Static roles and hardcoded permissions don’t meet the needs of modern education systems. This session explores how authorization engines enable dynamic, policy-based access control—improving security, flexibility, and scalability across diverse user contexts.
Access control in educational environments is more complex than ever—students, faculty, staff, and systems all interact with sensitive resources under shifting contexts and roles. Traditional models based on static roles and baked-in permissions struggle to keep up. This presentation makes the case for using an authorization engine—a dynamic, policy-based system that externalizes access decisions from your application logic. We’ll focus on Cedar, an open-source language and engine developed by AWS, designed to express fine-grained, context-aware authorization policies. Yes, your LMS comes with its own access controls—but what about the rest of your ecosystem? Authorization engines excel at unifying access policies across diverse systems, APIs, and services, ensuring consistent, auditable, and adaptable permissions. Through real-world examples and live policy demonstrations, we’ll explore how policy-based access control helps IT systems become more secure, scalable, and future-ready.
Phil Windley is a Senior Software Development Manager at AWS Identity. He is also the co-founder and organizer of the Internet Identity Workshop. He was previously an Enterprise Architect and Principal Engineer in the Office of Information Technology at Brigham Young University (BYU). He was the Founding Chair of the Sovrin Foundation serving from 2016 to 2020, writes the popular Technometria blog, and is the author of the... Read More →
Thursday June 12, 2025 8:30am - 9:30am MDT Room 1303
