Cedar Go Implementation: Simplifying Security for Developers

We are pleased to announce that Amazon has accepted StrongDM's native Go implementation of Cedar into the Cedar Policy Organization's official GitHub repository. This allows Go developers to use Cedar, a security and authorization framework built to be fast, secure, and analyzable natively in their Go programs. 

What is Cedar?

Cedar, created by AWS, is an open-source policy language and evaluation engine that empowers developers to define fine-grained permissions through straightforward policies enforced within their applications. This approach separates access control from application logic, facilitating a more modular and maintainable approach to authorization. Cedar natively supports widely used authorization models, including role-based access control (RBAC) and attribute-based access control (ABAC). This ensures that policies are correctly enforced and thoroughly validated against a wide range of potential scenarios.

Why StrongDM Loves Cedar.

At StrongDM, our enthusiasm for Cedar stems from its exceptional blend of expressiveness, performance, safety, and analyzability. These qualities make it the ideal policy language for implementing robust, efficient, and understandable policy-based access control systems. 

The key factor in our decision to embrace Cedar was its performance in large, complex environments. The AWS team and other noted researchers recently published an in-depth research paper, Cedar: A New Language for Expressive, Fast, Safe, and Analyzable Authorization, which documents Cedar's performance advantages. Compared to OpenFGA and Rego, Cedar uniquely maintains its performance efficiency, even as the number of users and resources scales up—a critical consideration in today's growing digital environments. This observation resonated with our experiences last year when evaluating different policy languages; Cedar consistently demonstrated superior scaling characteristics as entity count (Users, Resources, etc) increased. This characteristic is crucial for developing scalable, secure applications that adapt to growing user bases without compromising efficiency.

Source: Cedar: A New Language for Expressive, Fast, Safe, and Analyzable Authorization (Extended Version); March 2024

Our choice to implement Cedar in Go was deliberate because it aligned with one of our core design principles: making everything easy to use. The language core to our technology, Go, was a choice we made long ago because it is a language that emphasizes readability above all else, making it an ideal language for developing clear and maintainable code. By bringing Cedar's capabilities into the Go ecosystem, we extend this principle of readability to security, allowing developers to integrate strong authorization features into their applications easily. 

Benefits of the Go Implementation

The combination of Cedar's policy language and Go's programming approach enables the creation of secure, high-performance applications that are both powerful and easy to understand. The Go implementation by StrongDM extends Cedar's reach, enabling Go developers to leverage its advanced features, including:

• Enhanced Security: Incorporating Cedar's cryptographic solutions and policy-based authorization into Go applications helps developers build more secure systems by default.
• High Performance: Cedar's performance-oriented design is now accessible to Go applications, ensuring security measures without a performance impact.
• Streamlined Authorization: By integrating policy-based authorization into their applications, developers can manage access controls more effectively, adapting to changing requirements with minimal effort.
• Simplified Access Management: Developers can more easily define, update, and enforce access policies, thanks to Cedar's flexible and powerful policy framework.
• Familiar Language Interface: A native Go implementation brings performance benefits, reliability, and readability for Go developers.

”Last year, we fell in love with everything the Amazon team built in Cedar. Our Go implementation allows us to take full advantage of everything the policy language offers in a way that integrates seamlessly with our product.

The Cedar team has been amazing to work with and has provided advice and support as we embarked on our journey with Cedar. As a demonstration of our commitment to both the Cedar and Go communities, we wanted to contribute our implementation to the Cedar project. We’re thrilled that AWS has accepted it into the official Cedar repo.”

- Justin McCarthy, CTO and co-founder of StrongDM

Our goal with contributing a Go implementation to Cedar is to empower developers with the tools they need to enforce robust security policies effortlessly. This is about enhancing the security and performance of applications with cutting-edge authorization.

Invitation to the Developer Community

This contribution marks a milestone in the ongoing development of the Cedar project and its adoption in the software development community. Developers and organizations are encouraged to explore the Go implementation, contribute to its development, and integrate Cedar's security features into their own projects.

The Go implementation is available on GitHub at https://github.com/cedar-policy/cedar-go, inviting collaboration, feedback, and further enhancement from the community.

StrongDM's contribution of a Go implementation to Cedar is a step toward the broader adoption of sophisticated security and authorization mechanisms in software development. By making policy-based authorization more accessible to Go developers, this initiative helps build more secure and efficient applications, fostering a safer digital environment for all. This first contribution is just a start, and we plan to further enrich and improve it over time.