Cedar, an open-source authorization policy language and SDK developed by Amazon Web Services, has joined the Cloud Native Computing Foundation (CNCF) as a Sandbox project. It aims to establish a vendor-neutral standard for managing fine-grained permissions in cloud-native applications. Unlike traditional methods that rely on hard-coded logic or general-purpose policy engines, Cedar allows developers to define permissions as policies. This separation means that updates to permissions can occur without redeploying application code, thereby facilitating a "policy-as-code" approach. Cedar supports various authorization models, including Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and Relationship-Based Access Control (ReBAC). A key feature is its emphasis on security, achieved through formal verification of the language specification using the Lean theorem prover. The Rust implementation undergoes differential random testing, ensuring that the policy engine performs as expected. This level of mathematical rigor is essential for security-sensitive applications, providing more assurance than traditional testing methods. The project has garnered interest from companies like Cloudflare, MongoDB, StrongDM, and Cloudinary, and it powers AWS services such as Amazon Verified Permissions. Cedar's focus on application-level authorization differentiates it from the Open Policy Agent (OPA), a more general-purpose tool. Cedar's integration with other open-source initiatives, such as the Linux Foundation’s Janssen Project, signifies its growing relevance. By joining the CNCF, Cedar is transitioning to a vendor-neutral governance model, encouraging broader contributions and deeper integration within the cloud-native ecosystem. The project aims to progress through CNCF's maturity stages, ultimately reaching Graduated status.