惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Microsoft Azure Blog
Microsoft Azure Blog
Google Online Security Blog
Google Online Security Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Simon Willison's Weblog
Simon Willison's Weblog
T
Threat Research - Cisco Blogs
C
CXSECURITY Database RSS Feed - CXSecurity.com
L
Lohrmann on Cybersecurity
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Forbes - Security
Forbes - Security
P
Palo Alto Networks Blog
Schneier on Security
Schneier on Security
S
Schneier on Security
T
Tor Project blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
WordPress大学
WordPress大学
The Hacker News
The Hacker News
Hacker News - Newest:
Hacker News - Newest: "LLM"
罗磊的独立博客
Application and Cybersecurity Blog
Application and Cybersecurity Blog
F
Fortinet All Blogs
博客园 - 三生石上(FineUI控件)
小众软件
小众软件
C
Check Point Blog
Stack Overflow Blog
Stack Overflow Blog
Blog — PlanetScale
Blog — PlanetScale
雷峰网
雷峰网
S
Security @ Cisco Blogs
PCI Perspectives
PCI Perspectives
Spread Privacy
Spread Privacy
W
WeLiveSecurity
SecWiki News
SecWiki News
A
About on SuperTechFans
H
Help Net Security
博客园 - 司徒正美
Recent Commits to openclaw:main
Recent Commits to openclaw:main
爱范儿
爱范儿
S
Securelist
M
MIT News - Artificial intelligence
云风的 BLOG
云风的 BLOG
月光博客
月光博客
Jina AI
Jina AI
博客园 - 叶小钗
Vercel News
Vercel News
阮一峰的网络日志
阮一峰的网络日志
Recent Announcements
Recent Announcements
S
Secure Thoughts
The Cloudflare Blog
美团技术团队
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More

AWS Open Source Blog

Open Protocols with the Strands Agents SDK | Amazon Web Services Building secure AI agents at scale: Introducing Loom for AWS | Amazon Web Services Introducing MCP server for Registry of Open Data on AWS | Amazon Web Services Building a Stateful IT Service Desk Agent with LangGraph on Amazon EKS | Amazon Web Services Open Governance for MySQL: A Step Forward for the Community | Amazon Web Services Governing AI Assets at Scale with MCP Gateway and Registry | Amazon Web Services Introducing Trusted Remote Execution: Policy-Enforced Scripts for AI Agents and Humans | Amazon Web Services Decoupling Authorization at Scale: MongoDB Atlas and Cedar-Based Resource Policies | Amazon Web Services Deploying cloud-based engineering workbenches with the Virtual Engineering Workbench on AWS | Amazon Web Services OCSF Achieves ITU Support: Powering AI-Ready Security Operations | Amazon Web Services AWS and Others Invest $12.5M to Defend the Open Source Ecosystem from AI Threats | Amazon Web Services Introducing Strands Labs: Get hands-on today with state-of-the-art, experimental approaches to agentic development | Amazon Web Services Building intelligent physical AI: From edge to cloud with Strands Agents, Bedrock AgentCore, Claude 4.5, NVIDIA GR00T, and Hugging Face LeRobot | Amazon Web Services Shaping the future of MCP: AWS’s commitment and vision | Amazon Web Services Introducing Strands Agent SOPs – Natural Language Workflows for AI Agents | Amazon Web Services Announcing ml-container-creator for easy BYOC on SageMaker | Amazon Web Services The Swift AWS Lambda Runtime moves to AWSLabs | Amazon Web Services Jupyter Deploy: Create a JupyterLab application with real-time collaboration in the cloud in minutes | Amazon Web Services Introducing CLI Agent Orchestrator: Transforming Developer CLI Tools into a Multi-Agent Powerhouse | Amazon Web Services Strands Agents and the Model-Driven Approach | Amazon Web Services AWS joins the DocumentDB project to build interoperable, open source document database technology | Amazon Web Services Open Protocols for Agent Interoperability Part 4: Inter-Agent Communication on A2A | Amazon Web Services Powering AI-Driven Security with the Open Cybersecurity Schema Framework | Amazon Web Services Introducing Strands Agents 1.0: Production-Ready Multi-Agent Orchestration Made Simple | Amazon Web Services Open Protocols for Agent Interoperability Part 3: Strands Agents & MCP | Amazon Web Services Open Protocols for Agent Interoperability Part 2: Authentication on MCP | Amazon Web Services Introducing AWS CDK Community Meetings | Amazon Web Services Secure your Express application APIs in 5 minutes with Cedar | Amazon Web Services
Cedar Joins CNCF as a Sandbox Project | Amazon Web Services
2025-12-16 · via AWS Open Source Blog

AWS Open Source Blog

Cedar, an open source authorization policy language and SDK, has joined the Cloud Native Computing Foundation (CNCF) as a Sandbox project. CNCF provides a neutral home for early stage and developing open source projects. Cedar fulfills the need for a fast, safe, and analyzable authorization policy language in cloud-native environments by allowing developers to define, externalize, and manage access control logic separately from application code.

The Authorization Challenge, Why Cedar?

As cloud native technology matures and enterprise adoption increases, authorization has become increasingly complex. More people and machines are performing more actions in production environments, using powerful software to manipulate dynamically changing resources. To achieve the kind of fine grained authorization required by modern enterprise workflows, services have previously relied on hard-coded logic or custom ad-hoc authorization systems. But hard-coded or ad-hoc authorization systems no longer meet the requirements of modern cloud native deployments.

Cedar’s commitment to technical rigor sets it apart in the authorization space. The language specification has been formally verified using the Lean theorem prover, and its Rust implementation undergoes differential random testing against the formal specification. This mathematical approach provides practical benefits for secure, maintainable authorization systems.

What is Cedar?

Cedar is a purpose-built authorization policy language that enables developers to express fine-grained permissions as policies, effectively decoupling access control from application logic. Cedar’s unique approach combines:

  • Expressiveness: Support for common authorization models including Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and Relationship-Based Access Control (ReBAC)
  • Performance: Fast, scalable real-time evaluation with bounded latency
  • Analyzability: Built for automated reasoning, enabling policy optimization and verification
  • Safety: Formally verified using theorem provers (Lean) along with rigorous differential testing between the proven spec and the Rust code implementation

Customer Adoption

Cedar has demonstrated production-ready reliability across diverse environments. Current adopters and maintainers include Cloudflare, MongoDB, StrongDM, Cloudinary, and AWS services including Bedrock AgentCore Policy and AWS Systems Manager. The project is also gaining traction in the broader open source community, with integrations into Linux Foundation Janssen Project enterprise identity and access management infrastructure, along with Kubernetes landscape projects such as Kubernetes-Cedar-Authorizer (authored by Lucas Käldström).

As noted by Lucas Käldström (Emeritus @kubernetes SIG & WG co-chair and CNCF Ambassador), “What I appreciate the most about Cedar is the deep knowledge that is encoded into why it works the way it works… the careful balance between expressiveness and analyzability.”

Why CNCF?

AWS architected Cedar from the beginning with the vision of foundation stewardship. The move to CNCF addresses a need in the cloud native landscape by providing a neutral, foundation-backed alternative for authorization that complements existing CNCF projects. The foundation membership opens opportunities for expanded community participation for Cedar.

CNCF also provides Cedar with a vendor-neutral governance model, access to a broader contributor base, enhanced integration opportunities, and community-driven development input.

What’s Next?

The next step is to move Cedar from CNCF Sandbox status to Incubation and then Graduated, reflecting the maturity and production-readiness which Cedar has already demonstrated. For more on the CNCF lifecycle, see here. Cedar’s project governance is evolving, and you can expect to see more Cedar community meetings and presence at conferences, complementing the existing recurring Cedar maintainers meetings. Adoption of Cedar continues to grow, and we are excited to accelerate as part of CNCF.

Get Involved

Cedar’s acceptance into CNCF represents an invitation to the cloud native community to participate in shaping the future of authorization. The project welcomes contributions from developers implementing access control, security professionals interested in policy analysis, and platform engineers building self-service platforms.

Resources: