§15 · Lane 1 — Rules-as-Code / Law-as-Code
Cedar — Verifiable Authorization Language the policy-side artefact auditors can inspect
Cutler et al. (2024) · PACMPL 8, OOPSLA1
Bibliographic data
- Title
- Cutler et al. (2024) — Cedar: A New Language for Expressive, Fast, Safe, and Analyzable Authorization
- Authors / Issuing body
- Joseph W. Cutler, Craig Disselkoen, Aaron Eline, Shaobo He, Kyle Headley, Michael Hicks, Kesha Hietala, John Kastner, Anwar Mamat, Matthew McCutchen, Neha Rungta, Bhakti Shah, Emina Torlak, Andrew Wells. Amazon Web Services authorship.
- Venue / Publisher
- Proceedings of the ACM on Programming Languages 8, OOPSLA1 (April 2024), Article 119
- Year
- 2024
- Designation
- Academic
- Licence
- DOI — refer to publisher for full licence terms.
- Canonical link
- https://doi.org/10.1145/3649835
How to cite
Cutler et al. (2024). Cutler et al. (2024) — Cedar: A New Language for Expressive, Fast, Safe, and Analyzable Authorization. Proceedings of the ACM on Programming Languages 8, OOPSLA1 (April 2024), Article 119. https://doi.org/10.1145/3649835.
The reference paper for Amazon's Cedar policy language. Combines role-based and attribute-based access control with formal analysis so that authorisation policies can be verified statically before deployment.
Why it matters for NETEVO
Cedar anchors the engineered side of the Implicit Authority Cascade (IAC). Where the AI audit and accountability literature names agentic failure modes from the outside, Cedar specifies how the inside of an agentic system can be built so that those failure modes are prevented at policy-evaluation time rather than discovered after the fact.
A verifiable policy language, not ad-hoc code. Cedar is designed to be safe and analysable: policies can be statically checked against analyst questions of the form no policy grants delete to a user outside the owner group. That property is the warrant for expressing authorisation decisions in agentic systems in a verifiable policy language rather than scattering them through application code. The audit-side literature defines what auditors inspect; Cedar defines the policy-side artefact that they can inspect.
Pairing with APRA CPS 230. APRA's CPS 230 places operational risk controls at the front line; Cedar specifies what those controls can look like as machine-readable policy decisions evaluated at runtime. The pairing turns a regulator-readable architecture into an enforceable one.
Board-to-runtime accountability. Where ISO/IEC 38507 governs how a board delegates authority into AI systems, Cedar provides the engineered runtime form that delegation takes. Read together, the two close the accountability path from boardroom decision to runtime policy evaluation.