Cedar, an open-source authorization policy language developed by AWS, has joined the CNCF as a Sandbox project. It allows developers to manage permissions separately from application logic, supporting various authorization models with a focus on security through formal verification. Cedar is designed for high performance in application-level authorization, differentiating it from general-purpose tools like Open Policy Agent.

SpiceDB is an open-source authorization tool inspired by Google's Zanzibar system. It allows developers to define schemas and relationships for access control, answering questions like "can subject X perform action Y on resource Z?" SpiceDB supports various datastores and can be self-hosted or used as a managed service.