www.gluu.org

#GluuFederation

Intro to the Cedarling

www.gluu.org

#GluuFederation

Also see Cedar team blogs Why Cedar and How we built Cedar

From Emina Torlak AWS re:Invent 2022 presentation

• Ergonomic syntax
• Fast and Safe
• Powerful static analysis tools

​

RBAC

Rego

www.gluu.org

#GluuFederation

RBAC (fast) + ABAC (slow)

From Emina Torlak AWS re:Invent 2022 presentation

www.gluu.org

#GluuFederation

Safe

Graph

Rego

Cedar

RBAC

Edge

Ergonomic�Syntax

Expressive

Cedar versus…

www.gluu.org

#GluuFederation

Cedarling Anatomy

www.gluu.org

#GluuFederation

Browser / Mobile / Cloud

www.gluu.org

#GluuFederation

Why use Cedarling to validate JWTs?

www.gluu.org

#GluuFederation

Enterprise

Application

Security

DevOps

End

User

Architect

www.gluu.org

#GluuFederation

Developers want

1. Build better security UX

​

• Basic understanding of JWTs is enough�
• Free software for their chosen language / platform

www.gluu.org

#GluuFederation

Auditors needs

• Catalog / govern all policies

​

• Gather evidence of policy decisions�
• Tools for forensic analysis

www.gluu.org

#GluuFederation

Cloud Engineers want…

• Cloud native deployment�
• Centralized logging�
• Automated key management�
• Bandwidth efficiency

DevOps

www.gluu.org

#GluuFederation

Architects want…

• Externalized policies�
• Open standards�
• Flexibility to write policies for any applications�
• Real time response capability

Architect

www.gluu.org

#GluuFederation

End Users want

• Great UX�
• Confidence they’re not getting scammed (safety)

End

User

www.gluu.org

#GluuFederation

Digital Chain of Custody

• Person with unique passkey
• Cryptographically unique workload identities
• Trusted delivery of Policy Store to a specific Cedarling instance
• Audit log of all policies Allowed or Denied by all Cedarlings

www.gluu.org

#GluuFederation