and Carsten Varming. 2018. Semantic-based Automated Reasoning for AWS Access Policies using SMT. In 2018 Formal Methods in Computer Aided Design (FMCAD). 10.23919\/FMCAD.2018.8602994","DOI":"10.23919\/FMCAD.2018.8602994"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-99524-9_24"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1998441.1998443"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","unstructured":"Matt Blaze Joan Feigenbaum and Martin Strauss. 1998. Compliance checking in the PolicyMaker trust management system. In Financial Cryptography. 10.1007\/BFb0055488","DOI":"10.1007\/BFb0055488"},{"key":"e_1_2_1_9_1","unstructured":"cargo-fuzz 2023. Rust Fuzz Book. https:\/\/rust-fuzz.github.io\/book\/cargo-fuzz.html."},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.3390\/s22082984"},{"key":"e_1_2_1_11_1","volume-title":"Checking unsatisfiability for OCL constraints. Electronic Communications of the EASST 24","author":"Clavel Manuel","year":"2010","unstructured":"Manuel Clavel, Marina Egea, and Miguel Angel Garc\u00eda de Dios. 2010. Checking unsatisfiability for OCL constraints. Electronic Communications of the EASST 24 (2010)."},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/292540.292564"},{"key":"e_1_2_1_13_1","volume-title":"Wells","author":"Cutler Joseph W.","year":"2024","unstructured":"Joseph W. Cutler, Craig Disselkoen, Aaron Eline, Shaobo He, Kyle Headley, Michael Hicks, Kesha Hietala, Eleftherios Ioannidis, John Kastner, Anwar Mamat, Darin McAdams, Matt McCutchen, Neha Rungta, Emina Torlak, and Andrew M. Wells. 2024. Cedar: A New Language for Expressive, Fast, Safe, and Analyzable Authorization (Extended version). arxiv:2403.04651 [cs.LO]"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-44569-2_2"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976767.2976774"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/502807.502810"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/INM.2001.918064"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/3597926.3598078"},{"key":"e_1_2_1_19_1","volume-title":"Proceedings of the 44th International Conference on Software Engineering. 1805\u20131817","author":"Eiers William","year":"2022","unstructured":"William Eiers, Ganesh Sankaran, Albert Li, Emily O\u2019Mahony, Benjamin Prince, and Tevfik Bultan. 2022. Quantifying permissiveness of access control policies. In Proceedings of the 44th International Conference on Software Engineering. 1805\u20131817."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3551349.3559530"},{"key":"e_1_2_1_21_1","volume-title":"Role-Based Access Control. In 15th National Computer Security Conference.","author":"Ferraiolo David F.","unstructured":"David F. Ferraiolo and D. Richard Kuhn. 1992. Role-Based Access Control. In 15th National Computer Security Conference."},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2005.1553562"},{"key":"e_1_2_1_23_1","unstructured":"gcp-iam 2024. Identity and Access Management | IAM | Google Cloud. https:\/\/cloud.google.com\/iam\/."},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1002\/1097-024X(200012)30:15%3C1609::AID-SPE334%3E3.0.CO;2-5"},{"key":"e_1_2_1_25_1","volume-title":"Null References: The Billion Dollar Mistake. Presentation at the QCon conference. https:\/\/www.infoq.com\/presentations\/Null-References-The-Billion-Dollar-Mistake-Tony-Hoare\/","author":"Hoare C.A.R.","year":"2009","unstructured":"C.A.R. Hoare. 2009. Null References: The Billion Dollar Mistake. Presentation at the QCon conference. https:\/\/www.infoq.com\/presentations\/Null-References-The-Billion-Dollar-Mistake-Tony-Hoare\/"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2015.33"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10009-008-0087-9"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2001.924291"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1066100.1066103"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45800-X_33"},{"key":"e_1_2_1_31_1","unstructured":"Neil Madden. 2022. Is Datalog a good language for authorization? https:\/\/neilmadden.blog\/2022\/02\/19\/is-datalog-a-good-language-for-authorization\/."},{"key":"e_1_2_1_32_1","first-page":"100","article-title":"Differential testing for software","volume":"10","author":"McKeeman William M","year":"1998","unstructured":"William M McKeeman. 1998. Differential testing for software. Digital Technical Journal 10, 1 (1998), 100\u2013107.","journal-title":"Digital Technical Journal"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-63046-5_10"},{"key":"e_1_2_1_34_1","doi-asserted-by":"crossref","unstructured":"MITRE. 2023. CWE Top 25 Most Dangerous Software Weaknesses. https:\/\/cwe.mitre.org\/top25\/archive\/2023\/2023_top25_list.html.","DOI":"10.1001\/jama.2023.9319"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-79876-5_37"},{"key":"e_1_2_1_36_1","unstructured":"OPA 2023. Policy-based control for cloud native environments. https:\/\/www.openpolicyagent.org\/."},{"key":"e_1_2_1_37_1","unstructured":"OPA-linear 2023. Open Policy Agent documentation: Linear fragment. https:\/\/www.openpolicyagent.org\/docs\/latest\/policy-performance\/linear-fragment."},{"key":"e_1_2_1_38_1","unstructured":"OpenFGA 2023. OpenFGA GitHub sample store. https:\/\/github.com\/openfga\/sample-stores\/tree\/main\/stores\/github."},{"key":"e_1_2_1_39_1","unstructured":"OpenFGA 2023. OpenFGA Google Drive sample store. https:\/\/github.com\/openfga\/sample-stores\/tree\/main\/stores\/gdrive."},{"key":"e_1_2_1_40_1","unstructured":"OpenFGA 2023. OpenFGA: Relationship-based access control made fast scalable and easy to use. https:\/\/openfga.dev\/."},{"key":"e_1_2_1_41_1","unstructured":"ory-keto 2024. keto. https:\/\/github.com\/ory\/keto. Open Source (Go) implementation of \"Zanzibar: Google\u2019s Consistent Global Authorization System\"."},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/1982595.1982615"},{"key":"e_1_2_1_43_1","volume-title":"Global Authorization System. In 2019 USENIX Annual Technical Conference (USENIX ATC).","author":"Pang Ruoming","year":"2019","unstructured":"Ruoming Pang, Ramon Caceres, Mike Burrows, Zhifeng Chen, Pratik Dave, Nathan Germer, Alexander Golynski, Kevin Graney, Nina Kang, Lea Kissner, Jeffrey L. Korn, Abhishek Parmar, Christina D. Richards, and Mengzhi Wang. 2019. Zanzibar: Google\u2019s Consistent, Global Authorization System. In 2019 USENIX Annual Technical Conference (USENIX ATC)."},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3498709"},{"key":"e_1_2_1_45_1","unstructured":"Quacky 2022. Quacky. https:\/\/github.com\/vlab-cs-ucsb\/quacky\/tree\/master\/samples."},{"key":"e_1_2_1_46_1","volume-title":"Schema","author":"Language Rego Policy","year":"2023","unstructured":"Rego Policy Language: Schema 2023. Policy Language: Schema. https:\/\/www.openpolicyagent.org\/docs\/latest\/policy-language\/#schema."},{"key":"e_1_2_1_47_1","unstructured":"Torin Sandall. 2017. Optimizing OPA: Rule indexing. https:\/\/blog.openpolicyagent.org\/optimizing-opa-rule-indexing-59f03f17caf3."},{"key":"e_1_2_1_48_1","unstructured":"Torin Sandall. 2020. [OPA issue] Implement loop-invariant code motion optimization. https:\/\/github.com\/open-policy-agent\/opa\/issues\/2094."},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1016\/0743-1066(93)90040-N"},{"key":"e_1_2_1_50_1","unstructured":"OASIS Standard. 2013. Extensible Access Control Markup Language (XACML) version 3.0. http:\/\/docs.oasis-open.org\/xacml\/3.0\/xacml-3.0-core-spec-os-en.html."},{"key":"e_1_2_1_51_1","unstructured":"OMG Standard. 2014. Object Constraint Language (OCL) version 2.4. http:\/\/www.omg.org\/spec\/OCL\/2.4."},{"key":"e_1_2_1_52_1","unstructured":"OASIS Standard. 2024. ALFA - the Abbreviated Language for Authorization. https:\/\/alfa.guide\/."},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/1836089.1836094"},{"key":"e_1_2_1_54_1","unstructured":"Or Weis. 2022. What is Policy as Code? https:\/\/www.permit.io\/blog\/what-is-policy-as-code."},{"key":"e_1_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/1993498.1993532"}],"container-title":["Proceedings of the ACM on Programming Languages"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3649835","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3649835","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T22:54:06Z","timestamp":1750287246000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3649835"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,4,29]]},"references-count":55,"journal-issue":{"issue":"OOPSLA1","published-print":{"date-parts":[[2024,4,29]]}},"alternative-id":["10.1145\/3649835"],"URL":"https:\/\/doi.org\/10.1145\/3649835","relation":{},"ISSN":["2475-1421"],"issn-type":[{"value":"2475-1421","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,4,29]]},"assertion":[{"value":"2024-04-29","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}