diff --git a/cedar-language-server/src/policy/completion/provider/scope.rs b/cedar-language-server/src/policy/completion/provider/scope.rs
index 3b576b54f4..a3c7e7433a 100644
--- a/cedar-language-server/src/policy/completion/provider/scope.rs
+++ b/cedar-language-server/src/policy/completion/provider/scope.rs
@@ -93,7 +93,7 @@ fn handle_principal_scope(policy: &Template, info: &ScopeVariableInfo) -> Comple
         PrincipalOrResourceConstraint::Eq(entity_reference) => create_binary_op_context(
             Op::eq(),
             principal_var,
-            entity_reference.into_expr(SlotId::principal()).into(),
+            entity_reference.into_expr(SlotId::resource()).into(),
         ),
 
         PrincipalOrResourceConstraint::Is(..) => create_is_context(principal_var),
diff --git a/cedar-language-server/src/schema/fold.rs b/cedar-language-server/src/schema/fold.rs
index 403963b400..fbdf73f5cc 100644
--- a/cedar-language-server/src/schema/fold.rs
+++ b/cedar-language-server/src/schema/fold.rs
@@ -79,15 +79,15 @@ pub(crate) fn fold_schema(schema_info: &SchemaInfo) -> Option<Vec<FoldingRange>>
         .entity_types()
         .filter_map(|et| et.loc.as_loc_ref());
     let action_locs = validator.action_ids().filter_map(|a| a.loc());
-    let common_types = validator
-        .common_types()
+    let common_types_extended = validator
+        .common_types_extended()
         .filter_map(|ct| ct.type_loc.as_loc_ref());
 
     // Combine all locations and create folding ranges
     let ranges = namespace_locs
         .chain(entity_type_locs)
         .chain(action_locs)
-        .chain(common_types)
+        .chain(common_types_extended)
         .unique()
         .map(|loc| {
             let src_range = loc.to_range();
diff --git a/cedar-language-server/src/schema/symbols.rs b/cedar-language-server/src/schema/symbols.rs
index 8271462b3b..001129e762 100644
--- a/cedar-language-server/src/schema/symbols.rs
+++ b/cedar-language-server/src/schema/symbols.rs
@@ -124,8 +124,8 @@ pub(crate) fn schema_symbols(schema_info: &SchemaInfo) -> Option<Vec<DocumentSym
         .collect();
 
     // Create common type symbols
-    let common_type_symbols: Vec<DocumentSymbol> = validator
-        .common_types()
+    let common_type_extended_symbols: Vec<DocumentSymbol> = validator
+        .common_types_extended()
         .filter_map(|ct| {
             ct.name_loc
                 .as_ref()
@@ -144,7 +144,7 @@ pub(crate) fn schema_symbols(schema_info: &SchemaInfo) -> Option<Vec<DocumentSym
     let mut all_other_symbols = Vec::new();
     all_other_symbols.extend(entity_type_symbols);
     all_other_symbols.extend(action_symbols);
-    all_other_symbols.extend(common_type_symbols);
+    all_other_symbols.extend(common_type_extended_symbols);
 
     // Assign symbols to namespaces based on range intersection
     let mut remaining_symbols = Vec::new();
diff --git a/cedar-policy-core/src/ast.rs b/cedar-policy-core/src/ast.rs
index e8367a647d..020c32f31b 100644
--- a/cedar-policy-core/src/ast.rs
+++ b/cedar-policy-core/src/ast.rs
@@ -54,5 +54,7 @@ mod expr_iterator;
 pub use expr_iterator::*;
 mod annotation;
 pub use annotation::*;
+mod generalized_slots_annotation;
+pub use generalized_slots_annotation::*;
 mod expr_visitor;
 pub use expr_visitor::*;
diff --git a/cedar-policy-core/src/ast/expr.rs b/cedar-policy-core/src/ast/expr.rs
index ee3c567ed8..c9955bee21 100644
--- a/cedar-policy-core/src/ast/expr.rs
+++ b/cedar-policy-core/src/ast/expr.rs
@@ -293,13 +293,27 @@ impl<T> Expr<T> {
         self.subexpressions()
             .filter_map(|exp| match &exp.expr_kind {
                 ExprKind::Slot(slotid) => Some(Slot {
-                    id: *slotid,
+                    id: slotid.clone(),
                     loc: exp.source_loc().into_maybe_loc(),
                 }),
                 _ => None,
             })
     }
 
+    /// Iterate over all of the principal or resource slots in this policy AST
+    pub fn principal_or_resource_slots(&self) -> impl Iterator<Item = Slot> + '_ {
+        self.subexpressions()
+            .filter_map(|exp| match &exp.expr_kind {
+                ExprKind::Slot(slotid) if slotid.is_principal() || slotid.is_resource() => {
+                    Some(Slot {
+                        id: slotid.clone(),
+                        loc: exp.source_loc().into_maybe_loc(),
+                    })
+                }
+                _ => None,
+            })
+    }
+
     /// Determine if the expression is projectable under partial evaluation
     /// An expression is projectable if it's guaranteed to never error on evaluation
     /// This is true if the expression is entirely composed of values or unknowns
@@ -1842,7 +1856,7 @@ mod test {
         let e = Expr::slot(SlotId::principal());
         let p = SlotId::principal();
         let r = SlotId::resource();
-        let set: HashSet<SlotId> = HashSet::from_iter([p]);
+        let set: HashSet<SlotId> = HashSet::from_iter([p.clone()]);
         assert_eq!(set, e.slots().map(|slot| slot.id).collect::<HashSet<_>>());
         let e = Expr::or(
             Expr::slot(SlotId::principal()),
diff --git a/cedar-policy-core/src/ast/expr_visitor.rs b/cedar-policy-core/src/ast/expr_visitor.rs
index ee6acd3f26..c5adb9b353 100644
--- a/cedar-policy-core/src/ast/expr_visitor.rs
+++ b/cedar-policy-core/src/ast/expr_visitor.rs
@@ -55,7 +55,7 @@ pub trait ExprVisitor {
         match expr.expr_kind() {
             ExprKind::Lit(lit) => self.visit_literal(lit, loc),
             ExprKind::Var(var) => self.visit_var(*var, loc),
-            ExprKind::Slot(slot) => self.visit_slot(*slot, loc),
+            ExprKind::Slot(slot) => self.visit_slot(slot.clone(), loc),
             ExprKind::Unknown(unknown) => self.visit_unknown(unknown, loc),
             ExprKind::If {
                 test_expr,
diff --git a/cedar-policy-core/src/ast/generalized_slots_annotation.rs b/cedar-policy-core/src/ast/generalized_slots_annotation.rs
new file mode 100644
index 0000000000..08cd85140a
--- /dev/null
+++ b/cedar-policy-core/src/ast/generalized_slots_annotation.rs
@@ -0,0 +1,119 @@
+/*
+ * Copyright Cedar Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+use std::collections::BTreeMap;
+
+use crate::ast::SlotId;
+use crate::extensions::Extensions;
+use crate::validator::{
+    json_schema::Type as JSONSchemaType, types::Type as ValidatorType, RawName, SchemaError,
+    ValidatorSchema,
+};
+use serde::{Deserialize, Serialize};
+use serde_with::serde_as;
+
+/// Struct which holds the type & position of a generalized slot
+#[derive(Clone, Eq, PartialEq, PartialOrd, Ord, Debug, Hash, Serialize, Deserialize)]
+#[serde_as]
+pub struct GeneralizedSlotsAnnotation(BTreeMap<SlotId, JSONSchemaType<RawName>>);
+
+impl GeneralizedSlotsAnnotation {
+    /// Create a new empty `GeneralizedSlotsAnnotation` (with no slots)
+    pub fn new() -> Self {
+        Self(BTreeMap::new())
+    }
+
+    /// Get the type of the slot by key
+    pub fn get(&self, key: &SlotId) -> Option<&JSONSchemaType<RawName>> {
+        self.0.get(key)
+    }
+
+    /// Iterate over all pairs of slots and their types
+    pub fn iter(&self) -> impl Iterator<Item = (&SlotId, &JSONSchemaType<RawName>)> {
+        self.0.iter()
+    }
+
+    /// Tell if it's empty
+    pub fn is_empty(&self) -> bool {
+        self.0.is_empty()
+    }
+
+    pub(crate) fn into_validator_generalized_slots_annotation(
+        self,
+        schema: &ValidatorSchema,
+    ) -> Result<ValidatorGeneralizedSlotsAnnotation, SchemaError> {
+        let validator_generalized_slots_annotation: Result<BTreeMap<_, _>, SchemaError> = self
+            .0
+            .into_iter()
+            .map(|(k, ty)| -> Result<_, SchemaError> {
+                Ok((
+                    k,
+                    schema.json_schema_type_to_validator_type(ty, Extensions::all_available())?,
+                ))
+            })
+            .collect();
+        Ok(validator_generalized_slots_annotation?.into())
+    }
+}
+
+impl Default for GeneralizedSlotsAnnotation {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
+impl FromIterator<(SlotId, JSONSchemaType<RawName>)> for GeneralizedSlotsAnnotation {
+    fn from_iter<T: IntoIterator<Item = (SlotId, JSONSchemaType<RawName>)>>(iter: T) -> Self {
+        Self(BTreeMap::from_iter(iter))
+    }
+}
+
+impl From<BTreeMap<SlotId, JSONSchemaType<RawName>>> for GeneralizedSlotsAnnotation {
+    fn from(value: BTreeMap<SlotId, JSONSchemaType<RawName>>) -> Self {
+        Self(value)
+    }
+}
+
+#[derive(Clone, Eq, PartialEq, PartialOrd, Ord, Debug, Hash)]
+pub(crate) struct ValidatorGeneralizedSlotsAnnotation(BTreeMap<SlotId, ValidatorType>);
+
+impl FromIterator<(SlotId, ValidatorType)> for ValidatorGeneralizedSlotsAnnotation {
+    fn from_iter<T: IntoIterator<Item = (SlotId, ValidatorType)>>(iter: T) -> Self {
+        Self(BTreeMap::from_iter(iter))
+    }
+}
+
+impl From<BTreeMap<SlotId, ValidatorType>> for ValidatorGeneralizedSlotsAnnotation {
+    fn from(value: BTreeMap<SlotId, ValidatorType>) -> Self {
+        Self(value)
+    }
+}
+
+impl Default for ValidatorGeneralizedSlotsAnnotation {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
+impl ValidatorGeneralizedSlotsAnnotation {
+    pub(crate) fn new() -> Self {
+        Self(BTreeMap::new())
+    }
+
+    pub(crate) fn get(&self, slot: &SlotId) -> Option<&ValidatorType> {
+        self.0.get(slot)
+    }
+}
diff --git a/cedar-policy-core/src/ast/name.rs b/cedar-policy-core/src/ast/name.rs
index 20f2ae7cf0..e65b28c638 100644
--- a/cedar-policy-core/src/ast/name.rs
+++ b/cedar-policy-core/src/ast/name.rs
@@ -21,6 +21,7 @@ use miette::Diagnostic;
 use ref_cast::RefCast;
 use regex::Regex;
 use serde::{Deserialize, Deserializer, Serialize, Serializer};
+use serde_with::{serde_as, DisplayFromStr};
 use smol_str::ToSmolStr;
 use std::collections::HashSet;
 use std::fmt::Display;
@@ -283,9 +284,10 @@ impl<'de> Deserialize<'de> for InternalName {
 /// Clone is O(1).
 // This simply wraps a separate enum -- currently [`ValidSlotId`] -- in case we
 // want to generalize later
-#[derive(Debug, Clone, Copy, Eq, PartialEq, PartialOrd, Ord, Hash, Serialize, Deserialize)]
+#[serde_as]
+#[derive(Debug, Clone, Eq, PartialEq, PartialOrd, Ord, Hash, Serialize, Deserialize)]
 #[serde(transparent)]
-pub struct SlotId(pub(crate) ValidSlotId);
+pub struct SlotId(#[serde_as(as = "DisplayFromStr")] pub(crate) ValidSlotId);
 
 impl SlotId {
     /// Get the slot for `principal`
@@ -298,6 +300,11 @@ impl SlotId {
         Self(ValidSlotId::Resource)
     }
 
+    /// Create a `generalized slot`
+    pub fn generalized_slot(id: Id) -> Self {
+        Self(ValidSlotId::GeneralizedSlot(id))
+    }
+
     /// Check if a slot represents a principal
     pub fn is_principal(&self) -> bool {
         matches!(self, Self(ValidSlotId::Principal))
@@ -307,6 +314,11 @@ impl SlotId {
     pub fn is_resource(&self) -> bool {
         matches!(self, Self(ValidSlotId::Resource))
     }
+
+    /// Check if a slot represents a generalized slot
+    pub fn is_generalized_slot(&self) -> bool {
+        matches!(self, Self(ValidSlotId::GeneralizedSlot(_)))
+    }
 }
 
 impl From<PrincipalOrResource> for SlotId {
@@ -318,19 +330,26 @@ impl From<PrincipalOrResource> for SlotId {
     }
 }
 
+impl FromStr for SlotId {
+    type Err = ParseErrors;
+
+    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        crate::parser::parse_slot(s).map(SlotId)
+    }
+}
+
 impl std::fmt::Display for SlotId {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         write!(f, "{}", self.0)
     }
 }
 
-/// Two possible variants for Slots
-#[derive(Debug, Clone, Copy, Eq, PartialEq, PartialOrd, Ord, Hash, Serialize, Deserialize)]
+/// Three possible variants for Slots
+#[derive(Debug, Clone, Eq, PartialEq, PartialOrd, Ord, Hash, Serialize, Deserialize)]
 pub(crate) enum ValidSlotId {
-    #[serde(rename = "?principal")]
     Principal,
-    #[serde(rename = "?resource")]
     Resource,
+    GeneralizedSlot(Id), // Slots for generalized templates, for more info see [RFC 98](https://github.com/cedar-policy/rfcs/pull/98).
 }
 
 impl std::fmt::Display for ValidSlotId {
@@ -338,11 +357,20 @@ impl std::fmt::Display for ValidSlotId {
         let s = match self {
             ValidSlotId::Principal => "principal",
             ValidSlotId::Resource => "resource",
+            ValidSlotId::GeneralizedSlot(id) => id.as_ref(),
         };
         write!(f, "?{s}")
     }
 }
 
+impl FromStr for ValidSlotId {
+    type Err = ParseErrors;
+
+    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        crate::parser::parse_slot(s)
+    }
+}
+
 /// [`SlotId`] plus a source location
 #[derive(Educe, Debug, Clone)]
 #[educe(PartialEq, Eq, Hash)]
diff --git a/cedar-policy-core/src/ast/policy.rs b/cedar-policy-core/src/ast/policy.rs
index cce906c09b..300d0e0d58 100644
--- a/cedar-policy-core/src/ast/policy.rs
+++ b/cedar-policy-core/src/ast/policy.rs
@@ -15,9 +15,17 @@
  */
 
 use crate::ast::*;
+use crate::entities::{conformance::typecheck_restricted_expr_against_schematype, SchemaType};
+use crate::extensions::Extensions;
 use crate::parser::{AsLocRef, IntoMaybeLoc, Loc, MaybeLoc};
+use crate::validator::{
+    err::SchemaError, json_schema::Type as JSONSchemaType,
+    json_schema_type_to_validator_type_without_schema, types::Type as ValidatorType, RawName,
+    ValidatorSchema,
+};
 use annotation::{Annotation, Annotations};
 use educe::Educe;
+use generalized_slots_annotation::GeneralizedSlotsAnnotation;
 use itertools::Itertools;
 use miette::Diagnostic;
 use nonempty::{nonempty, NonEmpty};
@@ -53,6 +61,9 @@ cfg_tolerant_ast! {
     static DEFAULT_ANNOTATIONS: std::sync::LazyLock<Arc<Annotations>> =
         std::sync::LazyLock::new(|| Arc::new(Annotations::default()));
 
+    static DEFAULT_GENERALIZED_SLOTS_ANNOTATION: std::sync::LazyLock<Arc<GeneralizedSlotsAnnotation>> =
+        std::sync::LazyLock::new(|| Arc::new(GeneralizedSlotsAnnotation::default()));
+
     static DEFAULT_PRINCIPAL_CONSTRAINT: std::sync::LazyLock<PrincipalConstraint> =
         std::sync::LazyLock::new(PrincipalConstraint::any);
 
@@ -120,6 +131,7 @@ impl Template {
         id: PolicyID,
         loc: MaybeLoc,
         annotations: Annotations,
+        generalized_slots_annotation: GeneralizedSlotsAnnotation,
         effect: Effect,
         principal_constraint: PrincipalConstraint,
         action_constraint: ActionConstraint,
@@ -130,6 +142,7 @@ impl Template {
             id,
             loc,
             annotations,
+            generalized_slots_annotation,
             effect,
             principal_constraint,
             action_constraint,
@@ -154,6 +167,7 @@ impl Template {
         id: PolicyID,
         loc: MaybeLoc,
         annotations: Arc<Annotations>,
+        generalized_slots_annotation: Arc<GeneralizedSlotsAnnotation>,
         effect: Effect,
         principal_constraint: PrincipalConstraint,
         action_constraint: ActionConstraint,
@@ -164,6 +178,7 @@ impl Template {
             id,
             loc,
             annotations,
+            generalized_slots_annotation,
             effect,
             principal_constraint,
             action_constraint,
@@ -238,6 +253,18 @@ impl Template {
         self.body.annotations_arc()
     }
 
+    /// Get all generalized_slots_annotation data.
+    pub fn generalized_slots_annotation(
+        &self,
+    ) -> impl Iterator<Item = (&SlotId, &JSONSchemaType<RawName>)> {
+        self.body.generalized_slots_annotation()
+    }
+
+    /// Get [`Arc`] owning the generalized slots annotation data.
+    pub fn generalized_slots_annotation_arc(&self) -> &Arc<GeneralizedSlotsAnnotation> {
+        self.body.generalized_slots_annotation_arc()
+    }
+
     /// Get the condition expression of this template.
     ///
     /// This will be a conjunction of the template's scope constraints (on
@@ -266,15 +293,18 @@ impl Template {
     pub fn check_binding(
         template: &Template,
         values: &HashMap<SlotId, EntityUID>,
+        generalized_values: &HashMap<SlotId, RestrictedExpr>,
     ) -> Result<(), LinkingError> {
         // Verify all slots bound
         let unbound = template
             .slots
             .iter()
-            .filter(|slot| !values.contains_key(&slot.id))
+            .filter(|slot| {
+                !values.contains_key(&slot.id) && !generalized_values.contains_key(&slot.id)
+            })
             .collect::<Vec<_>>();
 
-        let extra = values
+        let extra_values = values
             .iter()
             .filter_map(|(slot, _)| {
                 if !template
@@ -289,16 +319,211 @@ impl Template {
             })
             .collect::<Vec<_>>();
 
-        if unbound.is_empty() && extra.is_empty() {
+        let extra_generalized_values = generalized_values
+            .iter()
+            .filter_map(|(slot, _)| {
+                if !template
+                    .slots
+                    .iter()
+                    .any(|template_slot| template_slot.id == *slot)
+                {
+                    Some(slot)
+                } else {
+                    None
+                }
+            })
+            .collect::<Vec<_>>();
+
+        let invalid_keys_in_values = values
+            .iter()
+            .filter_map(|(slot, _)| {
+                if !(*slot == (SlotId::principal()) || *slot == (SlotId::resource())) {
+                    Some(slot)
+                } else {
+                    None
+                }
+            })
+            .collect::<Vec<_>>();
+
+        let invalid_keys_in_generalized_values = generalized_values
+            .iter()
+            .filter_map(|(slot, _)| {
+                if *slot == (SlotId::principal()) || *slot == (SlotId::resource()) {
+                    Some(slot)
+                } else {
+                    None
+                }
+            })
+            .collect::<Vec<_>>();
+
+        if unbound.is_empty()
+            && extra_values.is_empty()
+            && extra_generalized_values.is_empty()
+            && invalid_keys_in_values.is_empty()
+            && invalid_keys_in_generalized_values.is_empty()
+        {
             Ok(())
+        } else if !(invalid_keys_in_values.is_empty()) {
+            Err(LinkingError::from_invalid_env(
+                invalid_keys_in_values.into_iter().cloned(),
+            ))
+        } else if !(invalid_keys_in_generalized_values.is_empty()) {
+            Err(LinkingError::from_invalid_generalized_env(
+                invalid_keys_in_generalized_values.into_iter().cloned(),
+            ))
         } else {
             Err(LinkingError::from_unbound_and_extras(
-                unbound.into_iter().map(|slot| slot.id),
-                extra.into_iter().copied(),
+                unbound.into_iter().map(|slot| slot.id.clone()),
+                extra_values
+                    .into_iter()
+                    .cloned()
+                    .chain(extra_generalized_values.into_iter().cloned()),
             ))
         }
     }
 
+    /// Validates that the values provided for the generalized slots are of the types annotated
+    pub fn link_time_type_checking_with_schema(
+        template: &Template,
+        schema: &ValidatorSchema,
+        values: &HashMap<SlotId, EntityUID>,
+        generalized_values: &HashMap<SlotId, RestrictedExpr>,
+    ) -> Result<(), LinkingError> {
+        let validator_generalized_slots_annotation = GeneralizedSlotsAnnotation::from_iter(
+            template
+                .generalized_slots_annotation()
+                .map(|(k, v)| (k.clone(), v.clone())),
+        )
+        .into_validator_generalized_slots_annotation(schema)?;
+
+        for (slot, entity_uid) in values {
+            let restricted_expr = &RestrictedExpr::val(entity_uid.clone());
+
+            if let Some(validator_type) = validator_generalized_slots_annotation.get(slot) {
+                let borrowed_restricted_expr = restricted_expr.as_borrowed();
+                #[allow(clippy::expect_used)]
+                let schema_ty = &SchemaType::try_from(validator_type.clone()).expect(
+                    "This should never happen as expected_ty is a statically annotated type",
+                );
+                let extensions = Extensions::all_available();
+                typecheck_restricted_expr_against_schematype(
+                    borrowed_restricted_expr,
+                    schema_ty,
+                    extensions,
+                )
+                .map_err(|_| {
+                    LinkingError::ValueProvidedForSlotIsNotOfTypeSpecified {
+                        slot: slot.clone(),
+                        value: restricted_expr.clone(),
+                        ty: validator_type.clone(),
+                    }
+                })?
+            }
+        }
+
+        for (slot, restricted_expr) in generalized_values {
+            let validator_type = validator_generalized_slots_annotation.get(slot).ok_or(
+                LinkingError::ArityError {
+                    unbound_values: vec![slot.clone()],
+                    extra_values: vec![],
+                },
+            )?;
+            let borrowed_restricted_expr = restricted_expr.as_borrowed();
+            #[allow(clippy::expect_used)]
+            let schema_ty = &SchemaType::try_from(validator_type.clone())
+                .expect("This should never happen as expected_ty is a statically annotated type");
+            let extensions = Extensions::all_available();
+            typecheck_restricted_expr_against_schematype(
+                borrowed_restricted_expr,
+                schema_ty,
+                extensions,
+            )
+            .map_err(|_| LinkingError::ValueProvidedForSlotIsNotOfTypeSpecified {
+                slot: slot.clone(),
+                value: restricted_expr.clone(),
+                ty: validator_type.clone(),
+            })?
+        }
+        Ok(())
+    }
+
+    /// Validates that the values provided for the generalized slots are of the types annotated
+    pub fn link_time_type_checking_without_schema(
+        template: &Template,
+        values: &HashMap<SlotId, EntityUID>,
+        generalized_values: &HashMap<SlotId, RestrictedExpr>,
+    ) -> Result<(), LinkingError> {
+        let generalized_slots_annotation = GeneralizedSlotsAnnotation::from_iter(
+            template
+                .generalized_slots_annotation()
+                .map(|(k, v)| (k.clone(), v.clone())),
+        );
+
+        for (slot, entity_uid) in values {
+            let restricted_expr = &RestrictedExpr::val(entity_uid.clone());
+
+            if let Some(raw_type) = generalized_slots_annotation.get(slot) {
+                let extensions = Extensions::all_available();
+
+                let validator_type = json_schema_type_to_validator_type_without_schema(
+                    raw_type.clone(),
+                    extensions,
+                )?;
+
+                let borrowed_restricted_expr = restricted_expr.as_borrowed();
+                #[allow(clippy::expect_used)]
+                let schema_ty = &SchemaType::try_from(validator_type.clone()).expect(
+                    "This should never happen as expected_ty is a statically annotated type",
+                );
+
+                typecheck_restricted_expr_against_schematype(
+                    borrowed_restricted_expr,
+                    schema_ty,
+                    extensions,
+                )
+                .map_err(|_| {
+                    LinkingError::ValueProvidedForSlotIsNotOfTypeSpecified {
+                        slot: slot.clone(),
+                        value: restricted_expr.clone(),
+                        ty: validator_type.clone(),
+                    }
+                })?
+            }
+        }
+
+        for (slot, restricted_expr) in generalized_values {
+            let raw_type =
+                generalized_slots_annotation
+                    .get(slot)
+                    .ok_or(LinkingError::ArityError {
+                        unbound_values: vec![slot.clone()],
+                        extra_values: vec![],
+                    })?;
+            let extensions = Extensions::all_available();
+
+            let validator_type =
+                json_schema_type_to_validator_type_without_schema(raw_type.clone(), extensions)?;
+
+            let borrowed_restricted_expr = restricted_expr.as_borrowed();
+            #[allow(clippy::expect_used)]
+            let schema_ty = &SchemaType::try_from(validator_type.clone())
+                .expect("This should never happen as expected_ty is a statically annotated type");
+
+            typecheck_restricted_expr_against_schematype(
+                borrowed_restricted_expr,
+                schema_ty,
+                extensions,
+            )
+            .map_err(|_| LinkingError::ValueProvidedForSlotIsNotOfTypeSpecified {
+                slot: slot.clone(),
+                value: restricted_expr.clone(),
+                ty: validator_type.clone(),
+            })?
+        }
+
+        Ok(())
+    }
+
     /// Attempt to create a template-linked policy from this template.
     /// This will fail if values for all open slots are not given.
     /// `new_instance_id` is the `PolicyId` for the created template-linked policy.
@@ -306,10 +531,28 @@ impl Template {
         template: Arc<Template>,
         new_id: PolicyID,
         values: HashMap<SlotId, EntityUID>,
+        generalized_values: HashMap<SlotId, RestrictedExpr>,
+        schema: Option<&ValidatorSchema>,
     ) -> Result<Policy, LinkingError> {
         // INVARIANT (policy total map) Relies on check_binding to uphold the invariant
-        Template::check_binding(&template, &values)
-            .map(|_| Policy::new(template, Some(new_id), values))
+        Template::check_binding(&template, &values, &generalized_values)
+            .and_then(|_| {
+                if let Some(schema) = schema {
+                    Template::link_time_type_checking_with_schema(
+                        &template,
+                        schema,
+                        &values,
+                        &generalized_values,
+                    )
+                } else {
+                    Template::link_time_type_checking_without_schema(
+                        &template,
+                        &values,
+                        &generalized_values,
+                    )
+                }
+            })
+            .map(|_| Policy::new(template, Some(new_id), values, generalized_values))
     }
 
     /// Take a static policy and create a template and a template-linked policy for it.
@@ -324,7 +567,7 @@ impl Template {
             slots: vec![],
         });
         t.check_invariant();
-        let p = Policy::new(Arc::clone(&t), None, HashMap::new());
+        let p = Policy::new(Arc::clone(&t), None, HashMap::new(), HashMap::new());
         (t, p)
     }
 }
@@ -345,7 +588,7 @@ impl std::fmt::Display for Template {
 }
 
 /// Errors linking templates
-#[derive(Debug, Clone, PartialEq, Eq, Diagnostic, Error)]
+#[derive(Debug, Diagnostic, Error)]
 pub enum LinkingError {
     /// An error with the slot arguments provided
     // INVARIANT: `unbound_values` and `extra_values` can't both be empty
@@ -357,6 +600,45 @@ pub enum LinkingError {
         extra_values: Vec<SlotId>,
     },
 
+    /// Invalid slots in env (Generalized slots)
+    #[error(fmt = describe_invalid_slot_in_generalized_env_error)]
+    InvalidSlotIdInEnv {
+        /// invalid slots
+        invalid: Vec<SlotId>,
+    },
+
+    /// Invalid slots in generalized_env (Principal and Resource slots)
+    #[error(fmt = describe_invalid_slot_in_env_error)]
+    InvalidSlotIdInGeneralizedEnv {
+        /// invalid slots
+        invalid: Vec<SlotId>,
+    },
+
+    /// Value provided for slot in scope is not an EntityUID
+    #[error("value provided `{value}` for `{slot}` is not an EntityUID")]
+    ValueProvidedForSlotInScopeNotEntityUID {
+        /// Slot
+        slot: SlotId,
+        /// Value provided
+        value: RestrictedExpr,
+    },
+
+    /// Value provided for a slot is not of the type annotated
+    #[error("value provided `{value}` for `{slot}` is not of type annotated `{ty}`")]
+    ValueProvidedForSlotIsNotOfTypeSpecified {
+        /// Slot
+        slot: SlotId,
+        /// Value provided
+        value: RestrictedExpr,
+        /// Expected Type
+        ty: ValidatorType,
+    },
+
+    /// Types provided are not found in the Schema
+    #[error(transparent)]
+    #[diagnostic(transparent)]
+    AnnotatedTypeNotFoundInSchema(#[from] SchemaError),
+
     /// The attempted linking failed as the template did not exist.
     #[error("failed to find a template with id `{id}`")]
     NoSuchTemplate {
@@ -382,6 +664,18 @@ impl LinkingError {
             extra_values: extra.collect(),
         }
     }
+
+    fn from_invalid_env(invalid: impl Iterator<Item = SlotId>) -> Self {
+        Self::InvalidSlotIdInEnv {
+            invalid: invalid.collect(),
+        }
+    }
+
+    fn from_invalid_generalized_env(invalid: impl Iterator<Item = SlotId>) -> Self {
+        Self::InvalidSlotIdInGeneralizedEnv {
+            invalid: invalid.collect(),
+        }
+    }
 }
 
 fn describe_arity_error(
@@ -399,6 +693,28 @@ fn describe_arity_error(
     }
 }
 
+fn describe_invalid_slot_in_env_error(
+    invalid: &[SlotId],
+    fmt: &mut std::fmt::Formatter<'_>,
+) -> std::fmt::Result {
+    write!(
+        fmt,
+        "The following slots should not be in the values hashmap: {}",
+        invalid.iter().join(",")
+    )
+}
+
+fn describe_invalid_slot_in_generalized_env_error(
+    invalid: &[SlotId],
+    fmt: &mut std::fmt::Formatter<'_>,
+) -> std::fmt::Result {
+    write!(
+        fmt,
+        "The following slots should not be in the generalized_values hashmap: {}",
+        invalid.iter().join(",")
+    )
+}
+
 /// A Policy that contains:
 ///   - a pointer to its template
 ///   - a link ID (unless it's a static policy)
@@ -421,23 +737,35 @@ pub struct Policy {
     /// The constructor `new` is only visible in this module,
     /// so it is the responsibility of callers to maintain
     values: HashMap<SlotId, EntityUID>,
+    /// All of the generalized slots in `template` MUST
+    /// be bound by `generalized values`.
+    /// The SlotId for generalized_values should be disjoint from
+    /// values as well
+    generalized_values: HashMap<SlotId, RestrictedExpr>,
 }
 
 impl Policy {
     /// Link a policy to its template
     /// INVARIANT (values total map):
     /// `values` must bind every open slot in `template`
-    fn new(template: Arc<Template>, link_id: Option<PolicyID>, values: SlotEnv) -> Self {
+    fn new(
+        template: Arc<Template>,
+        link_id: Option<PolicyID>,
+        values: SlotEnv,
+        generalized_values: GeneralizedSlotEnv,
+    ) -> Self {
         #[cfg(debug_assertions)]
         {
             // PANIC SAFETY: asserts (value total map invariant) which is justified at call sites
             #[allow(clippy::expect_used)]
-            Template::check_binding(&template, &values).expect("(values total map) does not hold!");
+            Template::check_binding(&template, &values, &generalized_values)
+                .expect("(values total map) does not hold!");
         }
         Self {
             template,
             link: link_id,
             values,
+            generalized_values,
         }
     }
 
@@ -464,13 +792,14 @@ impl Policy {
             id,
             loc,
             annotations,
+            Arc::new(GeneralizedSlotsAnnotation::default()),
             effect,
             PrincipalConstraint::any(),
             ActionConstraint::any(),
             ResourceConstraint::any(),
             when,
         );
-        Self::new(Arc::new(t), None, SlotEnv::new())
+        Self::new(Arc::new(t), None, SlotEnv::new(), GeneralizedSlotEnv::new())
     }
 
     /// Get pointer to the template for this policy
@@ -503,6 +832,13 @@ impl Policy {
         self.template.annotations_arc()
     }
 
+    /// Get all generalized_slots_annotation data.
+    pub fn generalized_slots_annotation(
+        &self,
+    ) -> impl Iterator<Item = (&SlotId, &JSONSchemaType<RawName>)> {
+        self.template.generalized_slots_annotation()
+    }
+
     /// Get the principal constraint for this policy.
     ///
     /// By the invariant, this principal constraint will not contain
@@ -555,6 +891,12 @@ impl Policy {
         &self.values
     }
 
+    /// Get the mapping from generalized SlotIds to RestrictedExprs for this policy. (This will
+    /// be empty for inline policies.)
+    pub fn generalized_env(&self) -> &GeneralizedSlotEnv {
+        &self.generalized_values
+    }
+
     /// Get the ID of this policy.
     pub fn id(&self) -> &PolicyID {
         self.link.as_ref().unwrap_or_else(|| self.template.id())
@@ -567,11 +909,13 @@ impl Policy {
                 template: Arc::new(self.template.new_id(id)),
                 link: None,
                 values: self.values.clone(),
+                generalized_values: self.generalized_values.clone(),
             },
             Some(_) => Policy {
                 template: self.template.clone(),
                 link: Some(id),
                 values: self.values.clone(),
+                generalized_values: self.generalized_values.clone(),
             },
         }
     }
@@ -624,6 +968,9 @@ impl std::fmt::Display for Policy {
 /// Map from Slot Ids to Entity UIDs which fill the slots
 pub type SlotEnv = HashMap<SlotId, EntityUID>;
 
+/// Map from Slot Ids to RestrictedExpr which fill the generalized slots
+pub type GeneralizedSlotEnv = HashMap<SlotId, RestrictedExpr>;
+
 /// Represents either a static policy or a template linked policy.
 ///
 /// Contains less rich information than `Policy`. In particular, this form is
@@ -640,6 +987,8 @@ pub struct LiteralPolicy {
     link_id: Option<PolicyID>,
     /// Values of the slots
     values: SlotEnv,
+    /// Generalized values of the slots
+    generalized_values: GeneralizedSlotEnv,
 }
 
 impl LiteralPolicy {
@@ -651,6 +1000,7 @@ impl LiteralPolicy {
             template_id,
             link_id: None,
             values: SlotEnv::new(),
+            generalized_values: GeneralizedSlotEnv::new(),
         }
     }
 
@@ -661,11 +1011,13 @@ impl LiteralPolicy {
         template_id: PolicyID,
         link_id: PolicyID,
         values: SlotEnv,
+        generalized_values: GeneralizedSlotEnv,
     ) -> Self {
         Self {
             template_id,
             link_id: Some(link_id),
             values,
+            generalized_values,
         }
     }
 
@@ -673,6 +1025,11 @@ impl LiteralPolicy {
     pub fn value(&self, slot: &SlotId) -> Option<&EntityUID> {
         self.values.get(slot)
     }
+
+    /// Returns the hashmap of generalized values
+    pub fn generalized_values(&self) -> GeneralizedSlotEnv {
+        self.generalized_values.clone()
+    }
 }
 
 // Can we verify the hash property?
@@ -713,6 +1070,7 @@ mod hashing_tests {
             template_id: PolicyID::from_string("template"),
             link_id: Some(PolicyID::from_string("id")),
             values: map,
+            generalized_values: HashMap::new(),
         }
     }
 
@@ -750,8 +1108,14 @@ impl LiteralPolicy {
             .get(&self.template_id)
             .ok_or_else(|| ReificationError::NoSuchTemplate(self.template_id().clone()))?;
         // INVARIANT (values total map)
-        Template::check_binding(template, &self.values).map_err(ReificationError::Linking)?;
-        Ok(Policy::new(template.clone(), self.link_id, self.values))
+        Template::check_binding(template, &self.values, &self.generalized_values)
+            .map_err(ReificationError::Linking)?;
+        Ok(Policy::new(
+            template.clone(),
+            self.link_id,
+            self.values,
+            self.generalized_values,
+        ))
     }
 
     /// Lookup the euid bound by a SlotId
@@ -804,6 +1168,7 @@ impl From<Policy> for LiteralPolicy {
             template_id: p.template.id().clone(),
             link_id: p.link,
             values: p.values,
+            generalized_values: p.generalized_values,
         }
     }
 }
@@ -904,6 +1269,7 @@ impl StaticPolicy {
         id: PolicyID,
         loc: MaybeLoc,
         annotations: Annotations,
+        generalized_slots_annotation: GeneralizedSlotsAnnotation,
         effect: Effect,
         principal_constraint: PrincipalConstraint,
         action_constraint: ActionConstraint,
@@ -914,6 +1280,7 @@ impl StaticPolicy {
             id,
             loc,
             annotations,
+            generalized_slots_annotation,
             effect,
             principal_constraint,
             action_constraint,
@@ -971,6 +1338,8 @@ pub struct TemplateBodyImpl {
     /// Note that the keys are `AnyId`, so Cedar reserved words like `if` and `has`
     /// are explicitly allowed as annotations.
     annotations: Arc<Annotations>,
+    /// Stores the type and position information for generalized slots
+    generalized_slots_annotation: Arc<GeneralizedSlotsAnnotation>,
     /// `Effect` of this policy
     effect: Effect,
     /// Scope constraint for principal. This will be a boolean-valued expression:
@@ -1081,6 +1450,32 @@ impl TemplateBody {
         }
     }
 
+    /// Get shared ref to generalized slots annotation
+    pub fn generalized_slots_annotation_arc(&self) -> &Arc<GeneralizedSlotsAnnotation> {
+        match self {
+            TemplateBody::TemplateBody(TemplateBodyImpl {
+                generalized_slots_annotation,
+                ..
+            }) => generalized_slots_annotation,
+            #[cfg(feature = "tolerant-ast")]
+            TemplateBody::TemplateBodyError(_, _) => &DEFAULT_GENERALIZED_SLOTS_ANNOTATION,
+        }
+    }
+
+    /// Get all generalized_slots_annotation data.
+    pub fn generalized_slots_annotation(
+        &self,
+    ) -> impl Iterator<Item = (&SlotId, &JSONSchemaType<RawName>)> {
+        match self {
+            TemplateBody::TemplateBody(TemplateBodyImpl {
+                generalized_slots_annotation,
+                ..
+            }) => generalized_slots_annotation.iter(),
+            #[cfg(feature = "tolerant-ast")]
+            TemplateBody::TemplateBodyError(_, _) => DEFAULT_GENERALIZED_SLOTS_ANNOTATION.iter(),
+        }
+    }
+
     /// Get the `principal` scope constraint of this policy.
     pub fn principal_constraint(&self) -> &PrincipalConstraint {
         match self {
@@ -1217,6 +1612,7 @@ impl TemplateBody {
         id: PolicyID,
         loc: MaybeLoc,
         annotations: Arc<Annotations>,
+        generalized_slots_annotation: Arc<GeneralizedSlotsAnnotation>,
         effect: Effect,
         principal_constraint: PrincipalConstraint,
         action_constraint: ActionConstraint,
@@ -1227,6 +1623,7 @@ impl TemplateBody {
             id,
             loc,
             annotations,
+            generalized_slots_annotation,
             effect,
             principal_constraint,
             action_constraint,
@@ -1241,6 +1638,7 @@ impl TemplateBody {
         id: PolicyID,
         loc: MaybeLoc,
         annotations: Annotations,
+        generalized_slots_annotation: GeneralizedSlotsAnnotation,
         effect: Effect,
         principal_constraint: PrincipalConstraint,
         action_constraint: ActionConstraint,
@@ -1251,6 +1649,7 @@ impl TemplateBody {
             id,
             loc,
             annotations: Arc::new(annotations),
+            generalized_slots_annotation: Arc::new(generalized_slots_annotation),
             effect,
             principal_constraint,
             action_constraint,
@@ -1384,6 +1783,15 @@ impl PrincipalConstraint {
             _ => self,
         }
     }
+
+    /// Returns whether the principal constraint contains a slot
+    pub fn has_slot(&self) -> bool {
+        match self.constraint {
+            PrincipalOrResourceConstraint::Eq(EntityReference::Slot(_)) => true,
+            PrincipalOrResourceConstraint::In(EntityReference::Slot(_)) => true,
+            _ => false,
+        }
+    }
 }
 
 impl std::fmt::Display for PrincipalConstraint {
@@ -1491,6 +1899,15 @@ impl ResourceConstraint {
             _ => self,
         }
     }
+
+    /// Returns whether the resource constraint contains a slot
+    pub fn has_slot(&self) -> bool {
+        match self.constraint {
+            PrincipalOrResourceConstraint::Eq(EntityReference::Slot(_)) => true,
+            PrincipalOrResourceConstraint::In(EntityReference::Slot(_)) => true,
+            _ => false,
+        }
+    }
 }
 
 impl std::fmt::Display for ResourceConstraint {
@@ -1694,9 +2111,9 @@ impl PrincipalOrResourceConstraint {
                 format!("{} is {} in {}", v, entity_type, euid.into_expr(v.into()))
             }
             PrincipalOrResourceConstraint::Is(entity_type) => {
-                format!("{} is {}", v, entity_type)
+                format!("{v} is {entity_type}")
             }
-            PrincipalOrResourceConstraint::Any => format!("{}", v),
+            PrincipalOrResourceConstraint::Any => format!("{v}"),
         }
     }
 
@@ -2007,6 +2424,7 @@ pub(crate) mod test_generators {
                         permit.clone(),
                         None,
                         Annotations::new(),
+                        GeneralizedSlotsAnnotation::new(),
                         Effect::Permit,
                         principal.clone(),
                         action.clone(),
@@ -2017,6 +2435,7 @@ pub(crate) mod test_generators {
                         forbid.clone(),
                         None,
                         Annotations::new(),
+                        GeneralizedSlotsAnnotation::new(),
                         Effect::Forbid,
                         principal.clone(),
                         action.clone(),
@@ -2057,9 +2476,11 @@ mod test {
             let t = Arc::new(template);
             let env = t
                 .slots()
-                .map(|slot| (slot.id, EntityUID::with_eid("eid")))
+                .filter(|s| s.id.is_principal() || s.id.is_resource())
+                .map(|slot| (slot.id.clone(), EntityUID::with_eid("eid")))
                 .collect();
-            let _ = Template::link(t, PolicyID::from_string("id"), env).expect("Linking failed");
+            let _ = Template::link(t, PolicyID::from_string("id"), env, HashMap::new(), None)
+                .expect("Linking failed");
         }
     }
 
@@ -2072,7 +2493,17 @@ mod test {
             let a = template.action_constraint().clone();
             let r = template.resource_constraint().clone();
             let non_scope = template.non_scope_constraints().clone();
-            let t2 = Template::new(id, None, Annotations::new(), effect, p, a, r, non_scope);
+            let t2 = Template::new(
+                id,
+                None,
+                Annotations::new(),
+                GeneralizedSlotsAnnotation::new(),
+                effect,
+                p,
+                a,
+                r,
+                non_scope,
+            );
             assert_eq!(template, t2);
         }
     }
@@ -2087,12 +2518,23 @@ mod test {
                     .annotations()
                     .map(|(k, v)| (k.clone(), v.clone()))
                     .collect();
+                let generalized_slots_anno = GeneralizedSlotsAnnotation::default();
                 let p = ip.principal_constraint().clone();
                 let a = ip.action_constraint().clone();
                 let r = ip.resource_constraint().clone();
                 let non_scope = ip.non_scope_constraints().clone();
-                let ip2 = StaticPolicy::new(id, None, anno, e, p, a, r, non_scope)
-                    .expect("Policy Creation Failed");
+                let ip2 = StaticPolicy::new(
+                    id,
+                    None,
+                    anno,
+                    generalized_slots_anno,
+                    e,
+                    p,
+                    a,
+                    r,
+                    non_scope,
+                )
+                .expect("Policy Creation Failed");
                 assert_eq!(ip, ip2);
                 let (t2, inst) = Template::link_static_policy(ip2);
                 assert!(inst.is_static());
@@ -2109,6 +2551,7 @@ mod test {
             tid,
             None,
             Annotations::new(),
+            GeneralizedSlotsAnnotation::new(),
             Effect::Forbid,
             PrincipalConstraint::is_eq_slot(),
             ActionConstraint::Any,
@@ -2117,7 +2560,7 @@ mod test {
         ));
         let mut m = HashMap::new();
         m.insert(SlotId::resource(), EntityUID::with_eid("eid"));
-        assert_matches!(Template::link(t, iid, m), Err(LinkingError::ArityError { unbound_values, extra_values }) => {
+        assert_matches!(Template::link(t, iid, m, HashMap::new(), None), Err(LinkingError::ArityError { unbound_values, extra_values }) => {
             assert_eq!(unbound_values, vec![SlotId::principal()]);
             assert_eq!(extra_values, vec![SlotId::resource()]);
         });
@@ -2131,19 +2574,20 @@ mod test {
             tid,
             None,
             Annotations::new(),
+            GeneralizedSlotsAnnotation::new(),
             Effect::Forbid,
             PrincipalConstraint::is_eq_slot(),
             ActionConstraint::Any,
             ResourceConstraint::is_in_slot(),
             Expr::val(true),
         ));
-        assert_matches!(Template::link(t.clone(), iid.clone(), HashMap::new()), Err(LinkingError::ArityError { unbound_values, extra_values }) => {
+        assert_matches!(Template::link(t.clone(), iid.clone(), HashMap::new(), HashMap::new(), None), Err(LinkingError::ArityError { unbound_values, extra_values }) => {
             assert_eq!(unbound_values, vec![SlotId::resource(), SlotId::principal()]);
             assert_eq!(extra_values, vec![]);
         });
         let mut m = HashMap::new();
         m.insert(SlotId::principal(), EntityUID::with_eid("eid"));
-        assert_matches!(Template::link(t, iid, m), Err(LinkingError::ArityError { unbound_values, extra_values }) => {
+        assert_matches!(Template::link(t, iid, m, HashMap::new(), None), Err(LinkingError::ArityError { unbound_values, extra_values }) => {
             assert_eq!(unbound_values, vec![SlotId::resource()]);
             assert_eq!(extra_values, vec![]);
         });
@@ -2157,6 +2601,7 @@ mod test {
             tid,
             None,
             Annotations::new(),
+            GeneralizedSlotsAnnotation::new(),
             Effect::Permit,
             PrincipalConstraint::is_in_slot(),
             ActionConstraint::any(),
@@ -2168,7 +2613,7 @@ mod test {
         m.insert(SlotId::principal(), EntityUID::with_eid("theprincipal"));
         m.insert(SlotId::resource(), EntityUID::with_eid("theresource"));
 
-        let r = Template::link(t, iid.clone(), m).expect("Should Succeed");
+        let r = Template::link(t, iid.clone(), m, HashMap::new(), None).expect("Should Succeed");
         assert_eq!(r.id(), &iid);
         assert_eq!(
             r.env().get(&SlotId::principal()),
@@ -2234,6 +2679,12 @@ mod test {
             PrincipalOrResourceConstraint::In(EntityReference::Slot(None)).get_euid(),
             None
         );
+
+        assert_eq!(
+            PrincipalOrResourceConstraint::In(EntityReference::Slot(None)).get_euid(),
+            None
+        );
+
         assert_eq!(
             PrincipalOrResourceConstraint::Eq(EntityReference::EUID(e.clone())).get_euid(),
             Some(&e)
@@ -2242,6 +2693,10 @@ mod test {
             PrincipalOrResourceConstraint::Eq(EntityReference::Slot(None)).get_euid(),
             None
         );
+        assert_eq!(
+            PrincipalOrResourceConstraint::Eq(EntityReference::Slot(None)).get_euid(),
+            None
+        );
         assert_eq!(
             PrincipalOrResourceConstraint::IsIn(
                 Arc::new("T".parse().unwrap()),
@@ -2262,6 +2717,22 @@ mod test {
             .get_euid(),
             None
         );
+        assert_eq!(
+            PrincipalOrResourceConstraint::IsIn(
+                Arc::new("T".parse().unwrap()),
+                EntityReference::Slot(None)
+            )
+            .get_euid(),
+            None
+        );
+        assert_eq!(
+            PrincipalOrResourceConstraint::IsIn(
+                Arc::new("T".parse().unwrap()),
+                EntityReference::Slot(None)
+            )
+            .get_euid(),
+            None
+        );
     }
 
     #[test]
diff --git a/cedar-policy-core/src/ast/policy_set.rs b/cedar-policy-core/src/ast/policy_set.rs
index c7d67b6a35..7b0a145552 100644
--- a/cedar-policy-core/src/ast/policy_set.rs
+++ b/cedar-policy-core/src/ast/policy_set.rs
@@ -14,10 +14,13 @@
  * limitations under the License.
  */
 
+use crate::ast::RestrictedExpr;
+
 use super::{
     EntityUID, LinkingError, LiteralPolicy, Policy, PolicyID, ReificationError, SlotId,
     StaticPolicy, Template,
 };
+use crate::validator::ValidatorSchema;
 use itertools::Itertools;
 use miette::Diagnostic;
 use smol_str::format_smolstr;
@@ -498,22 +501,24 @@ impl PolicySet {
     /// set. Returns a references to the new template linked policy if
     /// successful.
     ///
-    /// Errors for two reasons
-    ///   1) The the passed SlotEnv either does not match the slots in the templates
+    /// Errors for three reasons
+    ///   1) The passed SlotEnv or GeneralizedSlotEnv either does not match the slots in the templates
     ///   2) The passed link Id conflicts with an Id already in the set
+    ///   3) SlotEnv must only contain Principal & Resource slots and GeneralizedSlotEnv must only contain generalized slots
     pub fn link(
         &mut self,
         template_id: PolicyID,
         new_id: PolicyID,
         values: HashMap<SlotId, EntityUID>,
+        generalized_values: HashMap<SlotId, RestrictedExpr>,
+        schema: Option<&ValidatorSchema>,
     ) -> Result<&Policy, LinkingError> {
         let t =
             self.get_template_arc(&template_id)
                 .ok_or_else(|| LinkingError::NoSuchTemplate {
                     id: template_id.clone(),
                 })?;
-        let r = Template::link(t, new_id.clone(), values)?;
-
+        let r = Template::link(t, new_id.clone(), values, generalized_values, schema)?;
         // Both maps must not contain the `new_id`
         match (
             self.links.entry(new_id.clone()),
@@ -640,14 +645,83 @@ mod test {
     use super::*;
     use crate::{
         ast::{
-            annotation::Annotations, ActionConstraint, Effect, Expr, PrincipalConstraint,
-            ResourceConstraint,
+            annotation::Annotations, ActionConstraint, Effect, Expr, GeneralizedSlotsAnnotation,
+            PrincipalConstraint, ResourceConstraint,
         },
         parser,
+        validator::{json_schema, types::Type, RawName},
     };
 
     use std::collections::HashMap;
 
+    fn simple_schema_file() -> json_schema::NamespaceDefinition<RawName> {
+        serde_json::from_value(serde_json::json!(
+            {
+                "entityTypes": {
+                    "Disk": {
+                        "memberOfTypes": [],
+                        "shape": {
+                            "type": "Record",
+                            "additionalAttributes": false,
+                            "attributes": {
+                                "owner": { "type": "String", "required": true}
+                            }
+                        }
+                    },
+                    "Folder": {
+                        "memberOfTypes": [],
+                        "shape": {
+                            "type": "Record",
+                            "additionalAttributes": false,
+                            "attributes": {
+                                "owner": { "type": "String", "required": true}
+                            }
+                        }
+                    },
+                    "Document": {
+                        "memberOfTypes": [ "Folder" ],
+                        "shape": {
+                            "type": "Record",
+                            "additionalAttributes": false,
+                            "attributes": {
+                                "owner": { "type": "String", "required": true}
+                            }
+                        }
+                    },
+                    "Person": {
+                        "memberOfTypes": [],
+                        "shape": {
+                            "type": "Record",
+                            "additionalAttributes": false,
+                            "attributes": {
+                                "age": { "type": "String", "required": false}
+                            }
+                        }
+                    }
+                },
+                "commonTypes": {
+                    "PersonInfo": {
+                        "type": "Record",
+                        "attributes": {
+                            "name": { "type": "String", "required": false},
+                            "age": { "type": "Long", "required": true},
+                        }
+                    }
+                },
+                "actions": {
+                    "Navigate": {
+                        "memberOf": [],
+                        "appliesTo": {
+                            "principalTypes": ["Person"],
+                            "resourceTypes": ["Disk", "Folder", "Document"]
+                        }
+                    }
+                }
+            }
+        ))
+        .expect("Expected valid schema")
+    }
+
     #[test]
     fn link_conflicts() {
         let mut pset = PolicySet::new();
@@ -669,7 +743,13 @@ mod test {
             r#"Test::"test""#.parse().expect("Failed to parse"),
         )]);
 
-        let r = pset.link(PolicyID::from_string("t"), PolicyID::from_string("id"), env);
+        let r = pset.link(
+            PolicyID::from_string("t"),
+            PolicyID::from_string("id"),
+            env,
+            HashMap::new(),
+            None,
+        );
 
         match r {
             Ok(_) => panic!("Should have failed due to conflict"),
@@ -680,6 +760,279 @@ mod test {
         };
     }
 
+    #[test]
+    fn values_can_not_have_generalized_slot() {
+        let mut pset = PolicySet::new();
+        let template = parser::parse_policy_or_template(
+            Some(PolicyID::from_string("t")),
+            "permit(principal == ?principal, action, resource);",
+        )
+        .expect("Failed to parse");
+        pset.add_template(template).expect("Add failed");
+
+        let env: HashMap<SlotId, EntityUID> = HashMap::from([(
+            SlotId::generalized_slot("generalized_slot".parse().expect("Failed to parse")),
+            r#"Test::"test""#.parse().expect("Failed to parse"),
+        )]);
+
+        let r = pset.link(
+            PolicyID::from_string("t"),
+            PolicyID::from_string("id"),
+            env,
+            HashMap::new(),
+            None,
+        );
+
+        match r {
+            Ok(_) => panic!("Should have failed due to invalid slot id in env"),
+            Err(LinkingError::InvalidSlotIdInEnv { invalid }) => {
+                assert_eq!(
+                    invalid,
+                    vec![SlotId::generalized_slot(
+                        "generalized_slot".parse().expect("Failed to parse")
+                    )]
+                )
+            }
+            Err(e) => panic!("Incorrect error: {e}"),
+        };
+    }
+
+    #[test]
+    fn generalized_values_can_not_have_principal_or_resource_slot() {
+        let mut pset = PolicySet::new();
+        let template = parser::parse_policy_or_template(
+            Some(PolicyID::from_string("t")),
+            "permit(principal == ?principal, action, resource);",
+        )
+        .expect("Failed to parse");
+        pset.add_template(template).expect("Add failed");
+
+        let env: HashMap<SlotId, EntityUID> = HashMap::from([(
+            SlotId::principal(),
+            r#"Test::"test""#.parse().expect("Failed to parse"),
+        )]);
+
+        let generalized_env: HashMap<SlotId, RestrictedExpr> = HashMap::from([
+            (
+                SlotId::principal(),
+                r#"true"#.parse().expect("Failed to parse"),
+            ),
+            (
+                SlotId::resource(),
+                r#"true"#.parse().expect("Failed to parse"),
+            ),
+        ]);
+
+        let r = pset.link(
+            PolicyID::from_string("t"),
+            PolicyID::from_string("id"),
+            env,
+            generalized_env,
+            None,
+        );
+
+        match r {
+            Ok(_) => panic!("Should have failed due to invalid slot id in generalized env"),
+            Err(LinkingError::InvalidSlotIdInGeneralizedEnv { mut invalid }) => {
+                assert_eq!(
+                    invalid.sort(),
+                    vec![SlotId::principal(), SlotId::resource()].sort()
+                )
+            }
+            Err(e) => panic!("Incorrect error: {e}"),
+        };
+    }
+
+    #[test]
+    fn extra_values_and_generalized_values() {
+        let mut pset = PolicySet::new();
+        let template = parser::parse_policy_or_template(
+            Some(PolicyID::from_string("t")),
+            "permit(principal, action, resource == ?resource);",
+        )
+        .expect("Failed to parse");
+        pset.add_template(template).expect("Add failed");
+
+        let env: HashMap<SlotId, EntityUID> = HashMap::from([(
+            SlotId::principal(),
+            r#"Test::"test""#.parse().expect("Failed to parse"),
+        )]);
+
+        let generalized_env: HashMap<SlotId, RestrictedExpr> = HashMap::from([(
+            SlotId::generalized_slot("generalized_slot".parse().expect("Failed to parse")),
+            r#"Test::"test""#.parse().expect("Failed to parse"),
+        )]);
+
+        let r = pset.link(
+            PolicyID::from_string("t"),
+            PolicyID::from_string("id"),
+            env,
+            generalized_env,
+            None,
+        );
+
+        match r {
+            Ok(_) => panic!("Should have failed due to arity error"),
+            Err(LinkingError::ArityError {
+                unbound_values,
+                extra_values,
+            }) => {
+                assert_eq!(unbound_values, vec![SlotId::resource()]);
+                assert_eq!(
+                    extra_values,
+                    vec![
+                        SlotId::principal(),
+                        SlotId::generalized_slot(
+                            "generalized_slot".parse().expect("Failed to parse")
+                        ),
+                    ]
+                )
+            }
+            Err(e) => panic!("Incorrect error: {e}"),
+        };
+    }
+
+    #[test]
+    fn generalized_link_fails_when_values_provided_are_of_incorrect_types() {
+        let schema = ValidatorSchema::try_from(simple_schema_file()).ok();
+        let mut pset = PolicySet::new();
+        let template = parser::parse_policy_or_template(
+            Some(PolicyID::from_string("t")),
+            "template(?value: Long) => 
+            permit(principal, 
+            action, 
+            resource) when { ?value == 8 };",
+        )
+        .expect("Failed to parse");
+        pset.add_template(template).expect("Add failed");
+
+        let env: HashMap<SlotId, EntityUID> = HashMap::from([]);
+
+        let generalized_slot = SlotId::generalized_slot("value".parse().unwrap());
+        let generalized_value: RestrictedExpr = r#"Test::"test""#.parse().expect("Failed to parse");
+        let generalized_env: HashMap<SlotId, RestrictedExpr> =
+            HashMap::from([(generalized_slot.clone(), generalized_value.clone())]);
+
+        let r = pset.link(
+            PolicyID::from_string("t"),
+            PolicyID::from_string("id"),
+            env,
+            generalized_env,
+            schema.as_ref(),
+        );
+
+        match r {
+            Ok(_) => panic!("Should have failed due to value provided not being of specified type"),
+            Err(LinkingError::ValueProvidedForSlotIsNotOfTypeSpecified { slot, value, ty }) => {
+                assert_eq!(slot, generalized_slot.clone());
+                assert_eq!(value, generalized_value.clone());
+                assert_eq!(ty, Type::primitive_long())
+            }
+            Err(e) => panic!("Incorrect error: {e}"),
+        };
+    }
+
+    #[test]
+    fn generalized_link_success() {
+        let schema = ValidatorSchema::try_from(simple_schema_file()).ok();
+        let mut pset = PolicySet::new();
+        let template = parser::parse_policy_or_template(
+            Some(PolicyID::from_string("t")),
+            "template(?generalized: Person) =>
+                permit(principal, 
+                action, 
+                resource) when { principal == ?generalized };",
+        )
+        .expect("Failed to parse");
+        pset.add_template(template).expect("Add failed");
+
+        let env: HashMap<SlotId, EntityUID> = HashMap::from([]);
+
+        let generalized_slot = SlotId::generalized_slot("generalized".parse().unwrap());
+        let generalized_value: RestrictedExpr =
+            RestrictedExpr::val(EntityUID::with_eid_and_type("Person", "alice").unwrap());
+        let generalized_env: HashMap<SlotId, RestrictedExpr> =
+            HashMap::from([(generalized_slot.clone(), generalized_value.clone())]);
+
+        let r = pset.link(
+            PolicyID::from_string("t"),
+            PolicyID::from_string("id"),
+            env,
+            generalized_env,
+            schema.as_ref(),
+        );
+
+        assert!(r.is_ok())
+    }
+
+    #[test]
+    fn generalized_link_without_schema() {
+        let mut pset = PolicySet::new();
+        let template = parser::parse_policy_or_template(
+            Some(PolicyID::from_string("t")),
+            "template(?value: __cedar::Long) => 
+            permit(principal, 
+            action, 
+            resource) when { ?value == 8 };",
+        )
+        .expect("Failed to parse");
+        pset.add_template(template).expect("Add failed");
+
+        let env: HashMap<SlotId, EntityUID> = HashMap::from([]);
+
+        let generalized_slot = SlotId::generalized_slot("value".parse().unwrap());
+        let generalized_value: RestrictedExpr = r#"Test::"test""#.parse().expect("Failed to parse");
+        let generalized_env: HashMap<SlotId, RestrictedExpr> =
+            HashMap::from([(generalized_slot.clone(), generalized_value.clone())]);
+
+        let r = pset.link(
+            PolicyID::from_string("t"),
+            PolicyID::from_string("id"),
+            env,
+            generalized_env,
+            None,
+        );
+
+        match r {
+            Ok(_) => panic!("Should have failed due to value provided not being of specified type"),
+            Err(LinkingError::ValueProvidedForSlotIsNotOfTypeSpecified { slot, value, ty }) => {
+                assert_eq!(slot, generalized_slot.clone());
+                assert_eq!(value, generalized_value.clone());
+                assert_eq!(ty, Type::primitive_long())
+            }
+            Err(e) => panic!("Incorrect error: {e}"),
+        };
+
+        let mut pset = PolicySet::new();
+        let template = parser::parse_policy_or_template(
+            Some(PolicyID::from_string("t")),
+            "template(?generalized: Person) =>
+                permit(principal, 
+                action, 
+                resource) when { principal == ?generalized };",
+        )
+        .expect("Failed to parse");
+        pset.add_template(template).expect("Add failed");
+
+        let env: HashMap<SlotId, EntityUID> = HashMap::from([]);
+
+        let generalized_slot = SlotId::generalized_slot("generalized".parse().unwrap());
+        let generalized_value: RestrictedExpr =
+            RestrictedExpr::val(EntityUID::with_eid_and_type("Person", "alice").unwrap());
+        let generalized_env: HashMap<SlotId, RestrictedExpr> =
+            HashMap::from([(generalized_slot.clone(), generalized_value.clone())]);
+
+        let r = pset.link(
+            PolicyID::from_string("t"),
+            PolicyID::from_string("id"),
+            env,
+            generalized_env,
+            None,
+        );
+
+        assert!(r.is_ok())
+    }
+
     /// This test focuses on `PolicySet::add()`, while other tests mostly use
     /// `PolicySet::add_static()` and `PolicySet::link()`.
     #[test]
@@ -706,8 +1059,14 @@ mod test {
             r#"Test::"test1""#.parse().expect("Failed to parse"),
         )]);
 
-        let p1 = Template::link(Arc::clone(&template), PolicyID::from_string("link"), env1)
-            .expect("Failed to link");
+        let p1 = Template::link(
+            Arc::clone(&template),
+            PolicyID::from_string("link"),
+            env1,
+            HashMap::new(),
+            None,
+        )
+        .expect("Failed to link");
         pset.add(p1).expect(
             "Adding link should succeed, even though the template wasn't previously in the pset",
         );
@@ -725,6 +1084,8 @@ mod test {
             Arc::clone(&template),
             PolicyID::from_string("link"),
             env2.clone(),
+            HashMap::new(),
+            None,
         )
         .expect("Failed to link");
         match pset.add(p2) {
@@ -732,8 +1093,14 @@ mod test {
             Err(PolicySetError::Occupied { id }) => assert_eq!(id, PolicyID::from_string("link")),
         }
 
-        let p3 = Template::link(Arc::clone(&template), PolicyID::from_string("link2"), env2)
-            .expect("Failed to link");
+        let p3 = Template::link(
+            Arc::clone(&template),
+            PolicyID::from_string("link2"),
+            env2,
+            HashMap::new(),
+            None,
+        )
+        .expect("Failed to link");
         pset.add(p3).expect(
             "Adding link should succeed, even though the template already existed in the pset",
         );
@@ -754,6 +1121,8 @@ mod test {
             Arc::clone(&template2),
             PolicyID::from_string("unique3"),
             env3,
+            HashMap::new(),
+            None,
         )
         .expect("Failed to link");
         match pset.add(p4) {
@@ -908,6 +1277,8 @@ mod test {
             PolicyID::from_string("template"),
             PolicyID::from_string("id"),
             HashMap::from([(SlotId::principal(), EntityUID::with_eid("eid"))]),
+            HashMap::new(),
+            None,
         )
         .expect("Linking failed!");
         assert_eq!(set.static_policies().count(), 1);
@@ -922,6 +1293,7 @@ mod test {
             tid.clone(),
             None,
             Annotations::new(),
+            GeneralizedSlotsAnnotation::new(),
             Effect::Permit,
             PrincipalConstraint::any(),
             ActionConstraint::any(),
@@ -931,7 +1303,13 @@ mod test {
 
         let mut s = PolicySet::new();
         let e = s
-            .link(tid.clone(), lid.clone(), HashMap::new())
+            .link(
+                tid.clone(),
+                lid.clone(),
+                HashMap::new(),
+                HashMap::new(),
+                None,
+            )
             .expect_err("Should fail");
 
         match e {
@@ -940,7 +1318,8 @@ mod test {
         };
 
         s.add_template(t).unwrap();
-        s.link(tid, lid, HashMap::new()).expect("Should succeed");
+        s.link(tid, lid, HashMap::new(), HashMap::new(), None)
+            .expect("Should succeed");
     }
 
     #[test]
@@ -951,6 +1330,7 @@ mod test {
             tid.clone(),
             None,
             Annotations::new(),
+            GeneralizedSlotsAnnotation::new(),
             Effect::Permit,
             PrincipalConstraint::is_eq_slot(),
             ActionConstraint::any(),
@@ -965,7 +1345,8 @@ mod test {
         vals.insert(SlotId::principal(), EntityUID::with_eid("p"));
         vals.insert(SlotId::resource(), EntityUID::with_eid("a"));
 
-        s.link(tid.clone(), lid.clone(), vals).expect("Should link");
+        s.link(tid.clone(), lid.clone(), vals, HashMap::new(), None)
+            .expect("Should link");
 
         let v: Vec<_> = s.policies().collect();
 
@@ -987,6 +1368,7 @@ mod test {
             id.clone(),
             None,
             Annotations::new(),
+            GeneralizedSlotsAnnotation::new(),
             Effect::Forbid,
             PrincipalConstraint::any(),
             ActionConstraint::any(),
@@ -1016,6 +1398,7 @@ mod test {
             template_id.clone(),
             None,
             Annotations::new(),
+            GeneralizedSlotsAnnotation::new(),
             Effect::Forbid,
             PrincipalConstraint::is_eq_slot(),
             ActionConstraint::any(),
@@ -1027,8 +1410,14 @@ mod test {
         let mut v = HashMap::new();
         let entity = EntityUID::with_eid("eid");
         v.insert(SlotId::principal(), entity.clone());
-        s.link(template_id.clone(), link_id.clone(), v)
-            .expect("Linking failed!");
+        s.link(
+            template_id.clone(),
+            link_id.clone(),
+            v,
+            HashMap::new(),
+            None,
+        )
+        .expect("Linking failed!");
 
         let link = s.get(&link_id).expect("Link should exist");
         assert_eq!(&link_id, link.id());
@@ -1051,6 +1440,7 @@ mod test {
             id1.clone(),
             None,
             Annotations::new(),
+            GeneralizedSlotsAnnotation::new(),
             Effect::Permit,
             PrincipalConstraint::any(),
             ActionConstraint::any(),
@@ -1062,6 +1452,7 @@ mod test {
             tid1.clone(),
             None,
             Annotations::new(),
+            GeneralizedSlotsAnnotation::new(),
             Effect::Permit,
             PrincipalConstraint::any(),
             ActionConstraint::any(),
@@ -1082,6 +1473,7 @@ mod test {
             id2.clone(),
             None,
             Annotations::new(),
+            GeneralizedSlotsAnnotation::new(),
             Effect::Forbid,
             PrincipalConstraint::is_eq(Arc::new(EntityUID::with_eid("jane"))),
             ActionConstraint::any(),
@@ -1097,6 +1489,7 @@ mod test {
             tid2.clone(),
             None,
             Annotations::new(),
+            GeneralizedSlotsAnnotation::new(),
             Effect::Permit,
             PrincipalConstraint::is_eq_slot(),
             ActionConstraint::any(),
@@ -1111,6 +1504,8 @@ mod test {
             tid2.clone(),
             id3.clone(),
             HashMap::from([(SlotId::principal(), EntityUID::with_eid("example"))]),
+            HashMap::new(),
+            None,
         );
         r.expect("Linking failed");
 
diff --git a/cedar-policy-core/src/authorizer.rs b/cedar-policy-core/src/authorizer.rs
index c332a6787f..aa8edbc0a2 100644
--- a/cedar-policy-core/src/authorizer.rs
+++ b/cedar-policy-core/src/authorizer.rs
@@ -277,6 +277,7 @@ mod test {
             pid,
             None,
             Annotations::new(),
+            GeneralizedSlotsAnnotation::new(),
             e,
             PrincipalConstraint::any(),
             ActionConstraint::any(),
@@ -293,6 +294,7 @@ mod test {
             pid,
             None,
             Annotations::new(),
+            GeneralizedSlotsAnnotation::new(),
             effect,
             PrincipalConstraint::any(),
             ActionConstraint::any(),
diff --git a/cedar-policy-core/src/entities/json/value.rs b/cedar-policy-core/src/entities/json/value.rs
index 3ee5568acc..8893b20176 100644
--- a/cedar-policy-core/src/entities/json/value.rs
+++ b/cedar-policy-core/src/entities/json/value.rs
@@ -135,6 +135,31 @@ impl<'de> Deserialize<'de> for CedarValueJson {
     }
 }
 
+impl<'de> DeserializeAs<'de, RestrictedExpr> for CedarValueJson {
+    fn deserialize_as<D>(deserializer: D) -> Result<RestrictedExpr, D::Error>
+    where
+        D: serde::Deserializer<'de>,
+    {
+        use serde::de::Error;
+        // We don't know the context that called us, so we'll rely on the statically set context
+        let context = || JsonDeserializationErrorContext::Unknown;
+        let cedar_value_json = CedarValueJson::deserialize(deserializer)?;
+        let restricted_expr = cedar_value_json.into_expr(context).map_err(Error::custom)?;
+        Ok(restricted_expr)
+    }
+}
+
+impl SerializeAs<RestrictedExpr> for CedarValueJson {
+    fn serialize_as<S>(source: &RestrictedExpr, serializer: S) -> Result<S::Ok, S::Error>
+    where
+        S: serde::Serializer,
+    {
+        use serde::ser::Error;
+        let json = CedarValueJson::from_expr(source.as_borrowed()).map_err(Error::custom)?;
+        json.serialize(serializer)
+    }
+}
+
 impl From<RawCedarValueJson> for CedarValueJson {
     fn from(value: RawCedarValueJson) -> Self {
         match value {
@@ -425,6 +450,19 @@ impl CedarValueJson {
         }
     }
 
+    /// Convert a `CedarValueJson` into a `EntityUidJson`
+    pub fn into_entity_euid_json(self) -> Result<EntityUidJson, JsonDeserializationError> {
+        let expr = self.into_expr(|| JsonDeserializationErrorContext::Unknown)?;
+        let euid = expr
+            .as_euid()
+            .ok_or(JsonDeserializationError::expected_entity_ref(
+                JsonDeserializationErrorContext::Unknown,
+                Either::Right(expr.clone().into()),
+            ))?;
+
+        Ok(EntityUidJson::from(euid))
+    }
+
     /// Convert a Cedar value into a `CedarValueJson`.
     ///
     /// Only throws errors in two cases:
diff --git a/cedar-policy-core/src/est.rs b/cedar-policy-core/src/est.rs
index fbfd55f52f..7f297a65e4 100644
--- a/cedar-policy-core/src/est.rs
+++ b/cedar-policy-core/src/est.rs
@@ -28,11 +28,11 @@ mod annotation;
 pub use annotation::*;
 
 use crate::ast::EntityUID;
-use crate::ast::{self, Annotation};
-use crate::entities::json::{err::JsonDeserializationError, EntityUidJson};
+use crate::ast::{self, Annotation, GeneralizedSlotsAnnotation};
+use crate::entities::json::{err::JsonDeserializationError, CedarValueJson, EntityUidJson};
 use crate::expr_builder::ExprBuilder;
 use crate::parser::err::{parse_errors, ParseErrors, ToASTError, ToASTErrorKind};
-use crate::parser::util::{flatten_tuple_2, flatten_tuple_4};
+use crate::parser::util::{flatten_tuple_2, flatten_tuple_5};
 #[cfg(feature = "tolerant-ast")]
 use crate::parser::Loc;
 use crate::parser::{cst, IntoMaybeLoc};
@@ -70,6 +70,9 @@ pub struct Policy {
     #[serde(default)]
     #[serde(skip_serializing_if = "Annotations::is_empty")]
     annotations: Annotations,
+    #[serde(default)]
+    #[serde(skip_serializing_if = "GeneralizedSlotsAnnotation::is_empty")]
+    generalized_slots_annotation: GeneralizedSlotsAnnotation,
 }
 
 /// Serde JSON structure for a `when` or `unless` clause in the EST format
@@ -91,18 +94,23 @@ impl Policy {
     /// error if `vals` doesn't contain a necessary mapping, but does not throw
     /// an error if `vals` contains unused mappings -- and in particular if
     /// `self` is an inline policy (in which case it is returned unchanged).
-    pub fn link(self, vals: &HashMap<ast::SlotId, EntityUidJson>) -> Result<Self, LinkingError> {
+    pub fn link(
+        self,
+        vals: &HashMap<ast::SlotId, EntityUidJson>,
+        generalized_vals: &HashMap<ast::SlotId, CedarValueJson>,
+    ) -> Result<Self, LinkingError> {
         Ok(Policy {
             effect: self.effect,
-            principal: self.principal.link(vals)?,
+            principal: self.principal.link(vals, generalized_vals)?,
             action: self.action.link(vals)?,
-            resource: self.resource.link(vals)?,
+            resource: self.resource.link(vals, generalized_vals)?,
             conditions: self
                 .conditions
                 .into_iter()
-                .map(|clause| clause.link(vals))
+                .map(|clause| clause.link(vals, generalized_vals))
                 .collect::<Result<Vec<_>, _>>()?,
             annotations: self.annotations,
+            generalized_slots_annotation: GeneralizedSlotsAnnotation::new(),
         })
     }
 
@@ -122,6 +130,7 @@ impl Policy {
                 .map(|clause| clause.sub_entity_literals(mapping))
                 .collect::<Result<Vec<_>, _>>()?,
             annotations: self.annotations,
+            generalized_slots_annotation: self.generalized_slots_annotation,
         })
     }
 
@@ -138,9 +147,15 @@ impl Clause {
     /// Fill in any slots in the clause using the values in `vals`. Throws an
     /// error if `vals` doesn't contain a necessary mapping, but does not throw
     /// an error if `vals` contains unused mappings.
-    pub fn link(self, _vals: &HashMap<ast::SlotId, EntityUidJson>) -> Result<Self, LinkingError> {
-        // currently, slots are not allowed in clauses
-        Ok(self)
+    pub fn link(
+        self,
+        vals: &HashMap<ast::SlotId, EntityUidJson>,
+        generalized_vals: &HashMap<ast::SlotId, CedarValueJson>,
+    ) -> Result<Self, LinkingError> {
+        match self {
+            Clause::When(e) => Ok(Clause::When(e.link(vals, generalized_vals)?)),
+            Clause::Unless(e) => Ok(Clause::Unless(e.link(vals, generalized_vals)?)),
+        }
     }
 
     /// Substitute entity literals
@@ -157,8 +172,10 @@ impl Clause {
 
     /// Returns true if this clause has a slot.
     pub fn has_slot(&self) -> bool {
-        // currently, slots are not allowed in clauses
-        false
+        match self {
+            Clause::When(e) => e.has_slot(),
+            Clause::Unless(e) => e.has_slot(),
+        }
     }
 }
 
@@ -184,6 +201,28 @@ impl TryFrom<cst::Policy> for Policy {
                 loc: l.into_maybe_loc(),
             })
         });
+
+        let (contains_slot_in_principal, contains_slot_in_resource) = match &maybe_scope {
+            Ok((p, _, r)) => (p.has_slot(), r.has_slot()),
+            Err(_) => (false, false),
+        };
+
+        let cond_slots = policy
+            .conds
+            .iter()
+            .filter_map(|c| match c.to_expr::<ast::ExprBuilder<()>>() {
+                Ok((e, _)) => Some(e),
+                Err(_) => None,
+            })
+            .flat_map(|e| e.slots().collect::<Vec<ast::Slot>>())
+            .collect();
+
+        let maybe_generalized_slots_annotation = policy.get_generalized_slots_annotation(
+            contains_slot_in_principal,
+            contains_slot_in_resource,
+            cond_slots,
+        );
+
         let maybe_conditions = ParseErrors::transpose(policy.conds.into_iter().map(|node| {
             let (cond, loc) = node.into_inner();
             let cond = cond.ok_or_else(|| {
@@ -192,9 +231,16 @@ impl TryFrom<cst::Policy> for Policy {
             cond.try_into()
         }));
 
-        let (effect, annotations, (principal, action, resource), conditions) = flatten_tuple_4(
+        let (
+            effect,
+            annotations,
+            generalized_slots_annotation,
+            (principal, action, resource),
+            conditions,
+        ) = flatten_tuple_5(
             maybe_effect,
             maybe_annotations,
+            maybe_generalized_slots_annotation,
             maybe_scope,
             maybe_conditions,
         )?;
@@ -205,6 +251,7 @@ impl TryFrom<cst::Policy> for Policy {
             resource: resource.into(),
             conditions,
             annotations: Annotations(annotations),
+            generalized_slots_annotation,
         })
     }
 }
@@ -302,6 +349,7 @@ impl Policy {
                     )
                 })
                 .collect(),
+            self.generalized_slots_annotation,
             self.effect,
             self.principal.try_into()?,
             self.action.try_into()?,
@@ -352,6 +400,10 @@ impl From<ast::Policy> for Policy {
                     .map(|(k, v)| (k.clone(), Some(v.clone())))
                     .collect(),
             ),
+            generalized_slots_annotation: ast
+                .generalized_slots_annotation()
+                .map(|(k, v)| (k.clone(), v.clone()))
+                .collect(),
         }
     }
 }
@@ -373,6 +425,10 @@ impl From<ast::Template> for Policy {
                     .map(|(k, v)| (k.clone(), Some(v.clone())))
                     .collect(),
             ),
+            generalized_slots_annotation: ast
+                .generalized_slots_annotation()
+                .map(|(k, v)| (k.clone(), v.clone()))
+                .collect(),
         }
     }
 }
@@ -392,6 +448,17 @@ impl std::fmt::Display for Policy {
             }
             writeln!(f)?;
         }
+        if self.generalized_slots_annotation.iter().count() > 0 {
+            write!(
+                f,
+                "template({}) => ",
+                self.generalized_slots_annotation
+                    .iter()
+                    .map(|(k, v)| format!("{}: {}", k, v))
+                    .collect::<Vec<String>>()
+                    .join(", ")
+            )?;
+        }
         write!(
             f,
             "{}({}, {}, {})",
@@ -747,6 +814,71 @@ mod test {
         );
     }
 
+    #[test]
+    fn roundtrip_generalized_slots_annotations_1() {
+        let policy = r#"
+        template(?age: Long, ?test: Long) => 
+        permit(principal, 
+        action, 
+        resource) 
+        when 
+        { ?age == ?test };"#;
+        let cst = parser::text_to_cst::parse_policy(policy)
+            .unwrap()
+            .node
+            .unwrap();
+        let est: Policy = cst.try_into().unwrap();
+        let expected_json = json!(
+            {
+                "effect": "permit",
+                "principal": {
+                    "op": "All",
+                },
+                "action": {
+                    "op": "All",
+                },
+                "resource": {
+                    "op": "All",
+                },
+                "conditions": [{
+                    "kind": "when",
+                    "body": {
+                        "==": {
+                        "left": {
+                            "Slot": "?age"
+                        },
+                        "right": {
+                            "Slot": "?test"
+                        }
+                        }
+                    }
+                }],
+                "generalized_slots_annotation": {
+                    "?age": {
+                        "type": "EntityOrCommon",
+                        "name": "Long"
+                    },
+                    "?test": {
+                        "type": "EntityOrCommon",
+                        "name": "Long"
+                    },
+                }
+            }
+        );
+        assert_eq!(
+            serde_json::to_value(&est).unwrap(),
+            expected_json,
+            "\nExpected:\n{}\n\nActual:\n{}\n\n",
+            serde_json::to_string_pretty(&expected_json).unwrap(),
+            serde_json::to_string_pretty(&est).unwrap()
+        );
+        let old_est = est.clone();
+        let roundtripped = est_roundtrip(est);
+        assert_eq!(&old_est, &roundtripped);
+        let est = text_roundtrip(&old_est);
+        assert_eq!(&old_est, &est);
+    }
+
     /// Test that we can use Cedar reserved words like `if` and `has` as annotation keys
     #[test]
     fn reserved_words_as_annotations() {
@@ -3239,7 +3371,7 @@ mod test {
         let est: Policy = cst.try_into().unwrap();
         let err = est
             .clone()
-            .link(&HashMap::from_iter([]))
+            .link(&HashMap::from_iter([]), &HashMap::from_iter([]))
             .expect_err("didn't fill all the slots");
         expect_err(
             "",
@@ -3251,10 +3383,13 @@ mod test {
         );
         let err = est
             .clone()
-            .link(&HashMap::from_iter([(
-                ast::SlotId::principal(),
-                EntityUidJson::new("XYZCorp::User", "12UA45"),
-            )]))
+            .link(
+                &HashMap::from_iter([(
+                    ast::SlotId::principal(),
+                    EntityUidJson::new("XYZCorp::User", "12UA45"),
+                )]),
+                &HashMap::from_iter([]),
+            )
             .expect_err("didn't fill all the slots");
         expect_err(
             "",
@@ -3265,13 +3400,16 @@ mod test {
             .build(),
         );
         let linked = est
-            .link(&HashMap::from_iter([
-                (
-                    ast::SlotId::principal(),
-                    EntityUidJson::new("XYZCorp::User", "12UA45"),
-                ),
-                (ast::SlotId::resource(), EntityUidJson::new("Folder", "abc")),
-            ]))
+            .link(
+                &HashMap::from_iter([
+                    (
+                        ast::SlotId::principal(),
+                        EntityUidJson::new("XYZCorp::User", "12UA45"),
+                    ),
+                    (ast::SlotId::resource(), EntityUidJson::new("Folder", "abc")),
+                ]),
+                &HashMap::from_iter([]),
+            )
             .expect("did fill all the slots");
         let expected_json = json!(
             {
@@ -4265,7 +4403,9 @@ mod test {
                 .node
                 .unwrap();
             let est: Policy = cst.try_into().unwrap();
-            let err = est.clone().link(&HashMap::from_iter([]));
+            let err = est
+                .clone()
+                .link(&HashMap::from_iter([]), &HashMap::from_iter([]));
             assert_matches!(
                 err,
                 Err(e) => {
@@ -4277,10 +4417,13 @@ mod test {
                     );
                 }
             );
-            let err = est.clone().link(&HashMap::from_iter([(
-                ast::SlotId::principal(),
-                EntityUidJson::new("User", "alice"),
-            )]));
+            let err = est.clone().link(
+                &HashMap::from_iter([(
+                    ast::SlotId::principal(),
+                    EntityUidJson::new("User", "alice"),
+                )]),
+                &HashMap::from_iter([]),
+            );
             assert_matches!(
                 err,
                 Err(e) => {
@@ -4293,13 +4436,16 @@ mod test {
                 }
             );
             let linked = est
-                .link(&HashMap::from_iter([
-                    (
-                        ast::SlotId::principal(),
-                        EntityUidJson::new("User", "alice"),
-                    ),
-                    (ast::SlotId::resource(), EntityUidJson::new("Folder", "abc")),
-                ]))
+                .link(
+                    &HashMap::from_iter([
+                        (
+                            ast::SlotId::principal(),
+                            EntityUidJson::new("User", "alice"),
+                        ),
+                        (ast::SlotId::resource(), EntityUidJson::new("Folder", "abc")),
+                    ]),
+                    &HashMap::from_iter([]),
+                )
                 .expect("did fill all the slots");
             let expected_json = json!(
                 {
@@ -4338,7 +4484,7 @@ mod test {
                 .node
                 .unwrap();
             let est: Policy = cst.try_into().unwrap();
-            let linked = est.link(&HashMap::new()).unwrap();
+            let linked = est.link(&HashMap::new(), &HashMap::new()).unwrap();
             let expected_json = json!(
                 {
                     "effect": "permit",
@@ -4689,6 +4835,95 @@ mod test {
         let est: Policy = cst.try_into().unwrap();
         assert!(!est.is_template(), "Static policy marked as template");
     }
+
+    mod generalized_templates {
+
+        use super::*;
+
+        #[test]
+        fn is_template_generalized_slots_in_condition() {
+            let template = r#"
+            template(?age: Long) => 
+            permit(
+                principal,
+                action == Action::"view",
+                resource
+            ) when {
+                ?age == 8
+            };
+        "#;
+            let cst = parser::text_to_cst::parse_policy(template)
+                .unwrap()
+                .node
+                .unwrap();
+            let est: Policy = cst.try_into().unwrap();
+
+            assert!(
+                est.is_template(),
+                "Policy with age slot not marked as template"
+            );
+        }
+
+        #[test]
+        fn link_with_generalized_template_1() {
+            let template = r#"
+            template(?slot: Bool) =>
+            permit(
+                principal,
+                action == Action::"view",
+                resource 
+            ) when {
+                ?slot 
+            };"#;
+            let cst = parser::text_to_cst::parse_policy(template)
+                .unwrap()
+                .node
+                .unwrap();
+            let est: Policy = cst.try_into().unwrap();
+            let linked = est
+                .clone()
+                .link(
+                    &HashMap::from_iter([]),
+                    &HashMap::from_iter([(
+                        ast::SlotId::generalized_slot("slot".parse().unwrap()),
+                        CedarValueJson::Bool(true),
+                    )]),
+                )
+                .expect("did fill all the slots");
+
+            let expected_json = json!(
+                {
+                    "effect": "permit",
+                    "principal": {
+                        "op": "All",
+                    },
+                    "action": {
+                        "op": "==",
+                        "entity": { "type": "Action", "id": "view" },
+                    },
+                    "resource": {
+                        "op": "All",
+                    },
+                    "conditions": [
+                        {
+                            "kind": "when",
+                            "body": {
+                                "Value": true
+                            }
+                        }
+                    ],
+                }
+            );
+            let linked_json = serde_json::to_value(linked).unwrap();
+            assert_eq!(
+                linked_json,
+                expected_json,
+                "\nExpected:\n{}\n\nActual:\n{}\n\n",
+                serde_json::to_string_pretty(&expected_json).unwrap(),
+                serde_json::to_string_pretty(&linked_json).unwrap(),
+            );
+        }
+    }
 }
 
 #[cfg(test)]
diff --git a/cedar-policy-core/src/est/err.rs b/cedar-policy-core/src/est/err.rs
index 2a6af4ff87..ce7d155a24 100644
--- a/cedar-policy-core/src/est/err.rs
+++ b/cedar-policy-core/src/est/err.rs
@@ -15,7 +15,7 @@
  */
 
 use crate::ast;
-use crate::entities::json::err::JsonDeserializationError;
+use crate::entities::json::err::{JsonDeserializationError, JsonSerializationError};
 use crate::parser::err::{parse_errors, ParseErrors};
 use crate::parser::unescape;
 use miette::Diagnostic;
@@ -104,7 +104,7 @@ pub enum PolicySetFromJsonError {
 }
 
 /// Errors while linking a policy
-#[derive(Debug, PartialEq, Eq, Diagnostic, Error)]
+#[derive(Debug, Diagnostic, Error)]
 pub enum LinkingError {
     /// Template contains this slot, but a value wasn't provided for it
     #[error("failed to link template: no value provided for `{slot}`")]
@@ -112,6 +112,22 @@ pub enum LinkingError {
         /// Slot which didn't have a value provided for it
         slot: ast::SlotId,
     },
+
+    /// Value provided was unable to be deserialized
+    #[error(transparent)]
+    #[diagnostic(transparent)]
+    UnableToDeserializeJSONValueProvided(#[from] JsonDeserializationError),
+
+    /// Value provided was unable to be serialized
+    #[error(transparent)]
+    #[diagnostic(transparent)]
+    UnableToSerializeJSONValueProvided(#[from] JsonSerializationError),
+
+    /// The template provided has an error node in an AST
+    #[error(transparent)]
+    #[diagnostic(transparent)]
+    #[cfg(feature = "tolerant-ast")]
+    InvalidTemplate(#[from] FromJsonError),
 }
 
 impl From<ast::UnexpectedSlotError> for FromJsonError {
diff --git a/cedar-policy-core/src/est/expr.rs b/cedar-policy-core/src/est/expr.rs
index 2c58dee7ed..90bdc6eecb 100644
--- a/cedar-policy-core/src/est/expr.rs
+++ b/cedar-policy-core/src/est/expr.rs
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-use super::FromJsonError;
+use super::{FromJsonError, LinkingError};
 #[cfg(feature = "tolerant-ast")]
 use crate::ast::expr_allows_errors::AstExprErrorKind;
 #[cfg(feature = "tolerant-ast")]
@@ -22,7 +22,7 @@ use crate::ast::Infallible;
 use crate::ast::{self, BoundedDisplay, EntityUID};
 use crate::entities::json::{
     err::EscapeKind, err::JsonDeserializationError, err::JsonDeserializationErrorContext,
-    CedarValueJson, FnAndArg,
+    CedarValueJson, EntityUidJson, FnAndArg,
 };
 use crate::expr_builder::ExprBuilder;
 use crate::extensions::Extensions;
@@ -1060,6 +1060,265 @@ impl Expr {
             Expr::ExprNoExt(ExprNoExt::Error(_)) => Err(FromJsonError::ASTErrorNode),
         }
     }
+
+    /// Returns true if expr has a slot.
+    pub fn has_slot(&self) -> bool {
+        match self {
+            Expr::ExprNoExt(ExprNoExt::Value(..)) => false,
+            Expr::ExprNoExt(ExprNoExt::Var(..)) => false,
+            Expr::ExprNoExt(ExprNoExt::Slot(..)) => true,
+            Expr::ExprNoExt(ExprNoExt::Not { arg }) => arg.has_slot(),
+            Expr::ExprNoExt(ExprNoExt::Neg { arg }) => arg.has_slot(),
+            Expr::ExprNoExt(ExprNoExt::Eq { left, right }) => left.has_slot() || right.has_slot(),
+            Expr::ExprNoExt(ExprNoExt::NotEq { left, right }) => {
+                left.has_slot() || right.has_slot()
+            }
+            Expr::ExprNoExt(ExprNoExt::In { left, right }) => left.has_slot() || right.has_slot(),
+            Expr::ExprNoExt(ExprNoExt::Less { left, right }) => left.has_slot() || right.has_slot(),
+            Expr::ExprNoExt(ExprNoExt::LessEq { left, right }) => {
+                left.has_slot() || right.has_slot()
+            }
+            Expr::ExprNoExt(ExprNoExt::Greater { left, right }) => {
+                left.has_slot() || right.has_slot()
+            }
+            Expr::ExprNoExt(ExprNoExt::GreaterEq { left, right }) => {
+                left.has_slot() || right.has_slot()
+            }
+            Expr::ExprNoExt(ExprNoExt::And { left, right }) => left.has_slot() || right.has_slot(),
+            Expr::ExprNoExt(ExprNoExt::Or { left, right }) => left.has_slot() || right.has_slot(),
+            Expr::ExprNoExt(ExprNoExt::Add { left, right }) => left.has_slot() || right.has_slot(),
+            Expr::ExprNoExt(ExprNoExt::Sub { left, right }) => left.has_slot() || right.has_slot(),
+            Expr::ExprNoExt(ExprNoExt::Mul { left, right }) => left.has_slot() || right.has_slot(),
+            Expr::ExprNoExt(ExprNoExt::Contains { left, right }) => {
+                left.has_slot() || right.has_slot()
+            }
+            Expr::ExprNoExt(ExprNoExt::ContainsAll { left, right }) => {
+                left.has_slot() || right.has_slot()
+            }
+            Expr::ExprNoExt(ExprNoExt::ContainsAny { left, right }) => {
+                left.has_slot() || right.has_slot()
+            }
+            Expr::ExprNoExt(ExprNoExt::IsEmpty { arg }) => arg.has_slot(),
+            Expr::ExprNoExt(ExprNoExt::GetTag { left, right }) => {
+                left.has_slot() || right.has_slot()
+            }
+            Expr::ExprNoExt(ExprNoExt::HasTag { left, right }) => {
+                left.has_slot() || right.has_slot()
+            }
+            Expr::ExprNoExt(ExprNoExt::GetAttr { left, .. }) => left.has_slot(),
+            Expr::ExprNoExt(ExprNoExt::HasAttr { left, .. }) => left.has_slot(),
+            Expr::ExprNoExt(ExprNoExt::Like { left, .. }) => left.has_slot(),
+            Expr::ExprNoExt(ExprNoExt::Is { left, in_expr, .. }) => match in_expr {
+                Some(right) => left.has_slot() || right.has_slot(),
+                None => left.has_slot(),
+            },
+            Expr::ExprNoExt(ExprNoExt::If {
+                cond_expr,
+                then_expr,
+                else_expr,
+            }) => cond_expr.has_slot() || then_expr.has_slot() || else_expr.has_slot(),
+            Expr::ExprNoExt(ExprNoExt::Set(elements)) => {
+                elements.iter().any(|expr| expr.has_slot())
+            }
+            Expr::ExprNoExt(ExprNoExt::Record(map)) => map
+                .iter()
+                .fold(false, |init, (_, expr)| init || expr.has_slot()),
+            Expr::ExtFuncCall(ExtFuncCall { call }) => call.iter().fold(false, |init, (_, v)| {
+                init || (v.iter().any(|expr| expr.has_slot()))
+            }),
+            #[cfg(feature = "tolerant-ast")]
+            Expr::ExprNoExt(ExprNoExt::Error(_)) => false,
+        }
+    }
+
+    /// Instantiate all the slots in an expression with their values
+    pub fn link(
+        self,
+        vals: &HashMap<ast::SlotId, EntityUidJson>,
+        generalized_vals: &HashMap<ast::SlotId, CedarValueJson>,
+    ) -> Result<Self, LinkingError> {
+        match self {
+            Expr::ExprNoExt(e) => match e {
+                value @ ExprNoExt::Value(..) => Ok(Expr::ExprNoExt(value)),
+                var @ ExprNoExt::Var(_) => Ok(Expr::ExprNoExt(var)),
+                ExprNoExt::Slot(slot) => {
+                    if slot.is_generalized_slot() {
+                        match generalized_vals.get(&slot) {
+                            Some(v) => Ok(Expr::ExprNoExt(ExprNoExt::Value(v.clone()))),
+                            None => Err(LinkingError::MissedSlot { slot }),
+                        }
+                    } else {
+                        match vals.get(&slot) {
+                            Some(e) => {
+                                let literal = CedarValueJson::from_lit(
+                                    e.clone()
+                                        .into_euid(|| JsonDeserializationErrorContext::Unknown)?
+                                        .into(),
+                                );
+                                Ok(Expr::ExprNoExt(ExprNoExt::Value(literal)))
+                            }
+                            None => Err(LinkingError::MissedSlot { slot }),
+                        }
+                    }
+                }
+                ExprNoExt::Not { arg } => Ok(Expr::ExprNoExt(ExprNoExt::Not {
+                    arg: Arc::new(Arc::unwrap_or_clone(arg).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::Neg { arg } => Ok(Expr::ExprNoExt(ExprNoExt::Neg {
+                    arg: Arc::new(Arc::unwrap_or_clone(arg).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::Eq { left, right } => Ok(Expr::ExprNoExt(ExprNoExt::Eq {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::NotEq { left, right } => Ok(Expr::ExprNoExt(ExprNoExt::NotEq {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::In { left, right } => Ok(Expr::ExprNoExt(ExprNoExt::In {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::Less { left, right } => Ok(Expr::ExprNoExt(ExprNoExt::Less {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::LessEq { left, right } => Ok(Expr::ExprNoExt(ExprNoExt::LessEq {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::Greater { left, right } => Ok(Expr::ExprNoExt(ExprNoExt::Greater {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::GreaterEq { left, right } => Ok(Expr::ExprNoExt(ExprNoExt::GreaterEq {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::And { left, right } => Ok(Expr::ExprNoExt(ExprNoExt::And {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::Or { left, right } => Ok(Expr::ExprNoExt(ExprNoExt::Or {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::Add { left, right } => Ok(Expr::ExprNoExt(ExprNoExt::Add {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::Sub { left, right } => Ok(Expr::ExprNoExt(ExprNoExt::Sub {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::Mul { left, right } => Ok(Expr::ExprNoExt(ExprNoExt::Mul {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::Contains { left, right } => Ok(Expr::ExprNoExt(ExprNoExt::Contains {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::ContainsAll { left, right } => {
+                    Ok(Expr::ExprNoExt(ExprNoExt::ContainsAll {
+                        left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                        right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                    }))
+                }
+                ExprNoExt::ContainsAny { left, right } => {
+                    Ok(Expr::ExprNoExt(ExprNoExt::ContainsAny {
+                        left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                        right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                    }))
+                }
+                ExprNoExt::IsEmpty { arg } => Ok(Expr::ExprNoExt(ExprNoExt::IsEmpty {
+                    arg: Arc::new(Arc::unwrap_or_clone(arg).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::GetTag { left, right } => Ok(Expr::ExprNoExt(ExprNoExt::GetTag {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::HasTag { left, right } => Ok(Expr::ExprNoExt(ExprNoExt::HasTag {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::GetAttr { left, attr } => Ok(Expr::ExprNoExt(ExprNoExt::GetAttr {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    attr,
+                })),
+                ExprNoExt::HasAttr { left, attr } => Ok(Expr::ExprNoExt(ExprNoExt::HasAttr {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    attr,
+                })),
+                ExprNoExt::Like { left, pattern } => Ok(Expr::ExprNoExt(ExprNoExt::Like {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    pattern,
+                })),
+                ExprNoExt::Is {
+                    left,
+                    entity_type,
+                    in_expr,
+                } => match in_expr {
+                    Some(in_expr) => Ok(Expr::ExprNoExt(ExprNoExt::Is {
+                        left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                        entity_type,
+                        in_expr: Some(Arc::new(
+                            Arc::unwrap_or_clone(in_expr).link(vals, generalized_vals)?,
+                        )),
+                    })),
+                    None => Ok(Expr::ExprNoExt(ExprNoExt::Is {
+                        left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                        entity_type,
+                        in_expr: None,
+                    })),
+                },
+                ExprNoExt::If {
+                    cond_expr,
+                    then_expr,
+                    else_expr,
+                } => Ok(Expr::ExprNoExt(ExprNoExt::If {
+                    cond_expr: Arc::new(
+                        Arc::unwrap_or_clone(cond_expr).link(vals, generalized_vals)?,
+                    ),
+                    then_expr: Arc::new(
+                        Arc::unwrap_or_clone(then_expr).link(vals, generalized_vals)?,
+                    ),
+                    else_expr: Arc::new(
+                        Arc::unwrap_or_clone(else_expr).link(vals, generalized_vals)?,
+                    ),
+                })),
+                ExprNoExt::Set(v) => {
+                    let mut new_v = vec![];
+                    for e in v {
+                        new_v.push(e.link(vals, generalized_vals)?);
+                    }
+                    Ok(Expr::ExprNoExt(ExprNoExt::Set(new_v)))
+                }
+                ExprNoExt::Record(m) => {
+                    let mut new_m = BTreeMap::new();
+                    for (k, v) in m {
+                        new_m.insert(k, v.link(vals, generalized_vals)?);
+                    }
+                    Ok(Expr::ExprNoExt(ExprNoExt::Record(new_m)))
+                }
+                #[cfg(feature = "tolerant-ast")]
+                ExprNoExt::Error(_) => {
+                    Err(LinkingError::InvalidTemplate(FromJsonError::ASTErrorNode))
+                }
+            },
+            Expr::ExtFuncCall(e_fn_call) => {
+                let mut new_m = HashMap::new();
+                for (k, v) in e_fn_call.call {
+                    let mut new_v = vec![];
+                    for e in v {
+                        new_v.push(e.link(vals, generalized_vals)?);
+                    }
+                    new_m.insert(k, new_v);
+                }
+                Ok(Expr::ExtFuncCall(ExtFuncCall { call: new_m }))
+            }
+        }
+    }
 }
 
 impl From<ast::Literal> for Expr {
diff --git a/cedar-policy-core/src/est/policy_set.rs b/cedar-policy-core/src/est/policy_set.rs
index 899cd1a719..3d61399cdd 100644
--- a/cedar-policy-core/src/est/policy_set.rs
+++ b/cedar-policy-core/src/est/policy_set.rs
@@ -16,9 +16,11 @@
 
 use super::Policy;
 use super::PolicySetFromJsonError;
+use crate::ast::RestrictedExpr;
 use crate::ast::{self, EntityUID, PolicyID, SlotId};
 use crate::entities::json::err::JsonDeserializationErrorContext;
 use crate::entities::json::EntityUidJson;
+use crate::entities::CedarValueJson;
 use crate::parser::cst::Policies;
 use crate::parser::err::ParseErrors;
 use crate::parser::Node;
@@ -56,9 +58,25 @@ impl PolicySet {
             .filter_map(|link| {
                 if &link.new_id == id {
                     self.get_template(&link.template_id).and_then(|template| {
-                        let unwrapped_est_vals: HashMap<SlotId, EntityUidJson> =
-                            link.values.iter().map(|(k, v)| (*k, v.into())).collect();
-                        template.link(&unwrapped_est_vals).ok()
+                        let unwrapped_est_vals: HashMap<SlotId, EntityUidJson> = link
+                            .values
+                            .iter()
+                            .map(|(k, v)| (k.clone(), v.into()))
+                            .collect();
+                        let unwrapped_est_generalized_vals: HashMap<SlotId, CedarValueJson> = link
+                            .generalized_values
+                            .iter()
+                            .map(|(k, v)| {
+                                (
+                                    k.clone(),
+                                    #[allow(clippy::expect_used)]
+                                    CedarValueJson::from_expr(v.as_borrowed()).expect("Conversion should only be done if policyset is well formed"),
+                                )
+                            })
+                            .collect();
+                        template
+                            .link(&unwrapped_est_vals, &unwrapped_est_generalized_vals)
+                            .ok()
                     })
                 } else {
                     None
@@ -90,7 +108,12 @@ pub struct TemplateLink {
     pub new_id: PolicyID,
     /// Mapping between slots and entity uids
     #[serde_as(as = "serde_with::MapPreventDuplicates<_,EntityUidJson<TemplateLinkContext>>")]
+    #[serde(default)]
     pub values: HashMap<SlotId, EntityUID>,
+    /// Mapping between generalized slots and restricted expr
+    #[serde_as(as = "serde_with::MapPreventDuplicates<_,CedarValueJson>")]
+    #[serde(default)]
+    pub generalized_values: HashMap<SlotId, RestrictedExpr>,
 }
 
 /// Statically set the deserialization error context to be deserialization of a template link
@@ -122,9 +145,16 @@ impl TryFrom<PolicySet> for ast::PolicySet {
             template_id,
             new_id,
             values,
+            generalized_values,
         } in value.template_links
         {
-            ast_pset.link(template_id, new_id, values)?;
+            ast_pset.link(
+                template_id,
+                new_id.clone(),
+                values,
+                generalized_values,
+                None,
+            )?;
         }
 
         Ok(ast_pset)
diff --git a/cedar-policy-core/src/est/scope_constraints.rs b/cedar-policy-core/src/est/scope_constraints.rs
index df4fb7fe15..78236a6637 100644
--- a/cedar-policy-core/src/est/scope_constraints.rs
+++ b/cedar-policy-core/src/est/scope_constraints.rs
@@ -20,6 +20,7 @@ use crate::ast::EntityUID;
 use crate::entities::json::{
     err::JsonDeserializationError, err::JsonDeserializationErrorContext, EntityUidJson,
 };
+use crate::entities::CedarValueJson;
 use crate::parser::err::parse_errors;
 use serde::{Deserialize, Serialize};
 use smol_str::{SmolStr, ToSmolStr};
@@ -168,11 +169,32 @@ pub enum ActionInConstraint {
     },
 }
 
+pub(crate) fn get_entity_uid_json_for_slot_in_scope(
+    slot: ast::SlotId,
+    vals: &HashMap<ast::SlotId, EntityUidJson>,
+    generalized_vals: &HashMap<ast::SlotId, CedarValueJson>,
+) -> Result<EntityUidJson, LinkingError> {
+    if slot.is_generalized_slot() {
+        match generalized_vals.get(&slot) {
+            Some(value) => Ok(value.clone().into_entity_euid_json()?),
+            None => Err(LinkingError::MissedSlot { slot }),
+        }
+    } else {
+        vals.get(&slot)
+            .ok_or(LinkingError::MissedSlot { slot })
+            .cloned()
+    }
+}
+
 impl PrincipalConstraint {
     /// Fill in any slots in the principal constraint using the values in
     /// `vals`. Throws an error if `vals` doesn't contain a necessary mapping,
     /// but does not throw an error if `vals` contains unused mappings.
-    pub fn link(self, vals: &HashMap<ast::SlotId, EntityUidJson>) -> Result<Self, LinkingError> {
+    pub fn link(
+        self,
+        vals: &HashMap<ast::SlotId, EntityUidJson>,
+        generalized_vals: &HashMap<ast::SlotId, CedarValueJson>,
+    ) -> Result<Self, LinkingError> {
         match self {
             PrincipalConstraint::All => Ok(PrincipalConstraint::All),
             PrincipalConstraint::Eq(EqConstraint::Entity { entity }) => {
@@ -181,21 +203,16 @@ impl PrincipalConstraint {
             PrincipalConstraint::In(PrincipalOrResourceInConstraint::Entity { entity }) => Ok(
                 PrincipalConstraint::In(PrincipalOrResourceInConstraint::Entity { entity }),
             ),
-            PrincipalConstraint::Eq(EqConstraint::Slot { slot }) => match vals.get(&slot) {
-                Some(val) => Ok(PrincipalConstraint::Eq(EqConstraint::Entity {
-                    entity: val.clone(),
-                })),
-                None => Err(LinkingError::MissedSlot { slot }),
-            },
+            PrincipalConstraint::Eq(EqConstraint::Slot { slot }) => {
+                let entity = get_entity_uid_json_for_slot_in_scope(slot, vals, generalized_vals)?;
+
+                Ok(PrincipalConstraint::Eq(EqConstraint::Entity { entity }))
+            }
             PrincipalConstraint::In(PrincipalOrResourceInConstraint::Slot { slot }) => {
-                match vals.get(&slot) {
-                    Some(val) => Ok(PrincipalConstraint::In(
-                        PrincipalOrResourceInConstraint::Entity {
-                            entity: val.clone(),
-                        },
-                    )),
-                    None => Err(LinkingError::MissedSlot { slot }),
-                }
+                let entity = get_entity_uid_json_for_slot_in_scope(slot, vals, generalized_vals)?;
+                Ok(PrincipalConstraint::In(
+                    PrincipalOrResourceInConstraint::Entity { entity },
+                ))
             }
             e @ PrincipalConstraint::Is(PrincipalOrResourceIsConstraint {
                 entity_type: _,
@@ -207,10 +224,7 @@ impl PrincipalConstraint {
             }) => Ok(PrincipalConstraint::Is(PrincipalOrResourceIsConstraint {
                 entity_type,
                 in_entity: Some(PrincipalOrResourceInConstraint::Entity {
-                    entity: vals
-                        .get(&slot)
-                        .ok_or(LinkingError::MissedSlot { slot })?
-                        .clone(),
+                    entity: get_entity_uid_json_for_slot_in_scope(slot, vals, generalized_vals)?,
                 }),
             })),
         }
@@ -297,7 +311,11 @@ impl ResourceConstraint {
     /// Fill in any slots in the resource constraint using the values in
     /// `vals`. Throws an error if `vals` doesn't contain a necessary mapping,
     /// but does not throw an error if `vals` contains unused mappings.
-    pub fn link(self, vals: &HashMap<ast::SlotId, EntityUidJson>) -> Result<Self, LinkingError> {
+    pub fn link(
+        self,
+        vals: &HashMap<ast::SlotId, EntityUidJson>,
+        generalized_vals: &HashMap<ast::SlotId, CedarValueJson>,
+    ) -> Result<Self, LinkingError> {
         match self {
             ResourceConstraint::All => Ok(ResourceConstraint::All),
             ResourceConstraint::Eq(EqConstraint::Entity { entity }) => {
@@ -306,21 +324,18 @@ impl ResourceConstraint {
             ResourceConstraint::In(PrincipalOrResourceInConstraint::Entity { entity }) => Ok(
                 ResourceConstraint::In(PrincipalOrResourceInConstraint::Entity { entity }),
             ),
-            ResourceConstraint::Eq(EqConstraint::Slot { slot }) => match vals.get(&slot) {
-                Some(val) => Ok(ResourceConstraint::Eq(EqConstraint::Entity {
-                    entity: val.clone(),
-                })),
-                None => Err(LinkingError::MissedSlot { slot }),
-            },
+            ResourceConstraint::Eq(EqConstraint::Slot { slot }) => {
+                let entity = get_entity_uid_json_for_slot_in_scope(slot, vals, generalized_vals)?;
+
+                Ok(ResourceConstraint::In(
+                    PrincipalOrResourceInConstraint::Entity { entity },
+                ))
+            }
             ResourceConstraint::In(PrincipalOrResourceInConstraint::Slot { slot }) => {
-                match vals.get(&slot) {
-                    Some(val) => Ok(ResourceConstraint::In(
-                        PrincipalOrResourceInConstraint::Entity {
-                            entity: val.clone(),
-                        },
-                    )),
-                    None => Err(LinkingError::MissedSlot { slot }),
-                }
+                let entity = get_entity_uid_json_for_slot_in_scope(slot, vals, generalized_vals)?;
+                Ok(ResourceConstraint::In(
+                    PrincipalOrResourceInConstraint::Entity { entity },
+                ))
             }
             e @ ResourceConstraint::Is(PrincipalOrResourceIsConstraint {
                 entity_type: _,
@@ -332,10 +347,7 @@ impl ResourceConstraint {
             }) => Ok(ResourceConstraint::Is(PrincipalOrResourceIsConstraint {
                 entity_type,
                 in_entity: Some(PrincipalOrResourceInConstraint::Entity {
-                    entity: vals
-                        .get(&slot)
-                        .ok_or(LinkingError::MissedSlot { slot })?
-                        .clone(),
+                    entity: get_entity_uid_json_for_slot_in_scope(slot, vals, generalized_vals)?,
                 }),
             })),
         }
diff --git a/cedar-policy-core/src/evaluator.rs b/cedar-policy-core/src/evaluator.rs
index b885fb08b1..48b4b42e5a 100644
--- a/cedar-policy-core/src/evaluator.rs
+++ b/cedar-policy-core/src/evaluator.rs
@@ -382,7 +382,8 @@ impl<'e> Evaluator<'e> {
     /// it doesn't consider whether we're processing a `Permit` policy or a
     /// `Forbid` policy.
     pub fn evaluate(&self, p: &Policy) -> Result<bool> {
-        self.interpret(&p.condition(), p.env())?.get_as_bool()
+        self.interpret(&p.condition(), p.env(), p.generalized_env())?
+            .get_as_bool()
     }
 
     /// Partially evaluate the given `Policy`, returning one of:
@@ -395,7 +396,7 @@ impl<'e> Evaluator<'e> {
     ///    it doesn't consider whether we're processing a `Permit` policy or a
     ///    `Forbid` policy.
     pub fn partial_evaluate(&self, p: &Policy) -> Result<Either<bool, Expr>> {
-        match self.partial_interpret(&p.condition(), p.env())? {
+        match self.partial_interpret(&p.condition(), p.env(), p.generalized_env())? {
             PartialValue::Value(v) => v.get_as_bool().map(Either::Left),
             PartialValue::Residual(e) => Ok(Either::Right(e)),
         }
@@ -406,8 +407,13 @@ impl<'e> Evaluator<'e> {
     /// Ensures the result is not a residual.
     /// May return an error, for instance if the `Expr` tries to access an
     /// attribute that doesn't exist.
-    pub fn interpret(&self, e: &Expr, slots: &SlotEnv) -> Result<Value> {
-        match self.partial_interpret(e, slots)? {
+    pub fn interpret(
+        &self,
+        e: &Expr,
+        slots: &SlotEnv,
+        generalized_slots: &GeneralizedSlotEnv,
+    ) -> Result<Value> {
+        match self.partial_interpret(e, slots, generalized_slots)? {
             PartialValue::Value(v) => Ok(v),
             PartialValue::Residual(r) => Err(EvaluationError::non_value(r)),
         }
@@ -418,10 +424,15 @@ impl<'e> Evaluator<'e> {
     /// May return a residual expression, if the input expression is symbolic.
     /// May return an error, for instance if the `Expr` tries to access an
     /// attribute that doesn't exist.
-    pub fn partial_interpret(&self, expr: &Expr, slots: &SlotEnv) -> Result<PartialValue> {
+    pub fn partial_interpret(
+        &self,
+        expr: &Expr,
+        slots: &SlotEnv,
+        generalized_slots: &GeneralizedSlotEnv,
+    ) -> Result<PartialValue> {
         stack_size_check()?;
 
-        let res = self.partial_interpret_internal(expr, slots);
+        let res = self.partial_interpret_internal(expr, slots, generalized_slots);
 
         // set the returned value's source location to the same source location
         // as the input expression had.
@@ -447,14 +458,30 @@ impl<'e> Evaluator<'e> {
     /// all errors are set properly before returning them from
     /// `partial_interpret()`.
     #[allow(clippy::cognitive_complexity)]
-    fn partial_interpret_internal(&self, expr: &Expr, slots: &SlotEnv) -> Result<PartialValue> {
+    fn partial_interpret_internal(
+        &self,
+        expr: &Expr,
+        slots: &SlotEnv,
+        generalized_slots: &GeneralizedSlotEnv,
+    ) -> Result<PartialValue> {
         let loc = expr.source_loc(); // the `loc` describing the location of the entire expression
         match expr.expr_kind() {
             ExprKind::Lit(lit) => Ok(lit.clone().into()),
-            ExprKind::Slot(id) => slots
-                .get(id)
-                .ok_or_else(|| err::EvaluationError::unlinked_slot(*id, loc.into_maybe_loc()))
-                .map(|euid| PartialValue::from(euid.clone())),
+            ExprKind::Slot(id) => {
+                if id.is_generalized_slot() {
+                    let restricted_expr = generalized_slots.get(id).ok_or_else(|| {
+                        err::EvaluationError::unlinked_slot(id.clone(), loc.into_maybe_loc())
+                    })?;
+                    self.partial_interpret(restricted_expr, slots, generalized_slots)
+                } else {
+                    slots
+                        .get(id)
+                        .ok_or_else(|| {
+                            err::EvaluationError::unlinked_slot(id.clone(), loc.into_maybe_loc())
+                        })
+                        .map(|euid| PartialValue::from(euid.clone()))
+                }
+            }
             ExprKind::Var(v) => match v {
                 Var::Principal => Ok(self.principal.evaluate(*v)),
                 Var::Action => Ok(self.action.evaluate(*v)),
@@ -466,9 +493,9 @@ impl<'e> Evaluator<'e> {
                 test_expr,
                 then_expr,
                 else_expr,
-            } => self.eval_if(test_expr, then_expr, else_expr, slots),
+            } => self.eval_if(test_expr, then_expr, else_expr, slots, generalized_slots),
             ExprKind::And { left, right } => {
-                match self.partial_interpret(left, slots)? {
+                match self.partial_interpret(left, slots, generalized_slots)? {
                     // PE Case
                     PartialValue::Residual(e) => {
                         Ok(PartialValue::Residual(Expr::and(e, right.as_ref().clone())))
@@ -476,7 +503,7 @@ impl<'e> Evaluator<'e> {
                     // Full eval case
                     PartialValue::Value(v) => {
                         if v.get_as_bool()? {
-                            match self.partial_interpret(right, slots)? {
+                            match self.partial_interpret(right, slots, generalized_slots)? {
                                 // you might think that `true && <residual>` can be optimized to `<residual>`, but this isn't true because
                                 // <residual> must be boolean, or else it needs to type error. So return `true && <residual>` to ensure
                                 // type check happens
@@ -494,7 +521,7 @@ impl<'e> Evaluator<'e> {
                 }
             }
             ExprKind::Or { left, right } => {
-                match self.partial_interpret(left, slots)? {
+                match self.partial_interpret(left, slots, generalized_slots)? {
                     // PE cases
                     PartialValue::Residual(r) => {
                         Ok(PartialValue::Residual(Expr::or(r, right.as_ref().clone())))
@@ -505,7 +532,7 @@ impl<'e> Evaluator<'e> {
                             // We can short circuit here
                             Ok(true.into())
                         } else {
-                            match self.partial_interpret(right, slots)? {
+                            match self.partial_interpret(right, slots, generalized_slots)? {
                                 PartialValue::Residual(rhs) =>
                                 // you might think that `false || <residual>` can be optimized to `<residual>`, but this isn't true because
                                 // <residual> must be boolean, or else it needs to type error. So return `false || <residual>` to ensure
@@ -519,20 +546,24 @@ impl<'e> Evaluator<'e> {
                     }
                 }
             }
-            ExprKind::UnaryApp { op, arg } => match self.partial_interpret(arg, slots)? {
-                PartialValue::Value(arg) => unary_app(*op, arg, loc).map(Into::into),
-                // NOTE, there was a bug here found during manual review. (I forgot to wrap in unary_app call)
-                // Could be a nice target for fault injection
-                PartialValue::Residual(r) => Ok(PartialValue::Residual(Expr::unary_app(*op, r))),
-            },
+            ExprKind::UnaryApp { op, arg } => {
+                match self.partial_interpret(arg, slots, generalized_slots)? {
+                    PartialValue::Value(arg) => unary_app(*op, arg, loc).map(Into::into),
+                    // NOTE, there was a bug here found during manual review. (I forgot to wrap in unary_app call)
+                    // Could be a nice target for fault injection
+                    PartialValue::Residual(r) => {
+                        Ok(PartialValue::Residual(Expr::unary_app(*op, r)))
+                    }
+                }
+            }
             ExprKind::BinaryApp { op, arg1, arg2 } => {
                 // NOTE: There are more precise partial eval opportunities here, esp w/ typed unknowns
                 // Current limitations:
                 //   Operators are not partially evaluated, except in a few 'simple' cases when comparing a concrete value with an unknown of known type
                 //   implemented in short_circuit_*
                 let (arg1, arg2) = match (
-                    self.partial_interpret(arg1, slots)?,
-                    self.partial_interpret(arg2, slots)?,
+                    self.partial_interpret(arg1, slots, generalized_slots)?,
+                    self.partial_interpret(arg2, slots, generalized_slots)?,
                 ) {
                     (PartialValue::Value(v1), PartialValue::Value(v2)) => (v1, v2),
                     (PartialValue::Value(v1), PartialValue::Residual(e2)) => {
@@ -659,7 +690,7 @@ impl<'e> Evaluator<'e> {
             ExprKind::ExtensionFunctionApp { fn_name, args } => {
                 let args = args
                     .iter()
-                    .map(|arg| self.partial_interpret(arg, slots))
+                    .map(|arg| self.partial_interpret(arg, slots, generalized_slots))
                     .collect::<Result<Vec<_>>>()?;
                 match split(args) {
                     Either::Left(vals) => {
@@ -672,33 +703,37 @@ impl<'e> Evaluator<'e> {
                     )),
                 }
             }
-            ExprKind::GetAttr { expr, attr } => self.get_attr(expr.as_ref(), attr, slots, loc),
-            ExprKind::HasAttr { expr, attr } => match self.partial_interpret(expr, slots)? {
-                PartialValue::Value(Value {
-                    value: ValueKind::Record(record),
-                    ..
-                }) => Ok(record.get(attr).is_some().into()),
-                PartialValue::Value(Value {
-                    value: ValueKind::Lit(Literal::EntityUID(uid)),
-                    ..
-                }) => match self.entities.entity(&uid) {
-                    Dereference::NoSuchEntity => Ok(false.into()),
-                    Dereference::Residual(r) => {
-                        Ok(PartialValue::Residual(Expr::has_attr(r, attr.clone())))
-                    }
-                    Dereference::Data(e) => Ok(e.get(attr).is_some().into()),
-                },
-                PartialValue::Value(val) => Err(err::EvaluationError::type_error(
-                    nonempty![
-                        Type::Record,
-                        Type::entity_type(names::ANY_ENTITY_TYPE.clone())
-                    ],
-                    &val,
-                )),
-                PartialValue::Residual(r) => Ok(Expr::has_attr(r, attr.clone()).into()),
-            },
+            ExprKind::GetAttr { expr, attr } => {
+                self.get_attr(expr.as_ref(), attr, slots, generalized_slots, loc)
+            }
+            ExprKind::HasAttr { expr, attr } => {
+                match self.partial_interpret(expr, slots, generalized_slots)? {
+                    PartialValue::Value(Value {
+                        value: ValueKind::Record(record),
+                        ..
+                    }) => Ok(record.get(attr).is_some().into()),
+                    PartialValue::Value(Value {
+                        value: ValueKind::Lit(Literal::EntityUID(uid)),
+                        ..
+                    }) => match self.entities.entity(&uid) {
+                        Dereference::NoSuchEntity => Ok(false.into()),
+                        Dereference::Residual(r) => {
+                            Ok(PartialValue::Residual(Expr::has_attr(r, attr.clone())))
+                        }
+                        Dereference::Data(e) => Ok(e.get(attr).is_some().into()),
+                    },
+                    PartialValue::Value(val) => Err(err::EvaluationError::type_error(
+                        nonempty![
+                            Type::Record,
+                            Type::entity_type(names::ANY_ENTITY_TYPE.clone())
+                        ],
+                        &val,
+                    )),
+                    PartialValue::Residual(r) => Ok(Expr::has_attr(r, attr.clone()).into()),
+                }
+            }
             ExprKind::Like { expr, pattern } => {
-                let v = self.partial_interpret(expr, slots)?;
+                let v = self.partial_interpret(expr, slots, generalized_slots)?;
                 match v {
                     PartialValue::Value(v) => {
                         Ok((pattern.wildcard_match(v.get_as_string()?)).into())
@@ -707,7 +742,7 @@ impl<'e> Evaluator<'e> {
                 }
             }
             ExprKind::Is { expr, entity_type } => {
-                let v = self.partial_interpret(expr, slots)?;
+                let v = self.partial_interpret(expr, slots, generalized_slots)?;
                 match v {
                     PartialValue::Value(v) => {
                         Ok((v.get_as_entity()?.entity_type() == entity_type).into())
@@ -730,7 +765,7 @@ impl<'e> Evaluator<'e> {
             ExprKind::Set(items) => {
                 let vals = items
                     .iter()
-                    .map(|item| self.partial_interpret(item, slots))
+                    .map(|item| self.partial_interpret(item, slots, generalized_slots))
                     .collect::<Result<Vec<_>>>()?;
                 match split(vals) {
                     Either::Left(vals) => Ok(Value::set(vals, loc.into_maybe_loc()).into()),
@@ -740,7 +775,12 @@ impl<'e> Evaluator<'e> {
             ExprKind::Record(map) => {
                 let map = map
                     .iter()
-                    .map(|(k, v)| Ok((k.clone(), self.partial_interpret(v, slots)?)))
+                    .map(|(k, v)| {
+                        Ok((
+                            k.clone(),
+                            self.partial_interpret(v, slots, generalized_slots)?,
+                        ))
+                    })
                     .collect::<Result<Vec<_>>>()?;
                 let (names, evalled): (Vec<SmolStr>, Vec<PartialValue>) = map.into_iter().unzip();
                 match split(evalled) {
@@ -835,13 +875,14 @@ impl<'e> Evaluator<'e> {
         consequent: &Arc<Expr>,
         alternative: &Arc<Expr>,
         slots: &SlotEnv,
+        generalized_slots: &GeneralizedSlotEnv,
     ) -> Result<PartialValue> {
-        match self.partial_interpret(guard, slots)? {
+        match self.partial_interpret(guard, slots, generalized_slots)? {
             PartialValue::Value(v) => {
                 if v.get_as_bool()? {
-                    self.partial_interpret(consequent, slots)
+                    self.partial_interpret(consequent, slots, generalized_slots)
                 } else {
-                    self.partial_interpret(alternative, slots)
+                    self.partial_interpret(alternative, slots, generalized_slots)
                 }
             }
             PartialValue::Residual(guard) => {
@@ -858,9 +899,10 @@ impl<'e> Evaluator<'e> {
         expr: &Expr,
         attr: &SmolStr,
         slots: &SlotEnv,
+        generalized_slots: &GeneralizedSlotEnv,
         source_loc: Option<&Loc>,
     ) -> Result<PartialValue> {
-        match self.partial_interpret(expr, slots)? {
+        match self.partial_interpret(expr, slots, generalized_slots)? {
             // PE Cases
             PartialValue::Residual(res) => {
                 match res.expr_kind() {
@@ -882,7 +924,7 @@ impl<'e> Evaluator<'e> {
                                         source_loc.into_maybe_loc(),
                                     )
                                 })
-                                .and_then(|e| self.partial_interpret(e, slots))
+                                .and_then(|e| self.partial_interpret(e, slots, generalized_slots))
                         } else if map.keys().any(|k| k == attr) {
                             Ok(PartialValue::Residual(Expr::get_attr(
                                 Expr::record_arc(Arc::clone(map)),
@@ -1045,7 +1087,7 @@ impl Evaluator<'_> {
     /// location is propagated to the result.
     pub fn interpret_inline_policy(&self, e: &Expr) -> Result<Value> {
         use std::collections::HashMap;
-        match self.partial_interpret(e, &HashMap::new())? {
+        match self.partial_interpret(e, &HashMap::new(), &HashMap::new())? {
             PartialValue::Value(v) => {
                 debug_assert!(e.source_loc().is_some() == v.source_loc().is_some());
                 Ok(v)
@@ -1060,7 +1102,8 @@ impl Evaluator<'_> {
     /// Evaluate an expression, potentially leaving a residual
     pub fn partial_eval_expr(&self, p: &Expr) -> Result<Either<Value, Expr>> {
         let env = SlotEnv::new();
-        match self.partial_interpret(p, &env)? {
+        let generalized_env = GeneralizedSlotEnv::new();
+        match self.partial_interpret(p, &env, &generalized_env)? {
             PartialValue::Value(v) => Ok(Either::Left(v)),
             PartialValue::Residual(r) => Ok(Either::Right(r)),
         }
@@ -4873,14 +4916,16 @@ pub(crate) mod test {
         let e = Expr::slot(SlotId::principal());
 
         let slots = HashMap::new();
-        let r = evaluator.partial_interpret(&e, &slots);
+        let generalized_slots = HashMap::new();
+        let r = evaluator.partial_interpret(&e, &slots, &generalized_slots);
         assert_matches!(r, Err(EvaluationError::UnlinkedSlot(UnlinkedSlotError { slot, .. })) => {
             assert_eq!(slot, SlotId::principal());
         });
 
         let mut slots = HashMap::new();
         slots.insert(SlotId::principal(), EntityUID::with_eid("eid"));
-        let r = evaluator.partial_interpret(&e, &slots);
+        let generalized_slots = HashMap::new();
+        let r = evaluator.partial_interpret(&e, &slots, &generalized_slots);
         assert_matches!(r, Ok(e) => {
             assert_eq!(
                 e,
@@ -4907,6 +4952,8 @@ pub(crate) mod test {
             PolicyID::from_string("template"),
             PolicyID::from_string("instance"),
             values,
+            HashMap::new(),
+            None,
         )
         .expect("Linking failed!");
         let q = Request::new(
@@ -4929,6 +4976,100 @@ pub(crate) mod test {
         });
     }
 
+    fn schema() -> crate::validator::ValidatorSchema {
+        let src = r#"
+            namespace FS {
+                entity Disk = {
+                    owner: String, 
+                };
+                entity Folder in Disk = {
+                    owner: String,
+                };
+                entity Document in Folder = {
+                    owner: String,
+                };
+                entity Person;
+            }
+
+            action Navigate appliesTo {
+                principal: FS::Person,
+                resource: [FS::Disk, FS::Folder, FS::Document],
+            };
+
+            action Write appliesTo {
+                principal: FS::Person,
+                resource: [FS::Disk, FS::Folder, FS::Document],
+            };
+        "#;
+        src.parse().unwrap()
+    }
+
+    #[test]
+    fn generalized_template_interp() {
+        let schema = schema();
+        let t = parse_policy_or_template(
+            Some(PolicyID::from_string("template")),
+            r#"template(?body: Long, ?disk: FS::Disk) => 
+            permit(principal, action, resource) 
+            when { ?body == 8 && ?disk.owner == "James" };"#,
+        )
+        .expect("Parse Error");
+
+        let mut pset = PolicySet::new();
+        pset.add_template(t)
+            .expect("Template already present in PolicySet");
+        let values = HashMap::new();
+        let generalized_values = HashMap::from_iter([
+            (
+                SlotId::generalized_slot("body".parse().unwrap()),
+                RestrictedExpr::val(8),
+            ),
+            (
+                SlotId::generalized_slot("disk".parse().unwrap()),
+                RestrictedExpr::val("FS::Disk::\"SSD\"".parse::<EntityUID>().unwrap()),
+            ),
+        ]);
+        pset.link(
+            PolicyID::from_string("template"),
+            PolicyID::from_string("instance"),
+            values,
+            generalized_values,
+            Some(&schema),
+        )
+        .expect("Linking failed!");
+        let q = Request::new(
+            (EntityUID::with_eid("p"), None),
+            (EntityUID::with_eid("read"), None),
+            (EntityUID::with_eid("r"), None),
+            Context::empty(),
+            Some(&RequestSchemaAllPass),
+            Extensions::none(),
+        )
+        .unwrap();
+
+        let eparser: EntityJsonParser<'_, '_> =
+            EntityJsonParser::new(None, Extensions::none(), TCComputation::ComputeNow);
+        let entities = eparser
+            .from_json_str(
+                r#"
+        [{
+            "uid": {
+                "type": "FS::Disk",
+                "id": "SSD"
+            },
+            "attrs": { "owner": "James" },
+            "parents": []
+        }]"#,
+            )
+            .expect("empty slice");
+        let eval = Evaluator::new(q.clone(), &entities, Extensions::none());
+
+        let ir = pset.policies().next().expect("No linked policies");
+        assert_matches!(eval.partial_evaluate(ir), Ok(Either::Left(b)) => {
+            assert!(b, "Should be enforced");
+        });
+    }
+
     #[track_caller] // report the caller's location as the location of the panic, not the location in this function
     fn assert_restricted_expression_error(e: &Expr) {
         assert_matches!(
@@ -5087,7 +5228,7 @@ pub(crate) mod test {
                 let m: HashMap<_, _> = HashMap::from([("principal".into(), Value::from(euid))]);
                 let new_expr = expr.substitute_typed(&m).unwrap();
                 assert_eq!(
-                    e.partial_interpret(&new_expr, &HashMap::new())
+                    e.partial_interpret(&new_expr, &HashMap::new(), &HashMap::new())
                         .expect("Failed to eval"),
                     PartialValue::Value(true.into())
                 );
@@ -5348,7 +5489,9 @@ pub(crate) mod test {
 
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         assert_eq!(
             r,
@@ -5396,7 +5539,9 @@ pub(crate) mod test {
         .unwrap();
         let eval = Evaluator::new(q, &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         assert_eq!(
             r,
@@ -5425,7 +5570,8 @@ pub(crate) mod test {
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
         assert_eq!(
-            eval.partial_interpret(&e, &HashMap::new()).unwrap(),
+            eval.partial_interpret(&e, &HashMap::new(), &HashMap::new())
+                .unwrap(),
             PartialValue::Residual(Expr::ite(
                 Expr::unknown(Unknown::new_untyped("guard")),
                 b,
@@ -5445,7 +5591,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         assert_eq!(r, PartialValue::Value(Value::from(false)));
     }
@@ -5461,7 +5609,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         assert_eq!(
             r,
@@ -5483,7 +5633,10 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        assert_matches!(eval.partial_interpret(&e, &HashMap::new()), Err(_));
+        assert_matches!(
+            eval.partial_interpret(&e, &HashMap::new(), &HashMap::new()),
+            Err(_)
+        );
     }
 
     #[test]
@@ -5501,7 +5654,10 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        assert_matches!(eval.partial_interpret(&e, &HashMap::new()), Ok(_));
+        assert_matches!(
+            eval.partial_interpret(&e, &HashMap::new(), &HashMap::new()),
+            Ok(_)
+        );
     }
 
     #[test]
@@ -5516,7 +5672,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         assert_eq!(r, PartialValue::Value(Value::from(true)));
     }
@@ -5532,7 +5690,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         assert_eq!(
             r,
@@ -5554,7 +5714,10 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        assert_matches!(eval.partial_interpret(&e, &HashMap::new()), Err(_));
+        assert_matches!(
+            eval.partial_interpret(&e, &HashMap::new(), &HashMap::new()),
+            Err(_)
+        );
     }
 
     #[test]
@@ -5572,7 +5735,10 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        assert_matches!(eval.partial_interpret(&e, &HashMap::new()), Ok(_));
+        assert_matches!(
+            eval.partial_interpret(&e, &HashMap::new(), &HashMap::new()),
+            Ok(_)
+        );
     }
 
     #[test]
@@ -5585,7 +5751,10 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        assert_matches!(eval.partial_interpret(&a, &HashMap::new()), Err(_));
+        assert_matches!(
+            eval.partial_interpret(&a, &HashMap::new(), &HashMap::new()),
+            Err(_)
+        );
     }
 
     #[test]
@@ -5598,7 +5767,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&a, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&a, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         let expected = PartialValue::unknown(Unknown::new_untyped("test"));
 
@@ -5619,7 +5790,10 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        assert_matches!(eval.partial_interpret(&a, &HashMap::new()), Err(_));
+        assert_matches!(
+            eval.partial_interpret(&a, &HashMap::new(), &HashMap::new()),
+            Err(_)
+        );
     }
 
     #[test]
@@ -5636,7 +5810,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&a, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&a, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         let expected = PartialValue::unknown(Unknown::new_untyped("b"));
 
@@ -5653,7 +5829,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         let expected = Expr::ite(guard, Expr::val(1), Expr::val(2));
 
@@ -5670,7 +5848,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         let expected = Expr::ite(guard, cons, Expr::val(2));
 
@@ -5687,7 +5867,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         let expected = Expr::ite(guard, Expr::val(2), alt);
         assert_eq!(r, PartialValue::Residual(expected));
@@ -5704,7 +5886,8 @@ pub(crate) mod test {
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
         assert_eq!(
-            eval.partial_interpret(&e, &HashMap::new()).unwrap(),
+            eval.partial_interpret(&e, &HashMap::new(), &HashMap::new())
+                .unwrap(),
             PartialValue::Residual(Expr::ite(guard, cons, alt))
         );
     }
@@ -5718,7 +5901,10 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        assert_matches!(eval.partial_interpret(&e, &HashMap::new()), Err(_));
+        assert_matches!(
+            eval.partial_interpret(&e, &HashMap::new(), &HashMap::new()),
+            Err(_)
+        );
     }
 
     // err || res -> err
@@ -5730,7 +5916,10 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        assert_matches!(eval.partial_interpret(&e, &HashMap::new()), Err(_));
+        assert_matches!(
+            eval.partial_interpret(&e, &HashMap::new(), &HashMap::new()),
+            Err(_)
+        );
     }
 
     // true && res -> true && res
@@ -5742,7 +5931,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         let expected = Expr::and(
             Expr::val(true),
@@ -5760,7 +5951,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
         assert_eq!(r, PartialValue::Value(Value::from(false)));
     }
 
@@ -5773,7 +5966,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
         let expected = Expr::and(lhs, rhs);
         assert_eq!(r, PartialValue::Residual(expected));
     }
@@ -5786,7 +5981,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
         let expected = Expr::and(lhs, rhs);
         assert_eq!(r, PartialValue::Residual(expected));
     }
@@ -5800,7 +5997,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         let expected = Expr::and(
             Expr::unknown(Unknown::new_untyped("b")),
@@ -5818,7 +6017,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         let expected = Expr::and(
             Expr::get_attr(Expr::unknown(Unknown::new_untyped("test")), "field".into()),
@@ -5836,7 +6037,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
         assert_eq!(r, PartialValue::Value(Value::from(true)));
     }
 
@@ -5849,7 +6052,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
         let expected = Expr::or(
             Expr::val(false),
             Expr::get_attr(Expr::unknown(Unknown::new_untyped("test")), "field".into()),
@@ -5866,7 +6071,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
         let expected = Expr::or(lhs, rhs);
         assert_eq!(r, PartialValue::Residual(expected));
     }
@@ -5879,7 +6086,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
         let expected = Expr::or(lhs, rhs);
         assert_eq!(r, PartialValue::Residual(expected));
     }
@@ -5893,7 +6102,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         let expected = Expr::or(
             Expr::unknown(Unknown::new_untyped("b")),
@@ -5911,7 +6122,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         let expected = Expr::or(
             Expr::get_attr(Expr::unknown(Unknown::new_untyped("test")), "field".into()),
@@ -5926,15 +6139,21 @@ pub(crate) mod test {
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
         let e = Expr::unary_app(UnaryOp::Neg, Expr::unknown(Unknown::new_untyped("a")));
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
         assert_eq!(r, PartialValue::Residual(e));
 
         let e = Expr::unary_app(UnaryOp::Not, Expr::unknown(Unknown::new_untyped("a")));
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
         assert_eq!(r, PartialValue::Residual(e));
 
         let e = Expr::unary_app(UnaryOp::IsEmpty, Expr::unknown(Unknown::new_untyped("a")));
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
         assert_eq!(r, PartialValue::Residual(e));
     }
 
@@ -5962,7 +6181,9 @@ pub(crate) mod test {
                 Expr::binary_app(BinaryOp::Add, Expr::val(1), Expr::val(2)),
                 Expr::unknown(Unknown::new_untyped("a")),
             );
-            let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+            let r = eval
+                .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+                .unwrap();
             let expected = Expr::binary_app(
                 binop,
                 Expr::val(3),
@@ -5975,14 +6196,19 @@ pub(crate) mod test {
                 Expr::binary_app(BinaryOp::Add, Expr::val("hello"), Expr::val(2)),
                 Expr::unknown(Unknown::new_untyped("a")),
             );
-            assert_matches!(eval.partial_interpret(&e, &HashMap::new()), Err(_));
+            assert_matches!(
+                eval.partial_interpret(&e, &HashMap::new(), &HashMap::new()),
+                Err(_)
+            );
             // ensure PE evaluates right side
             let e = Expr::binary_app(
                 binop,
                 Expr::unknown(Unknown::new_untyped("a")),
                 Expr::binary_app(BinaryOp::Add, Expr::val(1), Expr::val(2)),
             );
-            let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+            let r = eval
+                .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+                .unwrap();
             let expected = Expr::binary_app(
                 binop,
                 Expr::unknown(Unknown::new_untyped("a")),
@@ -5995,14 +6221,19 @@ pub(crate) mod test {
                 Expr::unknown(Unknown::new_untyped("a")),
                 Expr::binary_app(BinaryOp::Add, Expr::val("hello"), Expr::val(2)),
             );
-            assert_matches!(eval.partial_interpret(&e, &HashMap::new()), Err(_));
+            assert_matches!(
+                eval.partial_interpret(&e, &HashMap::new(), &HashMap::new()),
+                Err(_)
+            );
             // Both left and right residuals
             let e = Expr::binary_app(
                 binop,
                 Expr::unknown(Unknown::new_untyped("a")),
                 Expr::unknown(Unknown::new_untyped("b")),
             );
-            let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+            let r = eval
+                .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+                .unwrap();
             let expected = Expr::binary_app(
                 binop,
                 Expr::unknown(Unknown::new_untyped("a")),
@@ -6018,7 +6249,9 @@ pub(crate) mod test {
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
         let e = Expr::mul(Expr::unknown(Unknown::new_untyped("a")), Expr::val(32));
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
         assert_eq!(r, PartialValue::Residual(e));
     }
 
@@ -6032,7 +6265,9 @@ pub(crate) mod test {
             vec![Expr::unknown(Unknown::new_untyped("a"))],
         );
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         assert_eq!(r, PartialValue::Residual(e));
     }
@@ -6047,7 +6282,9 @@ pub(crate) mod test {
         let b = Expr::unknown(Unknown::new_untyped("a"));
         let e = Expr::call_extension_fn("isInRange".parse().unwrap(), vec![a, b]);
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         assert_eq!(r, PartialValue::Residual(e));
 
@@ -6055,7 +6292,9 @@ pub(crate) mod test {
         let a = Expr::unknown(Unknown::new_untyped("a"));
         let e = Expr::call_extension_fn("isInRange".parse().unwrap(), vec![a, b]);
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         assert_eq!(r, PartialValue::Residual(e));
 
@@ -6063,7 +6302,10 @@ pub(crate) mod test {
         let a = Expr::unknown(Unknown::new_untyped("a"));
         let e = Expr::call_extension_fn("isInRange".parse().unwrap(), vec![a, b]);
 
-        assert_matches!(eval.partial_interpret(&e, &HashMap::new()), Err(_));
+        assert_matches!(
+            eval.partial_interpret(&e, &HashMap::new(), &HashMap::new()),
+            Err(_)
+        );
     }
 
     #[test]
@@ -6076,7 +6318,9 @@ pub(crate) mod test {
             Pattern::from(vec![]),
         );
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         assert_eq!(r, PartialValue::Residual(e));
     }
@@ -6091,7 +6335,9 @@ pub(crate) mod test {
             "User".parse().unwrap(),
         );
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         assert_eq!(r, PartialValue::Residual(e));
     }
@@ -6103,7 +6349,9 @@ pub(crate) mod test {
 
         let e = Expr::has_attr(Expr::unknown(Unknown::new_untyped("a")), "test".into());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         assert_eq!(r, PartialValue::Residual(e));
     }
@@ -6118,7 +6366,9 @@ pub(crate) mod test {
             Expr::unknown(Unknown::new_untyped("a")),
             Expr::val(2),
         ]);
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
         assert_eq!(r, PartialValue::Residual(e));
 
         let e = Expr::set([
@@ -6126,7 +6376,9 @@ pub(crate) mod test {
             Expr::unknown(Unknown::new_untyped("a")),
             Expr::binary_app(BinaryOp::Add, Expr::val(1), Expr::val(2)),
         ]);
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
         assert_eq!(
             r,
             PartialValue::Residual(Expr::set([
@@ -6141,7 +6393,10 @@ pub(crate) mod test {
             Expr::unknown(Unknown::new_untyped("a")),
             Expr::binary_app(BinaryOp::Add, Expr::val(1), Expr::val("a")),
         ]);
-        assert_matches!(eval.partial_interpret(&e, &HashMap::new()), Err(_));
+        assert_matches!(
+            eval.partial_interpret(&e, &HashMap::new(), &HashMap::new()),
+            Err(_)
+        );
     }
 
     #[test]
@@ -6155,7 +6410,9 @@ pub(crate) mod test {
             ("c".into(), Expr::val(2)),
         ])
         .unwrap();
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
         assert_eq!(r, PartialValue::Residual(e));
 
         let e = Expr::record([
@@ -6193,7 +6450,9 @@ pub(crate) mod test {
             ),
         ])
         .unwrap();
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
         assert_eq!(
             r,
             PartialValue::Residual(
@@ -6215,7 +6474,10 @@ pub(crate) mod test {
             ),
         ])
         .unwrap();
-        assert_matches!(eval.partial_interpret(&e, &HashMap::new()), Err(_));
+        assert_matches!(
+            eval.partial_interpret(&e, &HashMap::new(), &HashMap::new()),
+            Err(_)
+        );
     }
 
     #[test]
diff --git a/cedar-policy-core/src/parser.rs b/cedar-policy-core/src/parser.rs
index 45edfd1f4e..f4f51f5782 100644
--- a/cedar-policy-core/src/parser.rs
+++ b/cedar-policy-core/src/parser.rs
@@ -293,6 +293,15 @@ pub(crate) fn parse_ident(id: &str) -> Result<ast::Id, err::ParseErrors> {
     cst.to_valid_ident()
 }
 
+/// parse a slot
+///
+/// Private to this crate. Users outside Core should use `ValidSlotId`'s `FromStr` impl
+/// or its constructors
+pub(crate) fn parse_slot(slot: &str) -> Result<ast::ValidSlotId, err::ParseErrors> {
+    let cst = text_to_cst::parse_slot(slot)?;
+    (&cst).try_into()
+}
+
 /// parse an `AnyId`
 ///
 /// Private to this crate. Users outside Core should use `AnyId`'s `FromStr` impl
@@ -891,8 +900,8 @@ mod tests {
                 resource == ?blah
             };
             "#;
-        let error = ExpectedErrorMessageBuilder::error("`?blah` is not a valid template slot")
-            .help("a template slot may only be `?principal` or `?resource`")
+        let error = ExpectedErrorMessageBuilder::error("found template slot ?blah in the condition clause but it does not have a type annotation")
+            .help("generalized slots that appear in the condition clause require a type annotation")
             .exactly_one_underline("?blah")
             .build();
         assert_matches!(parse_policy(None, src), Err(e) => {
@@ -999,8 +1008,8 @@ mod tests {
                 resource == ?blah
             };
             "#;
-        let error = ExpectedErrorMessageBuilder::error("`?blah` is not a valid template slot")
-            .help("a template slot may only be `?principal` or `?resource`")
+        let error = ExpectedErrorMessageBuilder::error("found template slot ?blah in the condition clause but it does not have a type annotation")
+            .help("generalized slots that appear in the condition clause require a type annotation")
             .exactly_one_underline("?blah")
             .build();
         assert_matches!(parse_policy(None, src), Err(e) => {
@@ -1169,7 +1178,7 @@ mod tests {
             "@if(\"a\")",
             "unexpected end of input",
             "",
-            "expected `@` or identifier",
+            "expected `@`, `template`, or identifier",
         );
         // AST actually requires `principal` (`action`, `resource`, resp.). In
         // the `principal` case we also claim to expect `)` because an empty scope
diff --git a/cedar-policy-core/src/parser/cst.rs b/cedar-policy-core/src/parser/cst.rs
index 16a30c1757..224d0977fb 100644
--- a/cedar-policy-core/src/parser/cst.rs
+++ b/cedar-policy-core/src/parser/cst.rs
@@ -14,6 +14,7 @@
  * limitations under the License.
  */
 
+use crate::validator::cedar_schema::Type;
 use smol_str::SmolStr;
 
 // shortcut because we need CST nodes to potentially be empty,
@@ -52,6 +53,8 @@ pub enum Str {
 pub struct PolicyImpl {
     /// Annotations
     pub annotations: Vec<Node<Annotation>>,
+    /// Generalized Slots Annotation
+    pub generalized_slots_annotation: Option<Node<GeneralizedSlotsAnnotation>>,
     /// policy effect
     pub effect: Node<Ident>,
     /// Variables
@@ -407,4 +410,25 @@ impl Slot {
                 | (Slot::Resource, crate::ast::Var::Resource)
         )
     }
+
+    /// Check if a slot is a generalized slot
+    pub fn is_generalized(&self) -> bool {
+        matches!(self, Slot::Other(_))
+    }
+}
+
+/// SlotType: types for generalized slots
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub struct SlotType {
+    /// slot name
+    pub slot: Node<Slot>,
+    /// type
+    pub ty: Node<Type>,
+}
+
+/// GeneralizedSlotsAnnotation: a vector of pairs consisting of a slot and it's type
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub struct GeneralizedSlotsAnnotation {
+    /// a vector of slot and type pairs
+    pub values: Vec<Node<SlotType>>,
 }
diff --git a/cedar-policy-core/src/parser/cst_to_ast.rs b/cedar-policy-core/src/parser/cst_to_ast.rs
index 7b1dc9fb60..3b8cd4a1d3 100644
--- a/cedar-policy-core/src/parser/cst_to_ast.rs
+++ b/cedar-policy-core/src/parser/cst_to_ast.rs
@@ -36,16 +36,19 @@
 use super::err::{parse_errors, ParseError, ParseErrors, ToASTError, ToASTErrorKind};
 use super::node::Node;
 use super::unescape::{to_pattern, to_unescaped_string};
-use super::util::{flatten_tuple_2, flatten_tuple_3, flatten_tuple_4};
+use super::util::{flatten_tuple_2, flatten_tuple_3, flatten_tuple_4, flatten_tuple_5};
 use super::{cst, AsLocRef, IntoMaybeLoc, Loc, MaybeLoc};
 #[cfg(feature = "tolerant-ast")]
 use crate::ast::expr_allows_errors::ExprWithErrsBuilder;
 use crate::ast::{
-    self, ActionConstraint, CallStyle, Integer, PatternElem, PolicySetError, PrincipalConstraint,
-    PrincipalOrResourceConstraint, ResourceConstraint, UnreservedId,
+    self, ActionConstraint, CallStyle, GeneralizedSlotsAnnotation, Integer, PatternElem,
+    PolicySetError, PrincipalConstraint, PrincipalOrResourceConstraint, ResourceConstraint,
+    UnreservedId,
 };
 use crate::expr_builder::ExprBuilder;
 use crate::fuzzy_match::fuzzy_search_limited;
+use crate::validator::cedar_schema::to_json_schema;
+use crate::validator::{json_schema::Type as JSONSchemaType, RawName};
 use itertools::{Either, Itertools};
 use nonempty::nonempty;
 use nonempty::NonEmpty;
@@ -323,7 +326,7 @@ impl Node<Option<cst::Policy>> {
         let maybe_conds = ParseErrors::transpose(policy.conds.iter().map(|c| {
             let (e, is_when) = c.to_expr::<ast::ExprBuilder<()>>()?;
 
-            let slot_errs = e.slots().map(|slot| {
+            let slot_errs = e.principal_or_resource_slots().map(|slot| {
                 ToASTError::new(
                     ToASTErrorKind::slots_in_condition_clause(
                         slot.clone(),
@@ -339,11 +342,46 @@ impl Node<Option<cst::Policy>> {
             }
         }));
 
-        let (effect, annotations, (principal, action, resource), conds) =
-            flatten_tuple_4(maybe_effect, maybe_annotations, maybe_scope, maybe_conds)?;
+        let (contains_slot_in_principal, contains_slot_in_resource) = match &maybe_scope {
+            Ok((p, _, r)) => (p.has_slot(), r.has_slot()),
+            Err(_) => (false, false),
+        };
+
+        // maximally get all the slots in the condition, any errors will have already been caught by maybe_cond
+        let cond_slots = policy
+            .conds
+            .iter()
+            .filter_map(|c| match c.to_expr::<ast::ExprBuilder<()>>() {
+                Ok((e, _)) => Some(e),
+                Err(_) => None,
+            })
+            .flat_map(|e| e.slots().collect::<Vec<ast::Slot>>())
+            .collect();
+
+        // get generalized_slots_annotation
+        let maybe_generalized_slots_annotation = policy.get_generalized_slots_annotation(
+            contains_slot_in_principal,
+            contains_slot_in_resource,
+            cond_slots,
+        );
+
+        let (
+            effect,
+            annotations,
+            generalized_slots_annotation,
+            (principal, action, resource),
+            conds,
+        ) = flatten_tuple_5(
+            maybe_effect,
+            maybe_annotations,
+            maybe_generalized_slots_annotation,
+            maybe_scope,
+            maybe_conds,
+        )?;
         Ok(construct_template_policy(
             id,
             annotations.into(),
+            generalized_slots_annotation,
             effect,
             principal,
             action,
@@ -417,10 +455,15 @@ impl Node<Option<cst::Policy>> {
         // convert scope
         let maybe_scope = policy.extract_scope_tolerant_ast();
 
+        let (contains_slot_in_principal, contains_slot_in_resource) = match &maybe_scope {
+            Ok((p, _, r)) => (p.has_slot(), r.has_slot()),
+            Err(_) => (false, false),
+        };
+
         // convert conditions
         let maybe_conds = ParseErrors::transpose(policy.conds.iter().map(|c| {
             let (e, is_when) = c.to_expr::<ExprWithErrsBuilder<()>>()?;
-            let slot_errs = e.slots().map(|slot| {
+            let slot_errs = e.principal_or_resource_slots().map(|slot| {
                 ToASTError::new(
                     ToASTErrorKind::slots_in_condition_clause(
                         slot.clone(),
@@ -436,11 +479,41 @@ impl Node<Option<cst::Policy>> {
             }
         }));
 
-        let (effect, annotations, (principal, action, resource), conds) =
-            flatten_tuple_4(maybe_effect, maybe_annotations, maybe_scope, maybe_conds)?;
+        // maximally get all the slots in the condition, any errors will have already been caught by maybe_cond
+        let cond_slots = policy
+            .conds
+            .iter()
+            .filter_map(|c| match c.to_expr::<ast::ExprBuilder<()>>() {
+                Ok((e, _)) => Some(e),
+                Err(_) => None,
+            })
+            .flat_map(|e| e.slots().collect::<Vec<ast::Slot>>())
+            .collect();
+
+        // get generalized_slots_annotation
+        let maybe_generalized_slots_annotation = policy.get_generalized_slots_annotation(
+            contains_slot_in_principal,
+            contains_slot_in_resource,
+            cond_slots,
+        );
+
+        let (
+            effect,
+            annotations,
+            generalized_slots_annotation,
+            (principal, action, resource),
+            conds,
+        ) = flatten_tuple_5(
+            maybe_effect,
+            maybe_annotations,
+            maybe_generalized_slots_annotation,
+            maybe_scope,
+            maybe_conds,
+        )?;
         Ok(construct_template_policy(
             id,
             annotations.into(),
+            generalized_slots_annotation,
             effect,
             principal,
             action,
@@ -671,6 +744,109 @@ impl cst::PolicyImpl {
             None => Ok(annotations),
         }
     }
+
+    /// Get the generalized_slots_annotation from the `cst::Policy`
+    pub fn get_generalized_slots_annotation(
+        &self,
+        contains_slot_in_principal: bool,
+        contains_slot_in_resource: bool,
+        slots_in_cond: HashSet<ast::Slot>,
+    ) -> Result<GeneralizedSlotsAnnotation> {
+        let mut generalized_slots_annotation: BTreeMap<ast::SlotId, JSONSchemaType<RawName>> =
+            BTreeMap::new();
+        let mut all_errs: Vec<ParseErrors> = vec![];
+
+        let cst_generalized_slots_annotation = match &self.generalized_slots_annotation {
+            Some(n) => n.try_as_inner()?.values.clone(),
+            None => vec![],
+        };
+
+        for node in cst_generalized_slots_annotation {
+            let loc = node.loc.clone();
+            let slot_type_pair = match node.try_into_inner() {
+                Ok(slot_type_pair) => slot_type_pair,
+                Err(e) => {
+                    all_errs.push(e.into());
+                    continue;
+                }
+            };
+
+            let ast_slot = match ast::SlotId::try_from(&slot_type_pair.slot) {
+                Ok(ast_slot) => ast_slot,
+                Err(e) => {
+                    all_errs.push(e);
+                    continue;
+                }
+            };
+
+            use std::collections::btree_map::Entry;
+
+            match generalized_slots_annotation.entry(ast_slot.clone()) {
+                Entry::Occupied(oentry) => {
+                    all_errs.push(
+                        ToASTError::new(
+                            ToASTErrorKind::DuplicateGeneralizedSlotAnnotation(
+                                oentry.key().clone(),
+                            ),
+                            loc,
+                        )
+                        .into(),
+                    );
+                }
+
+                Entry::Vacant(ventry) => {
+                    match slot_type_pair.ty.try_as_inner() {
+                        Ok(ty) => {
+                            let t = to_json_schema::cedar_type_to_json_type(Node {
+                                node: ty.clone(),
+                                loc: None,
+                            });
+                            ventry.insert(t);
+                        }
+                        Err(e) => {
+                            all_errs.push(e.into());
+                        }
+                    };
+                }
+            }
+        }
+
+        for slot in generalized_slots_annotation.keys() {
+            if !(slots_in_cond).contains(&ast::Slot {
+                id: slot.clone(),
+                loc: None,
+            }) && !(slot.is_principal() && contains_slot_in_principal)
+                && !(slot.is_resource() && contains_slot_in_resource)
+            {
+                all_errs.push(
+                    ToASTError::new(
+                        ToASTErrorKind::GeneralizedSlotIsAnnotatedNotUsed(slot.clone()),
+                        None,
+                    )
+                    .into(),
+                )
+            }
+        }
+
+        for slot in slots_in_cond {
+            if slot.id.is_generalized_slot()
+                && !(generalized_slots_annotation.contains_key(&slot.id))
+            {
+                all_errs.push(ToASTError::new(
+                    ToASTErrorKind::slots_in_condition_clause_not_in_generalized_slots_annotation(
+                        slot.clone(),
+                    ),
+                    slot.loc,
+                )
+                .into())
+            }
+        }
+
+        match ParseErrors::flatten(all_errs) {
+            Some(errs) => Err(errs),
+            None => Ok(generalized_slots_annotation.into()),
+        }
+    }
 }
 
 impl Node<Option<cst::Annotation>> {
@@ -1105,7 +1281,7 @@ impl Node<Option<cst::Cond>> {
     /// `true` if the cond is a `when` clause, `false` if it is an `unless`
     /// clause. (The returned `expr` is already adjusted for this, the `bool` is
     /// for information only.)
-    fn to_expr<Build: ExprBuilder>(&self) -> Result<(Build::Expr, bool)> {
+    pub fn to_expr<Build: ExprBuilder>(&self) -> Result<(Build::Expr, bool)> {
         let cond = self.try_as_inner()?;
         let is_when = cond.cond.to_cond_is_when()?;
 
@@ -2102,32 +2278,47 @@ impl Node<Option<cst::Primary>> {
 
 impl Node<Option<cst::Slot>> {
     fn into_expr<Build: ExprBuilder>(self) -> Result<Build::Expr> {
-        match self.try_as_inner()?.try_into() {
+        match (&self).try_into() {
             Ok(slot_id) => Ok(Build::new()
                 .with_maybe_source_loc(self.loc.as_loc_ref())
                 .slot(slot_id)),
-            Err(e) => Err(self.to_ast_err(e).into()),
+            Err(e) => Err(e),
         }
     }
 }
 
-impl TryFrom<&cst::Slot> for ast::SlotId {
-    type Error = ToASTErrorKind;
-
-    fn try_from(slot: &cst::Slot) -> std::result::Result<Self, Self::Error> {
+impl TryFrom<&Node<Option<cst::Slot>>> for ast::ValidSlotId {
+    type Error = ParseErrors;
+    fn try_from(node: &Node<Option<cst::Slot>>) -> std::result::Result<Self, Self::Error> {
+        let slot = node.try_as_inner()?;
         match slot {
-            cst::Slot::Principal => Ok(ast::SlotId::principal()),
-            cst::Slot::Resource => Ok(ast::SlotId::resource()),
-            cst::Slot::Other(slot) => Err(ToASTErrorKind::InvalidSlot(slot.clone())),
+            cst::Slot::Principal => Ok(ast::ValidSlotId::Principal),
+            cst::Slot::Resource => Ok(ast::ValidSlotId::Resource),
+            cst::Slot::Other(s) => match s.as_ref() {
+                "action" | "context" => Err(ToASTError::new(
+                    ToASTErrorKind::ReservedSlotName(slot.to_string().to_smolstr()),
+                    node.loc.clone(),
+                )
+                .into()),
+                _ => Ok(ast::ValidSlotId::GeneralizedSlot(s.parse()?)),
+            },
         }
     }
 }
 
+impl TryFrom<&Node<Option<cst::Slot>>> for ast::SlotId {
+    type Error = ParseErrors;
+    fn try_from(slot: &Node<Option<cst::Slot>>) -> std::result::Result<Self, Self::Error> {
+        slot.try_into().map(ast::SlotId)
+    }
+}
+
 impl From<ast::SlotId> for cst::Slot {
     fn from(slot: ast::SlotId) -> cst::Slot {
         match slot {
             ast::SlotId(ast::ValidSlotId::Principal) => cst::Slot::Principal,
             ast::SlotId(ast::ValidSlotId::Resource) => cst::Slot::Resource,
+            ast::SlotId(ast::ValidSlotId::GeneralizedSlot(id)) => cst::Slot::Other(id.to_smolstr()),
         }
     }
 }
@@ -2335,6 +2526,7 @@ impl Node<Option<cst::RecInit>> {
 fn construct_template_policy(
     id: ast::PolicyID,
     annotations: ast::Annotations,
+    generalized_slots_annotation: ast::GeneralizedSlotsAnnotation,
     effect: ast::Effect,
     principal: ast::PrincipalConstraint,
     action: ast::ActionConstraint,
@@ -2347,6 +2539,7 @@ fn construct_template_policy(
             id,
             loc.into_maybe_loc(),
             annotations,
+            generalized_slots_annotation,
             effect,
             principal,
             action,
@@ -2517,6 +2710,29 @@ mod tests {
         }
     }
 
+    #[track_caller]
+    fn assert_parse_template_succeeds(text: &str) -> ast::Template {
+        text_to_cst::parse_policy(text)
+            .expect("failed parser")
+            .to_template(ast::PolicyID::from_string("id"))
+            .unwrap_or_else(|errs| {
+                panic!("failed conversion to AST:\n{:?}", miette::Report::new(errs))
+            })
+    }
+
+    #[track_caller]
+    fn assert_parse_template_fails(text: &str) -> ParseErrors {
+        let result = text_to_cst::parse_policy(text)
+            .expect("failed parser")
+            .to_template(ast::PolicyID::from_string("id"));
+        match result {
+            Ok(policy) => {
+                panic!("conversion to AST should have failed, but succeeded with:\n{policy}")
+            }
+            Err(errs) => errs,
+        }
+    }
+
     #[test]
     fn show_expr1() {
         assert_parse_expr_succeeds(
@@ -4279,12 +4495,6 @@ mod tests {
                     Arc::new(r#"Folder::"inner""#.parse().unwrap()),
                 ),
             ),
-            (
-                r#"permit(principal, action, resource is Folder in ?resource);"#,
-                PrincipalConstraint::any(),
-                ActionConstraint::any(),
-                ResourceConstraint::is_entity_type_in_slot(Arc::new("Folder".parse().unwrap())),
-            ),
         ] {
             let policy = parse_policy_or_template(None, src).unwrap();
             assert_eq!(policy.principal_constraint(), &p);
@@ -4764,9 +4974,9 @@ mod tests {
             (
                 r#"permit(principal, action, resource) when { principal == ?foo};"#,
                 ExpectedErrorMessageBuilder::error(
-                    "`?foo` is not a valid template slot",
+                    "found template slot ?foo in the condition clause but it does not have a type annotation",
                 ).help(
-                    "a template slot may only be `?principal` or `?resource`",
+                    "generalized slots that appear in the condition clause require a type annotation",
                 ).exactly_one_underline("?foo").build(),
             ),
 
@@ -5602,6 +5812,201 @@ mod tests {
         );
     }
 
+    #[test]
+    fn generalized_slots_annotation() {
+        let txt = r#"
+        template(?age: Long) =>
+        permit(principal, action, resource) when {
+          ?age == 5
+        };
+        "#;
+        assert_parse_template_succeeds(txt);
+
+        let txt = r#"
+        template(?age: Long, ?age: String) =>
+        permit(principal, action, resource) when {
+          ?age == 5
+        };
+        "#;
+        assert_parse_template_fails(txt);
+
+        let txt = r#"
+        template(?age: Long, ?age: Long) =>
+        permit(principal, action, resource) when {
+          ?age == 5
+        };
+        "#;
+        assert_parse_template_fails(txt);
+
+        let txt = r#"
+        template(?age: Long) =>
+        permit(principal, action, resource) when {
+          ?invalid == 5
+        };
+        "#;
+        assert_parse_template_fails(txt);
+
+        let txt = r#"
+        permit(principal, action, resource) when {
+          ?invalid == 5
+        };
+        "#;
+        assert_parse_template_fails(txt);
+
+        let txt = r#"
+        template(?age: Long, ?age: Long) =>
+        permit(principal, action, resource) when {
+          ?invalid == 5
+        };
+        "#;
+        assert_parse_template_fails(txt);
+    }
+
+    #[test]
+    fn generalized_slot_can_be_duplicated_in_the_cond() {
+        let txt = r#"
+        template(?age: Long) =>
+        permit(principal, action, resource) when {
+          ?age == 8 || ?age == 5 
+        };
+        "#;
+        assert_parse_template_succeeds(txt);
+    }
+
+    #[test]
+    fn generalized_slot_annotations_can_be_principal_or_resource() {
+        let txt = r#"
+        template(?principal: University::Department) => 
+        permit(principal == ?principal, action, resource); 
+        "#;
+        assert_parse_template_succeeds(txt);
+
+        let txt = r#"
+        template(?resource: University::Department) => 
+        permit(principal, action, resource == ?resource); 
+        "#;
+        assert_parse_template_succeeds(txt);
+
+        let txt = r#"
+        template(?principal: University::Department, ?resource: University::Department) => 
+        permit(principal == ?principal, action, resource == ?resource); 
+        "#;
+        assert_parse_template_succeeds(txt);
+    }
+
+    // #[test]
+    // fn principal_slot_can_not_appear_in_condition_standalone() {
+    //     let txt = r#"
+    //     permit(principal == ?principal, action, resource) when {
+    //         ?principal
+    //     };
+    //     "#;
+    //     assert_parse_template_succeeds(txt);
+
+    //     let txt = r#"
+    //     permit(principal, action, resource) when {
+    //         ?principal
+    //     };
+    //     "#;
+    //     assert_parse_template_fails(txt);
+    // }
+
+    #[test]
+    fn special_identifiers_can_not_be_used_as_generalized_slot_names() {
+        let txt = r#"
+        template(?action: Long, ?context: Long) =>
+        permit(principal, action, resource);
+        "#;
+        assert_parse_template_fails(txt);
+
+        let txt = r#"
+        permit(principal == ?action, action, resource);
+        "#;
+        assert_parse_template_fails(txt);
+
+        let txt = r#"
+        permit(principal, action, resource == ?context);
+        "#;
+        assert_parse_template_fails(txt);
+    }
+
+    #[test]
+    fn generalized_slots_annotation_can_not_have_duplicate_slots() {
+        let txt = r#"
+        template(?age: Long, ?age: Long) =>
+        permit(principal, action, resource) unless {
+          ?age == 8
+        };
+        "#;
+        assert_parse_template_fails(txt);
+
+        let txt = r#"
+        template(?age: Long, ?age: String) =>
+        permit(principal, action, resource); 
+        "#;
+        assert_parse_template_fails(txt);
+    }
+
+    #[test]
+    fn generalized_slot_can_not_be_duplicated_in_scope() {
+        let txt = r#"
+        permit(principal == ?age, action, resource == ?age);
+        "#;
+        assert_parse_template_fails(txt);
+
+        let txt = r#"
+        template(?name: University::Department) =>
+        forbid(principal == ?name, action, resource == ?name);
+        "#;
+        assert_parse_template_fails(txt);
+
+        let txt = r#"
+        permit(principal == ?principal, action, resource == ?principal);
+        "#;
+        assert_parse_template_fails(txt);
+    }
+
+    #[test]
+    fn generalized_slot_in_annotation_must_be_used() {
+        let txt = r#"
+        template(?temp: Long) => 
+        permit(principal, action, resource); 
+        "#;
+        assert_parse_template_fails(txt);
+
+        let txt = r#"
+        template(?temp: Long, ?rand: String) => 
+        permit(principal, action, resource); 
+        "#;
+        assert_parse_template_fails(txt);
+    }
+
+    #[test]
+    fn generalized_slot_in_cond_not_in_scope_no_type() {
+        let txt = r#"
+        permit(principal, action, resource) unless {
+            ?cond 
+        }; 
+        "#;
+        assert_parse_template_fails(txt);
+
+        let txt = r#"
+        template(?value: Long) => 
+        permit(principal, action, resource) when {
+            ?value == 8 && ?cond
+        }; 
+        "#;
+        assert_parse_template_fails(txt);
+    }
+
+    #[test]
+    fn flipped_principal_resource_in_the_scope_is_not_valid() {
+        let txt = r#"
+        permit(principal == ?resource, action, resource == ?principal); 
+        "#;
+        assert_parse_template_fails(txt);
+    }
+
     #[cfg(feature = "tolerant-ast")]
     #[track_caller]
     fn assert_parse_policy_allows_errors(text: &str) -> ast::StaticPolicy {
@@ -6073,9 +6478,9 @@ mod tests {
             (
                 r#"permit(principal, action, resource) when { principal == ?foo};"#,
                 ExpectedErrorMessageBuilder::error(
-                    "`?foo` is not a valid template slot",
+                    "found template slot ?foo in the condition clause but it does not have a type annotation",
                 ).help(
-                    "a template slot may only be `?principal` or `?resource`",
+                    "generalized slots that appear in the condition clause require a type annotation",
                 ).exactly_one_underline("?foo").build(),
             ),
 
diff --git a/cedar-policy-core/src/parser/err.rs b/cedar-policy-core/src/parser/err.rs
index 2cddcf51b2..cbcb64c25a 100644
--- a/cedar-policy-core/src/parser/err.rs
+++ b/cedar-policy-core/src/parser/err.rs
@@ -148,11 +148,29 @@ pub enum ToASTErrorKind {
     /// conflicting annotations
     #[error("duplicate annotation: @{0}")]
     DuplicateAnnotation(ast::AnyId),
+    /// Returned when we attempt to parse a policy with repeated slot names in
+    /// generalized slot annotations
+    #[error("duplicate generalized slots annotation: @{0}")]
+    DuplicateGeneralizedSlotAnnotation(ast::SlotId),
+    /// Returned when a generalized slot appears in the condition of the template
+    /// but does not have a type annotation
+    #[error(transparent)]
+    #[diagnostic(transparent)]
+    SlotInConditionClauseNotInGeneralizedSlotsAnnotation(
+        #[from] parse_errors::SlotInConditionClauseNotInGeneralizedSlotsAnnotation,
+    ),
+    /// Return when a generalized slot appears in the generalized slots annotation
+    /// but is not used within the template
+    #[error("{0} slot is given a type annotation, however it is not used with the template")]
+    GeneralizedSlotIsAnnotatedNotUsed(ast::SlotId),
     /// Returned when a policy contains template slots in a when/unless clause.
     /// This is not currently supported; see [RFC 3](https://github.com/cedar-policy/rfcs/pull/3).
     #[error(transparent)]
     #[diagnostic(transparent)]
     SlotsInConditionClause(#[from] parse_errors::SlotsInConditionClause),
+    /// Returned when a user tries to use a reserved slot name
+    #[error("{0} is not a valid slot name")]
+    ReservedSlotName(SmolStr),
     /// Returned when a policy is missing one of the three required scope elements
     /// (`principal`, `action`, and `resource`)
     #[error("this policy is missing the `{0}` variable in the scope")]
@@ -455,6 +473,11 @@ impl ToASTErrorKind {
         }
     }
 
+    /// Constructor for the [`ToASTErrorKind::SlotInConditionClauseNotInGeneralizedSlotsAnnotation`] error
+    pub fn slots_in_condition_clause_not_in_generalized_slots_annotation(slot: ast::Slot) -> Self {
+        parse_errors::SlotInConditionClauseNotInGeneralizedSlotsAnnotation { slot }.into()
+    }
+
     /// Constructor for the [`ToASTErrorKind::SlotsInConditionClause`] error
     pub fn slots_in_condition_clause(slot: ast::Slot, clause_type: &'static str) -> Self {
         parse_errors::SlotsInConditionClause { slot, clause_type }.into()
@@ -546,6 +569,16 @@ pub mod parse_errors {
         }
     }
 
+    /// Details about a `SlotInConditionClauseNotInGeneralizedSlotsAnnotation`
+    #[derive(Debug, Clone, Diagnostic, Error, PartialEq, Eq)]
+    #[error("found template slot {} in the condition clause but it does not have a type annotation", slot.id)]
+    #[diagnostic(help(
+        "generalized slots that appear in the condition clause require a type annotation"
+    ))]
+    pub struct SlotInConditionClauseNotInGeneralizedSlotsAnnotation {
+        pub(crate) slot: ast::Slot,
+    }
+
     /// Details about a `SlotsInConditionClause` error.
     #[derive(Debug, Clone, Diagnostic, Error, PartialEq, Eq)]
     #[error("found template slot {} in a `{clause_type}` clause", slot.id)]
@@ -768,6 +801,7 @@ lazy_static! {
             "ACTION",
             "RESOURCE",
             "CONTEXT",
+            "SET"
         ]),
         identifier_sentinel: "IDENTIFIER",
         first_set_identifier_tokens: HashSet::from(["TRUE", "FALSE", "IF"]),
diff --git a/cedar-policy-core/src/parser/fmt.rs b/cedar-policy-core/src/parser/fmt.rs
index ac3675bf48..5944071b3a 100644
--- a/cedar-policy-core/src/parser/fmt.rs
+++ b/cedar-policy-core/src/parser/fmt.rs
@@ -458,11 +458,11 @@ impl fmt::Display for Str {
 impl std::fmt::Display for Slot {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         let src = match self {
-            Slot::Principal => "?principal",
-            Slot::Resource => "?resource",
-            Slot::Other(slot) => slot.as_ref(),
+            Slot::Principal => "principal",
+            Slot::Resource => "resource",
+            Slot::Other(s) => s.as_ref(),
         };
-        write!(f, "{src}")
+        write!(f, "?{src}")
     }
 }
 
diff --git a/cedar-policy-core/src/parser/grammar.lalrpop b/cedar-policy-core/src/parser/grammar.lalrpop
index 540bde8a77..6298f1c4e1 100644
--- a/cedar-policy-core/src/parser/grammar.lalrpop
+++ b/cedar-policy-core/src/parser/grammar.lalrpop
@@ -22,6 +22,9 @@ use lalrpop_util::{ParseError, ErrorRecovery};
 use crate::parser::*;
 use crate::parser::err::{RawErrorRecovery, RawUserError};
 use crate::parser::node::Node;
+use crate::validator::cedar_schema::{Path, Type as SType, AttrDecl, Annotated};
+use crate::ast::{Annotations, Id}; 
+use smol_str::ToSmolStr;
 
 /// `errors` collects generated errors.
 ///
@@ -66,6 +69,12 @@ match {
     "?resource" => RESOURCE_SLOT,
     r"\?[_a-zA-Z][_a-zA-Z0-9]*" => OTHER_SLOT,
 
+    // templates
+    "template",
+    "=>", 
+    "Set" => SET, 
+    "?",
+
     // data input
     r"[_a-zA-Z][_a-zA-Z0-9]*" => IDENTIFIER,
     // The `NUMBER` token is a positive integer.
@@ -104,16 +113,29 @@ Annotation: Node<Option<cst::Annotation>> = {
     <l:@L> "@" <key:AnyIdent> <value: ("(" <Str> ")")?> <r:@R> => Node::with_maybe_source_loc(Some(cst::Annotation{key,value}), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src))))
 }
 
+// SlotType := { Name ':' SType }
+SlotType: Node<Option<cst::SlotType>> = {
+    <l:@L> <slot: Slot> ":" <ty: Type> <r:@R> => {
+        let ty = ty.map(|ty| Some(ty));
+        (Node::with_maybe_source_loc(Some(cst::SlotType{slot, ty}), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))))}, 
+}
+
+// GeneralizedSlotsAnnotation := { 'template' '(' ( SlotType { ',' SlotType } ) ')' '=>' }
+GeneralizedSlotsAnnotation: Node<Option<cst::GeneralizedSlotsAnnotation>> = {
+    <l:@L> "template" "(" <values: Comma<SlotType>> ")" "=>" <r:@R> => Node::with_maybe_source_loc(Some(cst::GeneralizedSlotsAnnotation{ values }), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src))))
+}
+
 // Policy := "label" ('permit' | 'forbid') '(' {VariableDef} ')' {Cond} ;
 pub Policy: Node<Option<cst::Policy>> = {
     <l:@L>
     <annotations:Annotation*>
+    <generalized_slots_annotation:GeneralizedSlotsAnnotation?>
     <effect:AnyIdent>
     "(" <variables: Comma<VariableDef>> ")"
     <conds:Cond*>
     ";"
     <r:@R>
-    => Node::with_maybe_source_loc(Some(cst::Policy::Policy(cst::PolicyImpl{ annotations,effect,variables,conds })), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))),
+    => Node::with_maybe_source_loc(Some(cst::Policy::Policy(cst::PolicyImpl{ annotations,generalized_slots_annotation,effect,variables,conds })), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))),
     <l:@L> <err:!> ";" <r:@R> => {
         // Tolerant AST creates a valid CST node representing the unparsable policy
         #[cfg(feature = "tolerant-ast")]
@@ -167,6 +189,8 @@ CommonIdent: Node<Option<cst::Ident>> = {
         => Node::with_maybe_source_loc(Some(cst::Ident::Then), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))),
     <l:@L> ELSE <r:@R>
         => Node::with_maybe_source_loc(Some(cst::Ident::Else), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))),
+    <l:@L> <i:SET> <r:@R>
+        => Node::with_maybe_source_loc(Some(cst::Ident::Ident( i.into() )), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))),
     <l:@L> <i:IDENTIFIER> <r:@R>
         => Node::with_maybe_source_loc(Some(cst::Ident::Ident( i.into() )), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))),
 }
@@ -397,13 +421,13 @@ RecInit: Node<Option<cst::RecInit>> = {
         => Node::with_maybe_source_loc(Some(cst::RecInit(e1,e2)), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))),
 }
 
-Slot: Node<Option<cst::Slot>> = {
+pub Slot: Node<Option<cst::Slot>> = {
     <l:@L> PRINCIPAL_SLOT <r:@R>
         => Node::with_maybe_source_loc(Some(cst::Slot::Principal), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))),
     <l:@L> RESOURCE_SLOT <r:@R>
         => Node::with_maybe_source_loc(Some(cst::Slot::Resource), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))),
     <l:@L> <s: OTHER_SLOT> <r:@R>
-        => Node::with_maybe_source_loc(Some(cst::Slot::Other(s.into())), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))),
+        => Node::with_maybe_source_loc(Some(cst::Slot::Other(s[1..s.len()].into())), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))),
 }
 
 // LITERAL   := BOOL | INT | STR
@@ -425,3 +449,51 @@ Str: Node<Option<cst::Str>> = {
     <l:@L> <s:STRINGLIT> <r:@R>
         => Node::with_maybe_source_loc(Some(cst::Str::String(s[1..(s.len() - 1)].into())), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))),
 }
+
+/* The following grammar was taken from the schema grammar with changes to make it work with the Policy's terminals */ 
+/* Updates in the grammar of types in either location require changes to both files to ensure that the two definitions line up. */
+
+/* 
+AttrDecls can not have annotations in the policy. We also use Cedar Policy's IDENTIFIER terminal here which is able to express more terminals compared with 
+Cedar Schema's Ident terminal. So any Record that can be expressed in Cedar Schema can also be expressed in Cedar Policy modulo the annotation. 
+*/
+AttrDecls: Vec<Node<Annotated<AttrDecl>>> = {
+    <l:@L> <name: IDENTIFIER> <required:"?"?> ":" <ty:Type> ","? <r:@R>
+        =>? {
+            let name = Node::with_maybe_source_loc(name.to_smolstr(), None); 
+            let annotated = Annotated {
+                data: AttrDecl { name, required: required.is_none(), ty}, 
+                annotations: Annotations::new(), 
+            };
+            Ok(vec![Node::with_maybe_source_loc(annotated, maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src))))])
+        },
+    <l:@L> <name: IDENTIFIER> <required:"?"?> ":" <ty:Type> "," <r:@R> <mut ds: AttrDecls>
+        =>? {
+            let name = Node::with_maybe_source_loc(name.to_smolstr(), None); 
+            let annotated = Annotated {
+                data: AttrDecl { name, required: required.is_none(), ty}, 
+                annotations: Annotations::new(), 
+            };
+            ds.insert(0, Node::with_maybe_source_loc(annotated, maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))));
+            Ok(ds)
+        },
+}
+
+/* We convert the Cedar Policy's Name terminal to Cedar Schema's Path terminal. Name is able to express more terminals 
+compared with Path so any type that can be expressed in Cedar Schema can also be expressed in Cedar Policy. */
+pub Type: Node<SType> = {
+    <n:Name>
+        =>? { 
+            let loc = n.loc.clone().into_maybe_loc(); 
+            match Path::try_from(&n) { 
+                Ok(path) => Ok(Node::with_maybe_source_loc(SType::Ident(path), loc)), 
+                Err(e) => Err(ParseError::User {
+                    error: Node::with_maybe_source_loc(format!("Path parse error {e}"), loc),
+                }),
+            }
+        },
+    <l:@L> SET "<" <t:Type> ">" <r:@R>
+        => Node::with_maybe_source_loc(SType::Set(Box::new(t)), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))),
+    <l:@L> "{" <ds:AttrDecls?> "}" <r:@R>
+        => Node::with_maybe_source_loc(SType::Record(ds.unwrap_or_default()), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))),
+}
diff --git a/cedar-policy-core/src/parser/loc.rs b/cedar-policy-core/src/parser/loc.rs
index b38f98f3ca..03a57ef51d 100644
--- a/cedar-policy-core/src/parser/loc.rs
+++ b/cedar-policy-core/src/parser/loc.rs
@@ -148,7 +148,6 @@ impl IntoMaybeLoc for Option<Loc> {
 
 impl IntoMaybeLoc for Option<&Loc> {
     #[inline]
-    #[allow(clippy::single_option_map)]
     fn into_maybe_loc(self) -> MaybeLoc {
         #[cfg(not(feature = "raw-parsing"))]
         {
diff --git a/cedar-policy-core/src/parser/text_to_cst.rs b/cedar-policy-core/src/parser/text_to_cst.rs
index 671b9d9b0c..868438821c 100644
--- a/cedar-policy-core/src/parser/text_to_cst.rs
+++ b/cedar-policy-core/src/parser/text_to_cst.rs
@@ -120,6 +120,7 @@ lazy_static::lazy_static! {
     static ref PRIMARY_PARSER: grammar::PrimaryParser = grammar::PrimaryParser::new();
     static ref NAME_PARSER: grammar::NameParser = grammar::NameParser::new();
     static ref IDENT_PARSER: grammar::IdentParser = grammar::IdentParser::new();
+    static ref SLOT_PARSER: grammar::SlotParser = grammar::SlotParser::new();
 }
 
 /// Create CST for multiple policies from text
@@ -162,6 +163,11 @@ pub fn parse_ident(text: &str) -> Result<Node<Option<cst::Ident>>, err::ParseErr
     parse_collect_errors(&*IDENT_PARSER, grammar::IdentParser::parse, true, text)
 }
 
+/// Parse text as a slot, or fail if it does not parse as a slot
+pub fn parse_slot(text: &str) -> Result<Node<Option<cst::Slot>>, err::ParseErrors> {
+    parse_collect_errors(&*SLOT_PARSER, grammar::SlotParser::parse, true, text)
+}
+
 /// Create CST for multiple policies from text, but without retaining source information
 #[cfg(feature = "raw-parsing")]
 pub fn parse_policies_raw(text: &str) -> Result<Node<Option<cst::Policies>>, err::ParseErrors> {
@@ -892,7 +898,7 @@ mod tests {
             src,
             &errs,
             &ExpectedErrorMessageBuilder::error("unexpected token `/`")
-                .exactly_one_underline_with_label("/", "expected `@` or identifier")
+                .exactly_one_underline_with_label("/", "expected `@`, `template`, or identifier")
                 .build(),
         );
         let src = r#"
@@ -1147,7 +1153,10 @@ mod tests {
             src,
             &errs,
             &ExpectedErrorMessageBuilder::error("unexpected token `-`")
-                .exactly_one_underline_with_label("-", "expected `(`, `@`, or identifier")
+                .exactly_one_underline_with_label(
+                    "-",
+                    "expected `(`, `@`, `template`, or identifier",
+                )
                 .build(),
         );
 
@@ -1176,7 +1185,10 @@ mod tests {
             src,
             &errs,
             &ExpectedErrorMessageBuilder::error("unexpected token `+`")
-                .exactly_one_underline_with_label("+", "expected `(`, `@`, or identifier")
+                .exactly_one_underline_with_label(
+                    "+",
+                    "expected `(`, `@`, `template`, or identifier",
+                )
                 .build(),
         );
     }
@@ -1453,6 +1465,196 @@ mod tests {
         );
     }
 
+    #[test]
+    fn generalized_templates() {
+        assert_parse_succeeds(
+            parse_policy,
+            r#"
+        template(?age: Long) =>
+        permit(principal, action, resource) when {
+          ?temp == 5
+        };
+        "#,
+        );
+
+        assert_parse_succeeds(
+            parse_policy,
+            r#"
+        permit(principal == ?resources, action, resource) when {
+          principal has true.if
+        };
+        "#,
+        );
+
+        assert_parse_succeeds(
+            parse_policy,
+            r#"
+        permit(principal, action, resource == ?principals) when {
+          principal has true.if
+        };
+        "#,
+        );
+
+        assert_parse_succeeds(
+            parse_policy,
+            r#"
+        template(?age: Long, ?date: datetime) => 
+        permit(principal, action, resource) when {
+          ?age == 8 && ?date == context.date
+        };
+        "#,
+        );
+
+        assert_parse_succeeds(
+            parse_policy,
+            r#"
+        @first("annotation")
+        template(?age: Long, ?date: datetime) => 
+        permit(principal, action, resource) when {
+          ?age == 8 && ?date == context.date
+        };
+        "#,
+        );
+
+        assert_parse_succeeds(
+            parse_policy,
+            r#"
+        @first("annotation")
+        template(?age: Long, ?entity: Group::jane_friends) => 
+        permit(principal, action, resource) when {
+          ?age == 8 && entity in Group
+        };
+        "#,
+        );
+
+        assert_parse_succeeds(
+            parse_policy,
+            r#"
+        @first("annotation")
+        @second("annotation")
+        template(?age: Long, ?date: datetime) => 
+        permit(principal, action, resource) when {
+          ?age == 8 && ?date == context.date
+        };
+        "#,
+        );
+
+        assert_parse_fails(
+            parse_policy,
+            r#"
+        template(?age: Long, ?date: datetime) => 
+        @second("annotation")
+        permit(principal, action, resource) when {
+          ?age == 8 && ?date == context.date
+        };
+        "#,
+        );
+
+        assert_parse_fails(
+            parse_policy,
+            r#"
+        template(?age: Long ?date: datetime) => 
+        permit(principal, action, resource) when {
+          ?age == 8 && ?date == context.date
+        };
+        "#,
+        );
+
+        assert_parse_fails(
+            parse_policy,
+            r#"
+        template(?age: Long, ?date: datetime)  
+        permit(principal, action, resource) when {
+          ?age == 8 && ?date == context.date
+        };
+        "#,
+        );
+
+        assert_parse_fails(
+            parse_policy,
+            r#"
+        template(?age?: Long, ?date: datetime)  
+        permit(principal, action, resource) when {
+          ?age == 8 && ?date == context.date
+        };
+        "#,
+        );
+    }
+
+    #[test]
+    fn generalized_template_set_types() {
+        assert_parse_succeeds(
+            parse_policy,
+            r#"
+        template(?age: Set<Long>, ?date: Set<datetime>) => 
+        permit(principal, action, resource) when {
+          ?age == 8 && ?date == context.date
+        };
+        "#,
+        );
+
+        assert_parse_succeeds(
+            parse_policy,
+            r#"
+        template(?districts: Set<School::District>) => 
+        permit(principal, action, resource); 
+        "#,
+        );
+    }
+
+    #[test]
+    fn generalized_templates_record_types() {
+        assert_parse_succeeds(
+            parse_policy,
+            r#"
+        template(?info: { date: datetime, name: String }) => 
+        permit(principal, action, resource); 
+        "#,
+        );
+
+        assert_parse_succeeds(
+            parse_policy,
+            r#"
+        template(?info: { date: datetime, name: { test: Bool, age: Long } }, ?record: { district?: School::District }) => 
+        permit(principal, action, resource); 
+        "#,
+        );
+
+        assert_parse_succeeds(
+            parse_policy,
+            r#"
+        template(?info: { date: datetime, name: { test: Bool, age: Long } }, ?record: { district?: School::District }) => 
+        permit(principal, action, resource) when {
+            ?info.name.test 
+        }; 
+        "#,
+        );
+
+        assert_parse_succeeds(
+            parse_policy,
+            r#"
+        template(?info: { date?: datetime, name: String, }) => 
+        permit(principal, action, resource); 
+        "#,
+        );
+
+        assert_parse_fails(
+            parse_policy,
+            r#"
+        template(?info: { date?: datetime, name: }) => 
+        permit(principal, action, resource); 
+        "#,
+        );
+
+        assert_parse_fails(
+            parse_policy,
+            r#"
+        template(?info: { date?: datetime, name: String ) => 
+        permit(principal, action, resource); 
+        "#,
+        );
+    }
+
     #[cfg(feature = "raw-parsing")]
     mod raw_parsing {
         use super::*;
diff --git a/cedar-policy-core/src/parser/util.rs b/cedar-policy-core/src/parser/util.rs
index f8e0e61c0d..fe87377af2 100644
--- a/cedar-policy-core/src/parser/util.rs
+++ b/cedar-policy-core/src/parser/util.rs
@@ -61,3 +61,18 @@ pub fn flatten_tuple_4<T1, T2, T3, T4>(
         flatten_tuple_2(flatten_tuple_2(flatten_tuple_2(res1, res2), res3), res4)?;
     Ok((v1, v2, v3, v4))
 }
+
+/// Combine five `Result`s into a single `Result`
+pub fn flatten_tuple_5<T1, T2, T3, T4, T5>(
+    res1: Result<T1>,
+    res2: Result<T2>,
+    res3: Result<T3>,
+    res4: Result<T4>,
+    res5: Result<T5>,
+) -> Result<(T1, T2, T3, T4, T5)> {
+    let ((((v1, v2), v3), v4), v5) = flatten_tuple_2(
+        flatten_tuple_2(flatten_tuple_2(flatten_tuple_2(res1, res2), res3), res4),
+        res5,
+    )?;
+    Ok((v1, v2, v3, v4, v5))
+}
diff --git a/cedar-policy-core/src/validator.rs b/cedar-policy-core/src/validator.rs
index c9cf9e1aa8..f1666c82b7 100644
--- a/cedar-policy-core/src/validator.rs
+++ b/cedar-policy-core/src/validator.rs
@@ -212,7 +212,7 @@ impl Validator {
         // `Policy::resource_constraint()` return a copy of the constraint with
         // the slot filled by the appropriate value.
         Some(
-            self.validate_entity_types_in_slots(p.id(), p.env())
+            self.validate_entity_types_in_slots(p.id(), p.env(), p.generalized_env())
                 .chain(self.validate_linked_action_application(p)),
         )
     }
@@ -429,6 +429,8 @@ mod test {
             ast::PolicyID::from_string("template"),
             ast::PolicyID::from_string("link1"),
             values,
+            HashMap::new(),
+            None,
         )
         .expect("Linking failed!");
         let result = validator.validate(&set, ValidationMode::default());
@@ -448,6 +450,8 @@ mod test {
             ast::PolicyID::from_string("template"),
             ast::PolicyID::from_string("link2"),
             values,
+            HashMap::new(),
+            None,
         )
         .expect("Linking failed!");
         let result = validator.validate(&set, ValidationMode::default());
@@ -482,6 +486,8 @@ mod test {
             ast::PolicyID::from_string("template"),
             ast::PolicyID::from_string("link3"),
             values,
+            HashMap::new(),
+            None,
         )
         .expect("Linking failed!");
         let result = validator.validate(&set, ValidationMode::default());
diff --git a/cedar-policy-core/src/validator/cedar_schema.rs b/cedar-policy-core/src/validator/cedar_schema.rs
index 543754f898..df20518e9c 100644
--- a/cedar-policy-core/src/validator/cedar_schema.rs
+++ b/cedar-policy-core/src/validator/cedar_schema.rs
@@ -17,7 +17,7 @@
 //! The Cedar syntax for schemas
 
 mod ast;
-pub use ast::Path;
+pub use ast::{Annotated, AttrDecl, Path, Type};
 mod err;
 pub mod fmt;
 pub mod parser;
diff --git a/cedar-policy-core/src/validator/cedar_schema/ast.rs b/cedar-policy-core/src/validator/cedar_schema/ast.rs
index b86bdd479e..f830bf6ba9 100644
--- a/cedar-policy-core/src/validator/cedar_schema/ast.rs
+++ b/cedar-policy-core/src/validator/cedar_schema/ast.rs
@@ -18,7 +18,7 @@ use std::{collections::BTreeMap, iter::once};
 
 use crate::{
     ast::{Annotation, Annotations, AnyId, Id, InternalName},
-    parser::{AsLocRef, Loc, MaybeLoc, Node},
+    parser::{self, AsLocRef, Loc, MaybeLoc, Node},
 };
 use itertools::{Either, Itertools};
 use nonempty::NonEmpty;
@@ -149,6 +149,19 @@ impl std::fmt::Display for Path {
     }
 }
 
+impl TryFrom<&Node<Option<parser::cst::Name>>> for Path {
+    type Error = parser::err::ParseErrors;
+    fn try_from(node: &Node<Option<parser::cst::Name>>) -> Result<Self, Self::Error> {
+        let value = node.try_as_inner()?;
+        let basename = value.name.to_valid_ident()?;
+
+        let namespace: Result<Vec<_>, _> =
+            value.path.iter().map(|id| id.to_valid_ident()).collect();
+
+        Ok(Self::new(basename, namespace?, None))
+    }
+}
+
 #[derive(Debug, Clone, PartialEq, Eq, Hash)]
 struct PathInternal {
     basename: Id,
@@ -290,7 +303,7 @@ pub struct EnumEntityDecl {
 }
 
 /// Type definitions
-#[derive(Debug, Clone)]
+#[derive(Debug, Clone, PartialEq, Eq)]
 pub enum Type {
     /// A set of types
     Set(Box<Node<Type>>),
@@ -323,7 +336,7 @@ impl<N> From<PrimitiveType> for json_schema::TypeVariant<N> {
 
 /// Attribute declarations, used in records and entity types.
 /// One [`AttrDecl`] is one key-value pair.
-#[derive(Debug, Clone)]
+#[derive(Debug, Clone, PartialEq, Eq)]
 pub struct AttrDecl {
     /// Name of this attribute
     pub name: Node<SmolStr>,
diff --git a/cedar-policy-core/src/validator/json_schema.rs b/cedar-policy-core/src/validator/json_schema.rs
index bcb25227bf..78146e798a 100644
--- a/cedar-policy-core/src/validator/json_schema.rs
+++ b/cedar-policy-core/src/validator/json_schema.rs
@@ -1207,7 +1207,7 @@ impl From<EntityUID> for ActionEntityUID<Name> {
 /// this [`Type`], including recursively.
 /// See notes on [`Fragment`].
 #[derive(Educe, Debug, Clone, Serialize)]
-#[educe(PartialEq(bound(N: PartialEq)), Eq, PartialOrd, Ord(bound(N: Ord)))]
+#[educe(PartialEq(bound(N: PartialEq)), Eq, PartialOrd, Ord(bound(N: Ord)), Hash(bound(N: Hash)))]
 // This enum is `untagged` with these variants as a workaround to a serde
 // limitation. It is not possible to have the known variants on one enum, and
 // then, have catch-all variant for any unrecognized tag in the same enum that
@@ -1773,7 +1773,7 @@ impl<N> From<TypeVariant<N>> for Type<N> {
 /// this [`RecordType`], including recursively.
 /// See notes on [`Fragment`].
 #[derive(Educe, Debug, Clone, Serialize, Deserialize)]
-#[educe(PartialEq, Eq, PartialOrd, Ord)]
+#[educe(PartialEq, Eq, PartialOrd, Ord, Hash(bound(N: Hash)))]
 #[serde(bound(deserialize = "N: Deserialize<'de> + From<RawName>"))]
 #[serde(rename_all = "camelCase")]
 #[cfg_attr(feature = "wasm", derive(tsify::Tsify))]
@@ -1850,7 +1850,7 @@ impl RecordType<ConditionalName> {
 /// this [`TypeVariant`], including recursively.
 /// See notes on [`Fragment`].
 #[derive(Educe, Debug, Clone, Serialize, Deserialize)]
-#[educe(PartialEq(bound(N: PartialEq)), Eq, PartialOrd, Ord(bound(N: Ord)))]
+#[educe(PartialEq(bound(N: PartialEq)), Eq, PartialOrd, Ord(bound(N: Ord)), Hash(bound(N: Hash)))]
 #[serde(tag = "type")]
 #[serde(bound(deserialize = "N: Deserialize<'de> + From<RawName>"))]
 #[cfg_attr(feature = "wasm", derive(tsify::Tsify))]
@@ -2130,7 +2130,7 @@ impl<'a> arbitrary::Arbitrary<'a> for Type<RawName> {
 /// unknown fields for [`TypeOfAttribute`] should be passed to [`Type`] where
 /// they will be denied (`<https://github.com/serde-rs/serde/issues/1600>`).
 #[derive(Educe, Debug, Clone, Serialize, Deserialize)]
-#[educe(PartialEq, Eq, PartialOrd, Ord)]
+#[educe(PartialEq, Eq, PartialOrd, Ord, Hash(bound(N: Hash)))]
 #[serde(bound(deserialize = "N: Deserialize<'de> + From<RawName>"))]
 pub struct TypeOfAttribute<N> {
     /// Underlying type of the attribute
diff --git a/cedar-policy-core/src/validator/rbac.rs b/cedar-policy-core/src/validator/rbac.rs
index 5ce0c8bda8..424e808e62 100644
--- a/cedar-policy-core/src/validator/rbac.rs
+++ b/cedar-policy-core/src/validator/rbac.rs
@@ -18,8 +18,9 @@
 
 use crate::{
     ast::{
-        self, ActionConstraint, Eid, EntityReference, EntityUID, Policy, PolicyID,
-        PrincipalConstraint, PrincipalOrResourceConstraint, ResourceConstraint, SlotEnv, Template,
+        self, ActionConstraint, Eid, EntityReference, EntityUID, GeneralizedSlotEnv, Policy,
+        PolicyID, PrincipalConstraint, PrincipalOrResourceConstraint, ResourceConstraint, SlotEnv,
+        Template,
     },
     entities::conformance::is_valid_enumerated_entity,
     fuzzy_match::fuzzy_search,
@@ -128,6 +129,7 @@ impl Validator {
         &'a self,
         policy_id: &'a PolicyID,
         slots: &'a SlotEnv,
+        generalized_slots: &'a GeneralizedSlotEnv,
     ) -> impl Iterator<Item = ValidationError> + 'a {
         // All valid entity types in the schema. These will be used to generate
         // suggestion when an entity type is not found.
@@ -137,7 +139,13 @@ impl Validator {
             .map(ToString::to_string)
             .collect::<Vec<_>>();
 
-        slots.values().filter_map(move |euid| {
+        let all_entity_values = slots.values().chain(
+            generalized_slots
+                .values()
+                .filter_map(|restricted_expr| restricted_expr.as_euid()),
+        );
+
+        all_entity_values.filter_map(move |euid| {
             let entity_type = euid.entity_type();
             if !self.schema.is_known_entity_type(entity_type) {
                 let actual_entity_type = entity_type.to_string();
@@ -433,7 +441,10 @@ mod test {
     use std::collections::{HashMap, HashSet};
 
     use crate::{
-        ast::{Effect, Eid, EntityUID, Expr, PolicyID, PrincipalConstraint, ResourceConstraint},
+        ast::{
+            Effect, Eid, EntityUID, Expr, Literal, PolicyID, PrincipalConstraint,
+            ResourceConstraint, RestrictedExpr,
+        },
         est::Annotations,
         parser::{parse_policy, parse_policy_or_template},
         test_utils::{expect_err, ExpectedErrorMessageBuilder},
@@ -532,6 +543,7 @@ mod test {
             PolicyID::from_string("policy0"),
             None,
             ast::Annotations::new(),
+            ast::GeneralizedSlotsAnnotation::new(),
             Effect::Permit,
             PrincipalConstraint::any(),
             ActionConstraint::any(),
@@ -625,6 +637,7 @@ mod test {
             PolicyID::from_string("policy0"),
             None,
             ast::Annotations::new(),
+            ast::GeneralizedSlotsAnnotation::new(),
             Effect::Permit,
             PrincipalConstraint::any(),
             ActionConstraint::is_eq(entity),
@@ -712,10 +725,61 @@ mod test {
             .parse()
             .expect("Expected entity UID to parse.");
         let env = HashMap::from([(ast::SlotId::principal(), undefined_euid)]);
+        let generalized_env = HashMap::from([]);
+
+        let validator = Validator::new(schema);
+        let notes: Vec<ValidationError> = validator
+            .validate_entity_types_in_slots(&PolicyID::from_string("0"), &env, &generalized_env)
+            .collect();
+
+        assert_eq!(1, notes.len());
+        match notes.first() {
+            Some(ValidationError::UnrecognizedEntityType(UnrecognizedEntityType {
+                actual_entity_type,
+                suggested_entity_type,
+                ..
+            })) => {
+                assert_eq!("Undefined", actual_entity_type);
+                assert_eq!(
+                    "User",
+                    suggested_entity_type
+                        .as_ref()
+                        .expect("Expected a suggested entity type")
+                );
+            }
+            _ => panic!("Unexpected variant of ValidationErrorKind."),
+        };
+    }
+
+    #[test]
+    fn undefined_entity_type_in_generalized_env() {
+        let p_name = "User";
+        let schema_file = json_schema::NamespaceDefinition::new(
+            [(
+                p_name.parse().unwrap(),
+                json_schema::StandardEntityType {
+                    member_of_types: vec![],
+                    shape: json_schema::AttributesOrContext::default(),
+                    tags: None,
+                }
+                .into(),
+            )],
+            [],
+        );
+        let schema = schema_file.try_into().expect("Invalid schema");
+
+        let undefined_euid: EntityUID = "Undefined::\"foo\""
+            .parse()
+            .expect("Expected entity UID to parse.");
+        let env = HashMap::from([]);
+        let generalized_env = HashMap::from([(
+            ast::SlotId::generalized_slot("generalized".parse().unwrap()),
+            RestrictedExpr::val(Literal::from(undefined_euid)),
+        )]);
 
         let validator = Validator::new(schema);
         let notes: Vec<ValidationError> = validator
-            .validate_entity_types_in_slots(&PolicyID::from_string("0"), &env)
+            .validate_entity_types_in_slots(&PolicyID::from_string("0"), &env, &generalized_env)
             .collect();
 
         assert_eq!(1, notes.len());
@@ -862,6 +926,7 @@ mod test {
             PolicyID::from_string("policy0"),
             None,
             ast::Annotations::new(),
+            ast::GeneralizedSlotsAnnotation::new(),
             Effect::Permit,
             PrincipalConstraint::any(),
             ActionConstraint::is_eq(entity),
@@ -923,6 +988,7 @@ mod test {
             PolicyID::from_string("policy0"),
             None,
             ast::Annotations::new(),
+            ast::GeneralizedSlotsAnnotation::new(),
             Effect::Permit,
             PrincipalConstraint::is_eq(Arc::new(EntityUID::from_components(
                 entity_type,
@@ -1207,6 +1273,7 @@ mod test {
             PolicyID::from_string("policy0"),
             None,
             ast::Annotations::new(),
+            ast::GeneralizedSlotsAnnotation::new(),
             Effect::Permit,
             PrincipalConstraint::is_eq(Arc::new(principal)),
             ActionConstraint::is_eq(action),
@@ -1596,6 +1663,7 @@ mod test {
             PolicyID::from_string("policy0"),
             None,
             ast::Annotations::new(),
+            ast::GeneralizedSlotsAnnotation::new(),
             Effect::Permit,
             PrincipalConstraint::any(),
             ActionConstraint::is_in([action_grandparent_euid]),
diff --git a/cedar-policy-core/src/validator/schema.rs b/cedar-policy-core/src/validator/schema.rs
index 8ce7e20dd7..bb43047eea 100644
--- a/cedar-policy-core/src/validator/schema.rs
+++ b/cedar-policy-core/src/validator/schema.rs
@@ -157,7 +157,8 @@ impl ValidatorSchemaFragment<ConditionalName, ConditionalName> {
 #[derive(Clone, Debug, Educe)]
 #[educe(Eq, PartialEq)]
 pub struct ValidatorType {
-    ty: Type,
+    /// Type field
+    pub ty: Type,
     #[cfg(feature = "extended-schema")]
     loc: MaybeLoc,
 }
@@ -235,6 +236,9 @@ pub struct ValidatorSchema {
     /// Map from action id names to the [`ValidatorActionId`] object.
     action_ids: HashMap<EntityUID, ValidatorActionId>,
 
+    /// Map from common types to the [`ValidatorType`] they represent.
+    common_types: HashMap<InternalName, ValidatorType>,
+
     /// For easy lookup, this is a map from action name to `Entity` object
     /// for each action in the schema. This information is contained elsewhere
     /// in the `ValidatorSchema`, but not efficient to extract -- getting the
@@ -243,7 +247,7 @@ pub struct ValidatorSchema {
     pub(crate) actions: HashMap<EntityUID, Arc<Entity>>,
 
     #[cfg(feature = "extended-schema")]
-    common_types: HashSet<ValidatorCommonType>,
+    common_types_extended: HashSet<ValidatorCommonType>,
     #[cfg(feature = "extended-schema")]
     namespaces: HashSet<ValidatorNamespace>,
 }
@@ -282,6 +286,7 @@ impl ValidatorSchema {
     pub fn new(
         entity_types: impl IntoIterator<Item = ValidatorEntityType>,
         action_ids: impl IntoIterator<Item = ValidatorActionId>,
+        common_types: impl IntoIterator<Item = (InternalName, ValidatorType)>,
     ) -> Self {
         let entity_types = entity_types
             .into_iter()
@@ -291,9 +296,11 @@ impl ValidatorSchema {
             .into_iter()
             .map(|id| (id.name().clone(), id))
             .collect();
+        let common_types = common_types.into_iter().collect();
         Self::new_from_maps(
             entity_types,
             action_ids,
+            common_types,
             #[cfg(feature = "extended-schema")]
             HashSet::new(),
             #[cfg(feature = "extended-schema")]
@@ -307,7 +314,8 @@ impl ValidatorSchema {
     fn new_from_maps(
         entity_types: HashMap<EntityType, ValidatorEntityType>,
         action_ids: HashMap<EntityUID, ValidatorActionId>,
-        #[cfg(feature = "extended-schema")] common_types: HashSet<ValidatorCommonType>,
+        common_types: HashMap<InternalName, ValidatorType>,
+        #[cfg(feature = "extended-schema")] common_types_extended: HashSet<ValidatorCommonType>,
         #[cfg(feature = "extended-schema")] namespaces: HashSet<ValidatorNamespace>,
     ) -> Self {
         let actions = Self::action_entities_iter(&action_ids)
@@ -316,9 +324,10 @@ impl ValidatorSchema {
         Self {
             entity_types,
             action_ids,
+            common_types,
             actions,
             #[cfg(feature = "extended-schema")]
-            common_types,
+            common_types_extended,
             #[cfg(feature = "extended-schema")]
             namespaces,
         }
@@ -326,8 +335,8 @@ impl ValidatorSchema {
 
     /// Returns an iter of common types in the schema
     #[cfg(feature = "extended-schema")]
-    pub fn common_types(&self) -> impl Iterator<Item = &ValidatorCommonType> {
-        self.common_types.iter()
+    pub fn common_types_extended(&self) -> impl Iterator<Item = &ValidatorCommonType> {
+        self.common_types_extended.iter()
     }
 
     /// Returns an iter of validator namespaces in the schema
@@ -456,8 +465,9 @@ impl ValidatorSchema {
             entity_types: HashMap::new(),
             action_ids: HashMap::new(),
             actions: HashMap::new(),
+            common_types: HashMap::new(),
             #[cfg(feature = "extended-schema")]
-            common_types: HashSet::new(),
+            common_types_extended: HashSet::new(),
             #[cfg(feature = "extended-schema")]
             namespaces: HashSet::new(),
         }
@@ -537,6 +547,39 @@ impl ValidatorSchema {
         )
     }
 
+    /// Construct a [`Type`] from [`json_schema::Type<RawName>`]
+    pub fn json_schema_type_to_validator_type(
+        &self,
+        ty: json_schema::Type<RawName>,
+        extensions: &Extensions<'_>,
+    ) -> Result<Type> {
+        let ext_fragments = std::iter::once(cedar_fragment(extensions)).collect::<Vec<_>>();
+
+        let mut all_defs = AllDefs::new(|| ext_fragments.iter());
+
+        for entity_type in self.entity_type_names() {
+            all_defs.mark_as_defined_as_entity_type(entity_type.name().qualify_with(None));
+        }
+
+        for common_type in self.common_type_names() {
+            all_defs.mark_as_defined_as_common_type(common_type.clone());
+        }
+
+        let common_types = self
+            .common_types
+            .iter()
+            .map(|(name, ty)| (name, ty.clone()))
+            .collect();
+
+        let conditional_ty = ty.conditionally_qualify_type_references(None);
+        let internal_ty = conditional_ty.fully_qualify_type_references(&all_defs)?;
+        let unresolved = try_jsonschema_type_into_validator_type(internal_ty, extensions, None)?;
+
+        unresolved
+            .resolve_common_type_refs(&common_types)
+            .map(|t| t.ty)
+    }
+
     /// Construct a [`ValidatorSchema`] from some number of [`ValidatorSchemaFragment`]s.
     pub fn from_schema_fragments(
         fragments: impl IntoIterator<Item = ValidatorSchemaFragment<ConditionalName, ConditionalName>>,
@@ -820,6 +863,11 @@ impl ValidatorSchema {
             .map(|ct| ValidatorCommonType::new(ct.0, ct.1))
             .collect();
 
+        let common_types: HashMap<InternalName, ValidatorType> = common_types
+            .into_iter()
+            .map(|ct| (ct.0.clone(), ct.1))
+            .collect();
+
         // Return with an error if there is an undeclared entity or action
         // referenced in any fragment. `{entity,action}_children` are provided
         // for the `undeclared_parent_{entities,actions}` arguments because we
@@ -832,11 +880,12 @@ impl ValidatorSchema {
             entity_children.into_keys(),
             &action_ids,
             action_children.into_keys(),
-            common_types.into_values(),
+            common_types.clone().into_values(),
         )?;
         Ok(ValidatorSchema::new_from_maps(
             entity_types,
             action_ids,
+            common_types,
             #[cfg(feature = "extended-schema")]
             common_type_validators,
             #[cfg(feature = "extended-schema")]
@@ -990,6 +1039,16 @@ impl ValidatorSchema {
         self.entity_types.keys()
     }
 
+    /// An iterator over the common type names in the schema.
+    pub fn common_type_names(&self) -> impl Iterator<Item = &InternalName> {
+        self.common_types.keys()
+    }
+
+    /// An iterator over the common types in the schema.
+    pub fn common_types(&self) -> impl Iterator<Item = (&InternalName, &ValidatorType)> {
+        self.common_types.iter()
+    }
+
     /// An iterator over the `ValidatorEntityType`s in the schema.
     pub fn entity_types(&self) -> impl Iterator<Item = &ValidatorEntityType> {
         self.entity_types.values()
@@ -1093,6 +1152,54 @@ impl ValidatorSchema {
     }
 }
 
+/// Construct a [`Type`] from [`json_schema::Type<RawName>`] without a schema
+pub fn json_schema_type_to_validator_type_without_schema(
+    ty: json_schema::Type<RawName>,
+    extensions: &Extensions<'_>,
+) -> Result<Type> {
+    let fragments = std::iter::once(cedar_fragment(extensions)).collect::<Vec<_>>();
+
+    let mut all_defs = AllDefs::new(|| fragments.iter());
+
+    let mut common_types = HashMap::new();
+
+    let primitive_types: Vec<_> = fragments
+        .into_iter()
+        .map(|frag| frag.fully_qualify_type_references(&all_defs))
+        .partition_nonempty()?;
+
+    for ns_def in primitive_types.into_iter().flat_map(|f| f.0.into_iter()) {
+        for (name, ty) in ns_def.common_types.defs {
+            match common_types.entry(name) {
+                Entry::Vacant(v) => v.insert(ty),
+                Entry::Occupied(o) => {
+                    return Err(DuplicateCommonTypeError {
+                        ty: o.key().clone(),
+                    }
+                    .into());
+                }
+            };
+        }
+    }
+
+    for entity_type in ty.common_type_references() {
+        if !all_defs.is_defined_as_common(&entity_type.clone().qualify_with(None)) {
+            all_defs.mark_as_defined_as_entity_type(entity_type.clone().qualify_with(None));
+        }
+    }
+
+    let resolver = CommonTypeResolver::new(&common_types);
+    let common_types: HashMap<&InternalName, ValidatorType> = resolver.resolve(extensions)?;
+
+    let conditional_ty = ty.conditionally_qualify_type_references(None);
+    let internal_ty = conditional_ty.fully_qualify_type_references(&all_defs)?;
+    let unresolved = try_jsonschema_type_into_validator_type(internal_ty, extensions, None)?;
+
+    unresolved
+        .resolve_common_type_refs(&common_types)
+        .map(|t| t.ty)
+}
+
 /// Used to write a schema implicitly overriding the default handling of action
 /// groups.
 #[derive(Debug, Clone, Deserialize)]
diff --git a/cedar-policy-core/src/validator/typecheck.rs b/cedar-policy-core/src/validator/typecheck.rs
index b7bf989fe5..e165ca9135 100644
--- a/cedar-policy-core/src/validator/typecheck.rs
+++ b/cedar-policy-core/src/validator/typecheck.rs
@@ -26,22 +26,25 @@ pub(crate) use typecheck_answer::TypecheckAnswer;
 
 use std::{borrow::Cow, collections::HashSet, iter::zip};
 
-use crate::validator::{
-    extension_schema::ExtensionFunctionType,
-    extensions::ExtensionSchemas,
-    schema::ValidatorSchema,
-    types::{
-        AttributeType, Capability, CapabilitySet, EntityRecordKind, OpenTag, Primitive, RequestEnv,
-        Type,
+use crate::{
+    ast::ValidatorGeneralizedSlotsAnnotation,
+    validator::{
+        extension_schema::ExtensionFunctionType,
+        extensions::ExtensionSchemas,
+        schema::ValidatorSchema,
+        types::{
+            AttributeType, Capability, CapabilitySet, EntityRecordKind, OpenTag, Primitive,
+            RequestEnv, Type,
+        },
+        validation_errors::{AttributeAccess, LubContext, UnexpectedTypeHelp},
+        ValidationError, ValidationMode, ValidationWarning,
     },
-    validation_errors::{AttributeAccess, LubContext, UnexpectedTypeHelp},
-    ValidationError, ValidationMode, ValidationWarning,
 };
 
 use crate::{
     ast::{
-        BinaryOp, EntityType, EntityUID, Expr, ExprBuilder, ExprKind, Literal, Name, PolicyID,
-        PrincipalOrResourceConstraint, SlotId, Template, UnaryOp, Var,
+        BinaryOp, EntityType, EntityUID, Expr, ExprBuilder, ExprKind, GeneralizedSlotsAnnotation,
+        Literal, Name, PolicyID, PrincipalOrResourceConstraint, SlotId, Template, UnaryOp, Var,
     },
     expr_builder::ExprBuilder as _,
 };
@@ -142,9 +145,17 @@ impl<'a> Typechecker<'a> {
         &'b self,
         t: &'b Template,
     ) -> Vec<(RequestEnv<'b>, PolicyCheck)> {
-        self.apply_typecheck_fn_by_request_env(t, |request_env, policy_id, expr| {
-            self.single_env_typechecking(request_env, policy_id, expr)
-        })
+        self.apply_typecheck_fn_by_request_env(
+            t,
+            |request_env, policy_id, expr, validator_generalized_slots_annotation| {
+                self.single_env_typechecking(
+                    request_env,
+                    policy_id,
+                    expr,
+                    validator_generalized_slots_annotation,
+                )
+            },
+        )
     }
 
     fn single_env_typechecking(
@@ -152,6 +163,7 @@ impl<'a> Typechecker<'a> {
         request_env: &RequestEnv<'_>,
         policy_id: &PolicyID,
         expr: &Expr,
+        validator_generalized_slots_annotation: &ValidatorGeneralizedSlotsAnnotation,
     ) -> PolicyCheck {
         let mut type_errors = Vec::new();
         let single_env_typechecker = SingleEnvTypechecker {
@@ -160,6 +172,7 @@ impl<'a> Typechecker<'a> {
             mode: self.mode,
             policy_id,
             request_env,
+            validator_generalized_slots_annotation,
         };
         let empty_prior_capability = CapabilitySet::new();
         let ans = single_env_typechecker.expect_type(
@@ -188,7 +201,19 @@ impl<'a> Typechecker<'a> {
         t: &'b Template,
         request_env: &RequestEnv<'b>,
     ) -> PolicyCheck {
-        self.single_env_typechecking(request_env, t.id(), &t.condition())
+        let validator_generalized_slots_annotation = GeneralizedSlotsAnnotation::from_iter(
+            t.generalized_slots_annotation()
+                .map(|(k, v)| (k.clone(), v.clone())),
+        )
+        .into_validator_generalized_slots_annotation(self.schema)
+        .expect("Schema is invalid");
+
+        self.single_env_typechecking(
+            request_env,
+            t.id(),
+            &t.condition(),
+            &validator_generalized_slots_annotation,
+        )
     }
 
     /// Apply `typecheck_fn` to the given policy in every schema-defined request
@@ -201,18 +226,30 @@ impl<'a> Typechecker<'a> {
         typecheck_fn: F,
     ) -> Vec<(RequestEnv<'b>, C)>
     where
-        F: Fn(&RequestEnv<'b>, &PolicyID, &Expr) -> C,
+        F: Fn(&RequestEnv<'b>, &PolicyID, &Expr, &ValidatorGeneralizedSlotsAnnotation) -> C,
     {
         // compute `.condition()` just once, and cache it here
         let cond = t.condition();
 
+        let validator_generalized_slots_annotation = GeneralizedSlotsAnnotation::from_iter(
+            t.generalized_slots_annotation()
+                .map(|(k, v)| (k.clone(), v.clone())),
+        )
+        .into_validator_generalized_slots_annotation(self.schema)
+        .expect("Schema is invalid");
+
         // Validate each (principal, resource) pair with the substituted policy
         // for the corresponding action.
         self.unlinked_envs
             .iter()
             .flat_map(|unlinked_e| {
                 self.link_request_env(unlinked_e, t).map(|linked_e| {
-                    let check = typecheck_fn(&linked_e, t.id(), &cond);
+                    let check = typecheck_fn(
+                        &linked_e,
+                        t.id(),
+                        &cond,
+                        &validator_generalized_slots_annotation,
+                    );
                     (linked_e, check)
                 })
             })
@@ -319,6 +356,7 @@ struct SingleEnvTypechecker<'a> {
     policy_id: &'a PolicyID,
     /// The single env which we're performing typechecking for
     request_env: &'a RequestEnv<'a>,
+    validator_generalized_slots_annotation: &'a ValidatorGeneralizedSlotsAnnotation,
 }
 
 impl<'a> SingleEnvTypechecker<'a> {
@@ -380,25 +418,32 @@ impl<'a> SingleEnvTypechecker<'a> {
             ExprKind::Unknown(u) => {
                 TypecheckAnswer::fail(ExprBuilder::with_data(None).unknown(u.clone()))
             }
-            // Template Slots, always has to be an entity.
+            // Template Slots
             ExprKind::Slot(slotid) => TypecheckAnswer::success(
-                ExprBuilder::with_data(Some(if slotid.is_principal() {
-                    self.request_env
-                        .principal_slot()
-                        .clone()
-                        .map(Type::named_entity_reference)
-                        .unwrap_or_else(Type::any_entity_reference)
-                } else if slotid.is_resource() {
-                    self.request_env
-                        .resource_slot()
-                        .clone()
-                        .map(Type::named_entity_reference)
-                        .unwrap_or_else(Type::any_entity_reference)
-                } else {
-                    Type::any_entity_reference()
-                }))
+                ExprBuilder::with_data(Some(
+                    if let Some(validator_ty) = self
+                        .validator_generalized_slots_annotation
+                        .get(slotid)
+                    {
+                        validator_ty.clone()
+                    } else if slotid.is_principal() {
+                        self.request_env
+                            .principal_slot()
+                            .clone()
+                            .map(Type::named_entity_reference)
+                            .unwrap_or_else(Type::any_entity_reference)
+                    } else if slotid.is_resource() {
+                        self.request_env
+                            .resource_slot()
+                            .clone()
+                            .map(Type::named_entity_reference)
+                            .unwrap_or_else(Type::any_entity_reference)
+                    } else {
+                        Type::any_entity_reference()
+                    },
+                ))
                 .with_same_source_loc(e)
-                .slot(*slotid),
+                .slot(slotid.clone()),
             ),
 
             // Literal booleans get singleton type according to their value.
diff --git a/cedar-policy-core/src/validator/typecheck/test/policy.rs b/cedar-policy-core/src/validator/typecheck/test/policy.rs
index 8e95ea2a63..76f8c5b0cb 100644
--- a/cedar-policy-core/src/validator/typecheck/test/policy.rs
+++ b/cedar-policy-core/src/validator/typecheck/test/policy.rs
@@ -107,6 +107,113 @@ fn simple_schema_file() -> json_schema::NamespaceDefinition<RawName> {
     .expect("Expected valid schema")
 }
 
+fn simple_schema_file_1() -> json_schema::NamespaceDefinition<RawName> {
+    serde_json::from_value(serde_json::json!(
+        {
+            "entityTypes": {
+                "Disk": {
+                    "memberOfTypes": [],
+                    "shape": {
+                        "type": "Record",
+                        "additionalAttributes": false,
+                        "attributes": {
+                            "owner": { "type": "String", "required": true}
+                        }
+                    }
+                },
+                "Folder": {
+                    "memberOfTypes": [],
+                    "shape": {
+                        "type": "Record",
+                        "additionalAttributes": false,
+                        "attributes": {
+                            "owner": { "type": "String", "required": true}
+                        }
+                    }
+                },
+                "Document": {
+                    "memberOfTypes": [ "Folder" ],
+                    "shape": {
+                        "type": "Record",
+                        "additionalAttributes": false,
+                        "attributes": {
+                            "owner": { "type": "String", "required": true}
+                        }
+                    }
+                },
+                "Person": {
+                    "memberOfTypes": [],
+                    "shape": {
+                        "type": "Record",
+                        "additionalAttributes": false,
+                        "attributes": {
+                            "age": { "type": "String", "required": false}
+                        }
+                    }
+                },
+                "Long": {
+                    "memberOfTypes": [],
+                    "shape": {
+                        "type": "Record",
+                        "additionalAttributes": false,
+                        "attributes": {
+                            "age": { "type": "String", "required": true}
+                        }
+                    }
+                }
+            },
+            "commonTypes": {
+                "PersonInfo": {
+                    "type": "Record",
+                    "attributes": {
+                        "name": { "type": "String", "required": false},
+                        "age": { "type": "Long", "required": true},
+                    }
+                }
+            },
+            "actions": {
+                "Navigate": {
+                    "memberOf": [],
+                    "appliesTo": {
+                        "principalTypes": ["Person"],
+                        "resourceTypes": ["Disk", "Folder", "Document"]
+                    }
+                }
+            }
+        }
+    ))
+    .expect("Expected valid schema")
+}
+
+fn simple_schema_file_2() -> json_schema::Fragment<RawName> {
+    json_schema::Fragment::from_json_str(
+        r#"
+            { "N::S": {
+                "entityTypes": {
+                    "Foo": {
+                        "shape": {
+                            "type": "Record",
+                            "attributes": {
+                                "name": { "type": "String" }
+                            }
+                        }
+                    },
+                    "Bar": {}
+                },
+                "actions": {
+                  "baz": {
+                    "appliesTo": {
+                      "principalTypes": [ "Bar" ],
+                      "resourceTypes": [ "Foo" ]
+                    }
+                  }
+                }
+            }}
+            "#,
+    )
+    .expect("Expected valid schema")
+}
+
 #[track_caller] // report the caller's location as the location of the panic, not the location in this function
 fn assert_policy_typechecks_permissive_simple_schema(p: impl Into<Arc<Template>>) {
     assert_policy_typechecks_for_mode(simple_schema_file(), p, ValidationMode::Permissive)
@@ -1327,3 +1434,134 @@ mod templates {
         );
     }
 }
+
+mod generalized_templates {
+    use super::*;
+
+    #[test]
+    fn generalized_slot_in_condition_with_type_annotation() {
+        assert_policy_typechecks(
+            simple_schema_file_1(),
+            parse_policy_or_template(
+                None,
+                r#"
+              template(?folder: Folder) => 
+              permit(
+              principal == ?principal, 
+              action, 
+              resource in ?resource) when 
+              { resource in ?folder || 
+               (action == Action::"Navigate" && 
+               ?folder in resource) };"#,
+            )
+            .unwrap(),
+        );
+    }
+
+    #[test]
+    fn generalized_slot_in_condition_with_record_type() {
+        assert_policy_typechecks(
+            simple_schema_file_1(),
+            parse_policy_or_template(
+                None,
+                r#"
+              template(?person: { name: String, age: Bool }) => 
+              permit(
+              principal,
+              action == Action::"Navigate", 
+              resource) when 
+              { ?person.name == resource.owner && 
+                ?person.age == true
+                };"#,
+            )
+            .unwrap(),
+        );
+    }
+
+    #[test]
+    fn generalized_slot_with_common_type_as_type_annotation() {
+        assert_policy_typechecks(
+            simple_schema_file_1(),
+            parse_policy_or_template(
+                None,
+                r#"
+              template(?person: PersonInfo) => 
+              permit(
+              principal,
+              action == Action::"Navigate", 
+              resource) when 
+              { ?person has name && ?person.name == "Alice" ||
+                ?person.age == 8
+                };"#,
+            )
+            .unwrap(),
+        );
+    }
+
+    #[test]
+    fn generalized_slot_with_shadowing_of_primitive_type() {
+        assert_policy_typechecks(
+            simple_schema_file_1(),
+            parse_policy_or_template(
+                None,
+                r#"
+              template(?person: Long) => 
+              permit(
+              principal,
+              action == Action::"Navigate", 
+              resource) when 
+              { ?person.age == "8" };"#,
+            )
+            .unwrap(),
+        );
+
+        assert_policy_typechecks(
+            simple_schema_file_1(),
+            parse_policy_or_template(
+                None,
+                r#"
+              template(?person: __cedar::Long) => 
+              permit(
+              principal,
+              action == Action::"Navigate", 
+              resource) when 
+              { ?person == 8 };"#,
+            )
+            .unwrap(),
+        );
+    }
+
+    #[test]
+    fn type_annotation_for_slot_in_scope() {
+        assert_policy_typechecks(
+            simple_schema_file_1(),
+            parse_policy_or_template(
+                None,
+                r#"
+              template(?resource: Folder) => 
+              permit(
+              principal,
+              action == Action::"Navigate", 
+              resource == ?resource);"#,
+            )
+            .unwrap(),
+        );
+    }
+
+    #[test]
+    fn generalized_slot_with_namespace_type_annotations() {
+        assert_policy_typechecks(
+            simple_schema_file_2(),
+            parse_policy_or_template(
+                None,
+                r#"
+              template(?foo: N::S::Foo) => 
+              permit(
+              principal,
+              action, 
+              resource) when { ?foo.name == "FOO" };"#,
+            )
+            .unwrap(),
+        );
+    }
+}
diff --git a/cedar-policy-core/src/validator/typecheck/test/strict.rs b/cedar-policy-core/src/validator/typecheck/test/strict.rs
index c3f28f7a16..7d7b4178c9 100644
--- a/cedar-policy-core/src/validator/typecheck/test/strict.rs
+++ b/cedar-policy-core/src/validator/typecheck/test/strict.rs
@@ -22,7 +22,7 @@ use std::str::FromStr;
 use std::sync::Arc;
 
 use crate::{
-    ast::{EntityUID, Expr, PolicyID},
+    ast::{EntityUID, Expr, PolicyID, ValidatorGeneralizedSlotsAnnotation},
     extensions::Extensions,
     parser::{parse_policy_or_template, IntoMaybeLoc, Loc},
 };
@@ -54,6 +54,7 @@ fn assert_typechecks_strict(
         mode: ValidationMode::Strict,
         policy_id: &expr_id_placeholder(),
         request_env,
+        validator_generalized_slots_annotation: &ValidatorGeneralizedSlotsAnnotation::new(),
     };
     let mut errs = Vec::new();
     let answer =
@@ -81,6 +82,7 @@ fn assert_strict_type_error(
         mode: ValidationMode::Strict,
         policy_id: &expr_id_placeholder(),
         request_env,
+        validator_generalized_slots_annotation: &ValidatorGeneralizedSlotsAnnotation::new(),
     };
     let mut errs = Vec::new();
     let answer =
@@ -174,6 +176,7 @@ fn strict_typecheck_catches_regular_type_error() {
             mode: ValidationMode::Strict,
             policy_id: &expr_id_placeholder(),
             request_env: &q,
+            validator_generalized_slots_annotation: &ValidatorGeneralizedSlotsAnnotation::new(),
         };
         let mut errs = Vec::new();
         typechecker.expect_type(
diff --git a/cedar-policy-core/src/validator/typecheck/test/test_utils.rs b/cedar-policy-core/src/validator/typecheck/test/test_utils.rs
index c332f21ff2..d354e3f617 100644
--- a/cedar-policy-core/src/validator/typecheck/test/test_utils.rs
+++ b/cedar-policy-core/src/validator/typecheck/test/test_utils.rs
@@ -21,7 +21,10 @@ use cool_asserts::assert_matches;
 use itertools::Itertools;
 use std::{collections::HashSet, hash::Hash, sync::Arc};
 
-use crate::ast::{Context, EntityUID, Expr, PolicyID, Request, Template, ACTION_ENTITY_TYPE};
+use crate::ast::{
+    Context, EntityUID, Expr, PolicyID, Request, Template, ValidatorGeneralizedSlotsAnnotation,
+    ACTION_ENTITY_TYPE,
+};
 use crate::entities::{err::EntitiesError, Entities, EntityJsonParser, TCComputation};
 use crate::extensions::Extensions;
 use crate::parser::{IntoMaybeLoc, Loc, MaybeLoc};
@@ -85,6 +88,8 @@ impl Typechecker<'_> {
     ///
     /// `policy_id`: Policy ID to associate with this `Expr`, for the purposes
     /// of reporting the policy ID in validation errors
+    ///
+    /// Note: This function should not be used to typecheck expressions with generalized templates
     pub(crate) fn typecheck_expr<'a>(
         &self,
         e: &'a Expr,
@@ -112,6 +117,7 @@ impl Typechecker<'_> {
             mode: self.mode,
             policy_id,
             request_env: &request_env,
+            validator_generalized_slots_annotation: &ValidatorGeneralizedSlotsAnnotation::new(),
         };
         let mut type_errors = Vec::new();
         let ans = typechecker.typecheck(&CapabilitySet::new(), e, &mut type_errors);
diff --git a/cedar-policy/protobuf_schema/core.proto b/cedar-policy/protobuf_schema/core.proto
index eca2d807f5..5df1c1f26d 100644
--- a/cedar-policy/protobuf_schema/core.proto
+++ b/cedar-policy/protobuf_schema/core.proto
@@ -17,6 +17,23 @@
 syntax = "proto3";
 package cedar_policy_core;
 
+message TemplateType {
+    oneof data {
+        Name other = 1; 
+        TemplateType set_elem = 2;
+        Record record = 3;
+    }
+    
+    message Record {
+        map<string, AttributeTemplateType> attrs = 1;
+    }
+}
+
+message AttributeTemplateType {
+    TemplateType attr_type = 1;
+    bool is_required = 2;
+}
+
 message Request {
     EntityUid principal = 1;
     EntityUid action = 2;
@@ -67,6 +84,7 @@ message Policy {
     // Value of the `?resource` slot.
     // Omitted/ignored for templates without the `?resource` slot.
     EntityUid resource_euid = 5;
+    map<string, Expr> generalized_values = 6;
 }
 
 enum Effect {
@@ -74,6 +92,16 @@ enum Effect {
     Permit = 1;
 }
 
+message SlotTypePosition {
+    optional TemplateType ty = 1; 
+    optional ScopePosition pos = 2; 
+
+    enum ScopePosition { 
+        principal = 0; 
+        resource = 1; 
+    }
+}
+
 message TemplateBody {
     string id = 1;
     map<string, string> annotations = 3;
@@ -82,20 +110,14 @@ message TemplateBody {
     ActionConstraint action_constraint = 6;
     PrincipalOrResourceConstraint resource_constraint = 7;
     Expr non_scope_constraints = 8;
+    map<string, SlotTypePosition> generalized_slots_annotation = 9;
 }
 
 // an EntityReference may either be an EntityUid or a Slot.
 message EntityReference {
     oneof data {
-        Slot slot = 1;
         EntityUid euid = 2;
-    }
-
-    // if it's a Slot, we know from context which Slot it is,
-    // so we don't need a `SlotId` and can just use this one-armed enum
-    enum Slot {
-        // the one option for the enum
-        unit = 0;
+        SlotId slot = 3;
     }
 }
 
@@ -129,9 +151,16 @@ message PrincipalOrResourceConstraint {
     }
 }
 
-enum SlotId {
-    Principal = 0;
-    Resource = 1;
+message SlotId {
+    oneof data {
+        Any principal = 1; 
+        Any resource = 2; 
+        string GeneralizedSlot = 3; 
+    }
+
+    enum Any {
+        unit = 0;
+    }
 }
 
 message ActionConstraint {
@@ -290,4 +319,4 @@ message Entity {
     map<string, Expr> attrs = 2;
     repeated EntityUid ancestors = 3;
     map<string, Expr> tags = 4;
-}
+}
\ No newline at end of file
diff --git a/cedar-policy/protobuf_schema/validator.proto b/cedar-policy/protobuf_schema/validator.proto
index be298ee69d..f336ab2412 100644
--- a/cedar-policy/protobuf_schema/validator.proto
+++ b/cedar-policy/protobuf_schema/validator.proto
@@ -23,6 +23,7 @@ import "core.proto";
 message Schema {
     repeated EntityDecl entity_decls = 1;
     repeated ActionDecl action_decls = 2;
+    repeated CommonDecl common_decls = 3; 
 }
 
 // the protobuf EntityDecl message contains all of the schema's
@@ -45,6 +46,11 @@ message ActionDecl {
     repeated cedar_policy_core.Name resource_types = 6;
 }
 
+message CommonDecl {
+    cedar_policy_core.Name name = 1;
+    Type validator_type = 2; 
+}
+
 message Type {
     oneof data {
         // Primitive types
@@ -79,4 +85,5 @@ message AttributeType {
 enum ValidationMode {
     Strict = 0;
     Permissive = 1;
-}
+    Partial = 2;
+}
\ No newline at end of file
diff --git a/cedar-policy/src/api.rs b/cedar-policy/src/api.rs
index a5ba07f990..9e99ca06f1 100644
--- a/cedar-policy/src/api.rs
+++ b/cedar-policy/src/api.rs
@@ -26,6 +26,7 @@ mod id;
 #[cfg(feature = "entity-manifest")]
 use cedar_policy_core::validator::entity_manifest;
 // TODO (#1157) implement wrappers for these structs before they become public
+use cedar_policy_core::entities::CedarValueJson;
 #[cfg(feature = "entity-manifest")]
 pub use cedar_policy_core::validator::entity_manifest::{
     AccessTrie, EntityManifest, EntityRoot, Fields, RootAccessTrie,
@@ -2761,6 +2762,8 @@ impl PolicySet {
             template_id.into(),
             new_id.clone().into(),
             unwrapped_vals.clone(),
+            HashMap::new(),
+            None,
         )?;
 
         // PANIC SAFETY: `lossless.link()` will not fail after `ast.link()` succeeds
@@ -2768,7 +2771,82 @@ impl PolicySet {
         let linked_lossless = template
             .lossless
             .clone()
-            .link(unwrapped_vals.iter().map(|(k, v)| (*k, v)))
+            .link(
+                unwrapped_vals.iter().map(|(k, v)| (k.clone(), v)),
+                HashMap::new(),
+            )
+            // The only error case for `lossless.link()` is a template with
+            // slots which are not filled by the provided values. `ast.link()`
+            // will have already errored if there are any unfilled slots in the
+            // template.
+            .expect("ast.link() didn't fail above, so this shouldn't fail");
+        self.policies.insert(
+            new_id,
+            Policy {
+                ast: linked_ast.clone(),
+                lossless: linked_lossless,
+            },
+        );
+        Ok(())
+    }
+
+    /// Similar to the link function for regular templates, but also
+    /// works for generalized templates
+    pub fn generalized_link(
+        &mut self,
+        template_id: PolicyId,
+        new_id: PolicyId,
+        vals: HashMap<SlotId, EntityUid>,
+        generalized_vals: HashMap<SlotId, RestrictedExpression>,
+        schema: Option<Schema>,
+    ) -> Result<(), PolicySetError> {
+        let unwrapped_vals: HashMap<ast::SlotId, ast::EntityUID> = vals
+            .into_iter()
+            .map(|(key, value)| (key.into(), value.into()))
+            .collect();
+
+        let unwrapped_generalized_vals: HashMap<ast::SlotId, ast::RestrictedExpr> =
+            generalized_vals
+                .into_iter()
+                .map(|(key, value)| (key.into(), value.as_ref().clone()))
+                .collect();
+
+        // Try to get the template with the id we're linking from.  We do this
+        // _before_ calling `self.ast.link` because `link` mutates the policy
+        // set by creating a new link entry in a hashmap. This happens even when
+        // trying to link a static policy, which we want to error on here.
+        let Some(template) = self.templates.get(&template_id) else {
+            return Err(if self.policies.contains_key(&template_id) {
+                policy_set_errors::ExpectedTemplate::new().into()
+            } else {
+                policy_set_errors::LinkingError {
+                    inner: ast::LinkingError::NoSuchTemplate {
+                        id: template_id.into(),
+                    },
+                }
+                .into()
+            });
+        };
+
+        let linked_ast = self.ast.link(
+            template_id.into(),
+            new_id.clone().into(),
+            unwrapped_vals.clone(),
+            unwrapped_generalized_vals.clone(),
+            schema.map(|schema| schema.0).as_ref(),
+        )?;
+
+        // PANIC SAFETY: `lossless.link()` will not fail after `ast.link()` succeeds
+        #[allow(clippy::expect_used)]
+        let linked_lossless = template
+            .lossless
+            .clone()
+            .link(
+                unwrapped_vals.iter().map(|(k, v)| (k.clone(), v)),
+                unwrapped_generalized_vals
+                    .iter()
+                    .map(|(k, v)| (k.clone(), v)),
+            )
             // The only error case for `lossless.link()` is a template with
             // slots which are not filled by the provided values. `ast.link()`
             // will have already errored if there are any unfilled slots in the
@@ -2893,12 +2971,19 @@ fn is_static_or_link(
                 .ast
                 .env()
                 .iter()
-                .map(|(id, euid)| (*id, euid.clone()))
+                .map(|(id, euid)| (id.clone(), euid.clone()))
+                .collect();
+            let generalized_values = policy
+                .ast
+                .generalized_env()
+                .iter()
+                .map(|(id, expr)| (id.clone(), expr.clone()))
                 .collect();
             Ok(Either::Right(TemplateLink {
                 new_id: id.into(),
                 template_id: template_id.clone().into(),
                 values,
+                generalized_values,
             }))
         }
         None => policy
@@ -3429,12 +3514,28 @@ impl Policy {
                 .ast
                 .env()
                 .iter()
-                .map(|(key, value)| ((*key).into(), value.clone().into()))
+                .map(|(key, value)| ((key.clone()).into(), value.clone().into()))
                 .collect();
             Some(wrapped_vals)
         }
     }
 
+    /// Get the values this `Template` is linked to, expressed as a map from `SlotId` to `RestrictedExpression`.
+    /// If this is a static policy, this will return `None`.
+    pub fn generalized_template_links(&self) -> Option<HashMap<SlotId, RestrictedExpression>> {
+        if self.is_static() {
+            None
+        } else {
+            let wrapped_generalized_vals: HashMap<SlotId, RestrictedExpression> = self
+                .ast
+                .generalized_env()
+                .iter()
+                .map(|(key, value)| ((key.clone()).into(), RestrictedExpression(value.clone())))
+                .collect();
+            Some(wrapped_generalized_vals)
+        }
+    }
+
     /// Get the `Effect` (`Permit` or `Forbid`) for this instance
     pub fn effect(&self) -> Effect {
         self.ast.effect()
@@ -3563,6 +3664,7 @@ impl Policy {
             // PANIC SAFETY: This `unwrap` here is safe due the invariant (values total map) on policies.
             #[allow(clippy::unwrap_used)]
             ast::EntityReference::Slot(_) => {
+                // TODO: When id is Some, it is a generalized slot and we must handle it differently
                 EntityUid::ref_cast(self.ast.env().get(&slot).unwrap())
             }
         }
@@ -3761,8 +3863,12 @@ impl Policy {
     pub fn to_cedar(&self) -> Option<String> {
         match &self.lossless {
             LosslessPolicy::Empty | LosslessPolicy::Est(_) => Some(self.ast.to_string()),
-            LosslessPolicy::Text { text, slots } => {
-                if slots.is_empty() {
+            LosslessPolicy::Text {
+                text,
+                slots,
+                generalized_slots,
+            } => {
+                if slots.is_empty() && generalized_slots.is_empty() {
                     Some(text.clone())
                 } else {
                     None
@@ -3862,6 +3968,9 @@ pub(crate) enum LosslessPolicy {
         /// this; static policies and (unlinked) templates have an empty map
         /// here
         slots: HashMap<ast::SlotId, ast::EntityUID>,
+        /// For linked policies, map of slot to RestrictedExpr. Only linked
+        /// generalized templates have this.
+        generalized_slots: HashMap<ast::SlotId, ast::RestrictedExpr>,
     },
 }
 
@@ -3871,6 +3980,7 @@ impl LosslessPolicy {
         text.map_or(Self::Empty, |text| Self::Text {
             text: text.into(),
             slots: HashMap::new(),
+            generalized_slots: HashMap::new(),
         })
     }
 
@@ -3883,14 +3993,32 @@ impl LosslessPolicy {
             // Fall back to the `policy` AST if the lossless representation is empty
             Self::Empty => Ok(fallback_est()),
             Self::Est(est) => Ok(est.clone()),
-            Self::Text { text, slots } => {
+            Self::Text {
+                text,
+                slots,
+                generalized_slots,
+            } => {
                 let est =
                     parser::parse_policy_or_template_to_est(text).map_err(ParseErrors::from)?;
-                if slots.is_empty() {
+                if slots.is_empty() && generalized_slots.is_empty() {
                     Ok(est)
                 } else {
-                    let unwrapped_vals = slots.iter().map(|(k, v)| (*k, v.into())).collect();
-                    Ok(est.link(&unwrapped_vals)?)
+                    let unwrapped_vals = slots.iter().map(|(k, v)| (k.clone(), v.into())).collect();
+                    let unwrapped_generalized_vals: Result<
+                        HashMap<ast::SlotId, CedarValueJson>,
+                        _,
+                    > = generalized_slots
+                        .iter()
+                        .map(|(k, v)| -> Result<_, PolicyToJsonError> {
+                            Ok((
+                                k.clone(),
+                                CedarValueJson::from_expr(v.as_borrowed()).map_err(|e| {
+                                    est::LinkingError::UnableToSerializeJSONValueProvided(e)
+                                })?,
+                            ))
+                        })
+                        .collect();
+                    Ok(est.link(&unwrapped_vals, &unwrapped_generalized_vals?)?)
                 }
             }
         }
@@ -3899,6 +4027,7 @@ impl LosslessPolicy {
     fn link<'a>(
         self,
         vals: impl IntoIterator<Item = (ast::SlotId, &'a ast::EntityUID)>,
+        generalized_vals: impl IntoIterator<Item = (ast::SlotId, &'a ast::RestrictedExpr)>,
     ) -> Result<Self, est::LinkingError> {
         match self {
             Self::Empty => Ok(Self::Empty),
@@ -3907,15 +4036,44 @@ impl LosslessPolicy {
                     ast::SlotId,
                     cedar_policy_core::entities::EntityUidJson,
                 > = vals.into_iter().map(|(k, v)| (k, v.into())).collect();
-                Ok(Self::Est(est.link(&unwrapped_est_vals)?))
+                let unwrapped_est_generalized_vals: Result<
+                    HashMap<ast::SlotId, CedarValueJson>,
+                    _,
+                > = generalized_vals
+                    .into_iter()
+                    .map(|(k, v)| -> Result<_, est::LinkingError> {
+                        Ok((
+                            k.clone(),
+                            CedarValueJson::from_expr(v.as_borrowed()).map_err(|e| {
+                                est::LinkingError::UnableToSerializeJSONValueProvided(e)
+                            })?,
+                        ))
+                    })
+                    .collect();
+                Ok(Self::Est(est.link(
+                    &unwrapped_est_vals,
+                    &unwrapped_est_generalized_vals?,
+                )?))
             }
-            Self::Text { text, slots } => {
+            Self::Text {
+                text,
+                slots,
+                generalized_slots,
+            } => {
                 debug_assert!(
-                    slots.is_empty(),
+                    slots.is_empty() && generalized_slots.is_empty(),
                     "shouldn't call link() on an already-linked policy"
                 );
                 let slots = vals.into_iter().map(|(k, v)| (k, v.clone())).collect();
-                Ok(Self::Text { text, slots })
+                let generalized_slots = generalized_vals
+                    .into_iter()
+                    .map(|(k, v)| (k, v.clone()))
+                    .collect();
+                Ok(Self::Text {
+                    text,
+                    slots,
+                    generalized_slots,
+                })
             }
         }
     }
@@ -3931,8 +4089,12 @@ impl LosslessPolicy {
                 Err(e) => write!(f, "<invalid policy: {e}>"),
             },
             Self::Est(est) => write!(f, "{est}"),
-            Self::Text { text, slots } => {
-                if slots.is_empty() {
+            Self::Text {
+                text,
+                slots,
+                generalized_slots,
+            } => {
+                if slots.is_empty() && generalized_slots.is_empty() {
                     write!(f, "{text}")
                 } else {
                     // need to replace placeholders according to `slots`.
@@ -4928,7 +5090,11 @@ pub fn eval_expression(
     let eval = Evaluator::new(request.0.clone(), &entities.0, all_ext);
     Ok(EvalResult::from(
         // Evaluate under the empty slot map, as an expression should not have slots
-        eval.interpret(&expr.0, &ast::SlotEnv::new())?,
+        eval.interpret(
+            &expr.0,
+            &ast::SlotEnv::new(),
+            &ast::GeneralizedSlotEnv::new(),
+        )?,
     ))
 }
 
@@ -5022,29 +5188,42 @@ action CreateList in Create appliesTo {
         };
 
         let schema = schema();
-        assert_eq!(schema.0.common_types().collect::<HashSet<_>>().len(), 3);
+        assert_eq!(
+            schema
+                .0
+                .common_types_extended()
+                .collect::<HashSet<_>>()
+                .len(),
+            3
+        );
         let task_type = ValidatorCommonType {
             name: "Task".into(),
             name_loc: None,
             type_loc: None,
         };
-        assert!(schema.0.common_types().contains(&task_type));
+        assert!(schema.0.common_types_extended().contains(&task_type));
 
         let tasks_type = ValidatorCommonType {
             name: "Tasks".into(),
             name_loc: None,
             type_loc: None,
         };
-        assert!(schema.0.common_types().contains(&tasks_type));
-        assert!(schema.0.common_types().all(|ct| ct.name_loc.is_some()));
-        assert!(schema.0.common_types().all(|ct| ct.type_loc.is_some()));
+        assert!(schema.0.common_types_extended().contains(&tasks_type));
+        assert!(schema
+            .0
+            .common_types_extended()
+            .all(|ct| ct.name_loc.is_some()));
+        assert!(schema
+            .0
+            .common_types_extended()
+            .all(|ct| ct.type_loc.is_some()));
 
         let tasks_type = ValidatorCommonType {
             name: "T".into(),
             name_loc: None,
             type_loc: None,
         };
-        assert!(schema.0.common_types().contains(&tasks_type));
+        assert!(schema.0.common_types_extended().contains(&tasks_type));
 
         let et = ast::EntityType::EntityType(ast::Name::from_normalized_str("List").unwrap());
         let et = schema.0.get_entity_type(&et).unwrap();
diff --git a/cedar-policy/src/api/id.rs b/cedar-policy/src/api/id.rs
index b2b058875c..973d975b60 100644
--- a/cedar-policy/src/api/id.rs
+++ b/cedar-policy/src/api/id.rs
@@ -413,6 +413,12 @@ impl SlotId {
     pub fn resource() -> Self {
         Self(ast::SlotId::resource())
     }
+
+    /// Create a `generalized slot`
+    pub fn generalized_slot(s: impl AsRef<str>) -> Result<Self, ParseErrors> {
+        let id = s.as_ref().parse()?;
+        Ok(Self(ast::SlotId::generalized_slot(id)))
+    }
 }
 
 impl std::fmt::Display for SlotId {
diff --git a/cedar-policy/src/ffi/utils.rs b/cedar-policy/src/ffi/utils.rs
index 24e3ea25c5..199a2a89b4 100644
--- a/cedar-policy/src/ffi/utils.rs
+++ b/cedar-policy/src/ffi/utils.rs
@@ -830,22 +830,6 @@ mod test {
             serde_json::from_value(template_json).expect("failed to parse from JSON");
         template.parse(None).expect("failed to convert to template");
 
-        // Invalid syntax
-        let src = "permit(principal == ?foo, action, resource);";
-        let template: Template =
-            serde_json::from_value(json!(src)).expect("failed to parse from JSON");
-        let err = template
-            .parse(None)
-            .expect_err("should have failed to convert to template");
-        expect_err(
-            src,
-            &err,
-            &ExpectedErrorMessageBuilder::error("failed to parse template from string")
-                .source("expected an entity uid or matching template slot, found ?foo instead of ?principal")
-                .exactly_one_underline("?foo")
-                .build(),
-        );
-
         // Static policies cannot be parsed as templates
         let src = "permit(principal == User::\"alice\", action, resource);";
         let template: Template =
diff --git a/cedar-policy/src/proto/api.rs b/cedar-policy/src/proto/api.rs
index 69da2173ed..c09d49cd55 100644
--- a/cedar-policy/src/proto/api.rs
+++ b/cedar-policy/src/proto/api.rs
@@ -93,6 +93,36 @@ impl TryFrom<&models::PolicySet> for api::PolicySet {
     }
 }
 
+#[allow(clippy::use_self)]
+impl From<&api::ValidationMode> for models::ValidationMode {
+    fn from(v: &api::ValidationMode) -> Self {
+        match v {
+            api::ValidationMode::Strict => models::ValidationMode::Strict,
+            #[cfg(feature = "permissive-validate")]
+            api::ValidationMode::Permissive => models::ValidationMode::Permissive,
+            #[cfg(feature = "partial-validate")]
+            api::ValidationMode::Partial => models::ValidationMode::Partial,
+        }
+    }
+}
+
+#[allow(clippy::use_self)]
+impl From<&models::ValidationMode> for api::ValidationMode {
+    fn from(v: &models::ValidationMode) -> Self {
+        match v {
+            models::ValidationMode::Strict => api::ValidationMode::Strict,
+            #[cfg(feature = "permissive-validate")]
+            models::ValidationMode::Permissive => api::ValidationMode::Permissive,
+            #[cfg(not(feature = "permissive-validate"))]
+            models::ValidationMode::Permissive => panic!("Protobuf specifies permissive validation, but `permissive-validate` feature not enabled in this build"),
+            #[cfg(feature = "partial-validate")]
+            models::ValidationMode::Partial => api::ValidationMode::Partial,
+            #[cfg(not(feature = "partial-validate"))]
+            models::ValidationMode::Partial => panic!("Protobuf specifies partial validation, but `partial-validate` feature not enabled in this build"),
+        }
+    }
+}
+
 /// Macro that implements `traits::Protobuf` for cases where From<> conversions
 /// exist both ways between the api type `$api` and the protobuf model type `$model`
 macro_rules! standard_protobuf_impl {
diff --git a/cedar-policy/src/proto/ast.rs b/cedar-policy/src/proto/ast.rs
index e91a27ff9f..a1c00e8ccc 100644
--- a/cedar-policy/src/proto/ast.rs
+++ b/cedar-policy/src/proto/ast.rs
@@ -18,7 +18,8 @@
 
 use super::models;
 use cedar_policy_core::{
-    ast, evaluator::RestrictedEvaluator, extensions::Extensions, FromNormalizedStr,
+    ast, evaluator::RestrictedEvaluator, extensions::Extensions, validator::RawName,
+    FromNormalizedStr,
 };
 use smol_str::ToSmolStr;
 use std::{collections::HashSet, sync::Arc};
@@ -48,6 +49,14 @@ impl From<&models::Name> for ast::Name {
     }
 }
 
+// PANIC SAFETY: experimental feature
+#[allow(clippy::fallible_impl_from)]
+impl From<&models::Name> for RawName {
+    fn from(v: &models::Name) -> Self {
+        RawName::from_name(ast::InternalName::from(v))
+    }
+}
+
 impl From<&models::Name> for ast::EntityType {
     fn from(v: &models::Name) -> Self {
         ast::EntityType::from(ast::Name::from(v))
@@ -72,6 +81,12 @@ impl From<&ast::Name> for models::Name {
     }
 }
 
+impl From<&RawName> for models::Name {
+    fn from(v: &RawName) -> Self {
+        Self::from(&(v.clone().qualify_with(None)))
+    }
+}
+
 impl From<&ast::EntityType> for models::Name {
     fn from(v: &ast::EntityType) -> Self {
         Self::from(v.as_ref())
@@ -503,9 +518,10 @@ impl From<&ast::Literal> for models::expr::Literal {
 
 impl From<&models::SlotId> for ast::SlotId {
     fn from(v: &models::SlotId) -> Self {
-        match v {
-            models::SlotId::Principal => ast::SlotId::principal(),
-            models::SlotId::Resource => ast::SlotId::resource(),
+        match v.data.as_ref().expect("data field should exist") {
+            models::slot_id::Data::Principal(_) => ast::SlotId::principal(),
+            models::slot_id::Data::Resource(_) => ast::SlotId::resource(),
+            models::slot_id::Data::GeneralizedSlot(s) => s.parse().expect("invalid slot name"),
         }
     }
 }
@@ -517,11 +533,21 @@ impl From<&ast::SlotId> for models::SlotId {
     #[allow(clippy::panic)]
     fn from(v: &ast::SlotId) -> Self {
         if v.is_principal() {
-            models::SlotId::Principal
+            Self {
+                data: Some(models::slot_id::Data::Principal(
+                    models::slot_id::Any::Unit.into(),
+                )),
+            }
         } else if v.is_resource() {
-            models::SlotId::Resource
+            Self {
+                data: Some(models::slot_id::Data::Resource(
+                    models::slot_id::Any::Unit.into(),
+                )),
+            }
         } else {
-            panic!("Slot other than principal or resource")
+            Self {
+                data: Some(models::slot_id::Data::GeneralizedSlot(v.to_string())),
+            }
         }
     }
 }
diff --git a/cedar-policy/src/proto/policy.rs b/cedar-policy/src/proto/policy.rs
index c37fc891c1..f9e72bd08e 100644
--- a/cedar-policy/src/proto/policy.rs
+++ b/cedar-policy/src/proto/policy.rs
@@ -17,9 +17,17 @@
 #![allow(clippy::use_self)]
 
 use super::models;
-use cedar_policy_core::{ast, FromNormalizedStr};
+use cedar_policy_core::{
+    ast::{self, GeneralizedSlotsAnnotation},
+    validator::json_schema,
+    FromNormalizedStr,
+};
 use std::collections::HashMap;
 
+use cedar_policy_core::est;
+use cedar_policy_core::validator::RawName;
+use smol_str::ToSmolStr;
+
 impl From<&models::Policy> for ast::LiteralPolicy {
     // PANIC SAFETY: experimental feature
     #[allow(clippy::expect_used)]
@@ -46,6 +54,14 @@ impl From<&models::Policy> for ast::LiteralPolicy {
             );
         }
 
+        let mut generalized_values: ast::GeneralizedSlotEnv = HashMap::new();
+        for (key, value) in &v.generalized_values {
+            generalized_values.insert(
+                key.parse().expect("invalid slot name"),
+                ast::RestrictedExpr::new(ast::Expr::from(value)).expect("invalid value"),
+            );
+        }
+
         let template_id = ast::PolicyID::from_string(v.template_id.clone());
 
         if v.is_template_link {
@@ -53,6 +69,7 @@ impl From<&models::Policy> for ast::LiteralPolicy {
                 template_id,
                 ast::PolicyID::from_string(v.link_id.as_ref().expect("link_id field should exist")),
                 values,
+                generalized_values,
             )
         } else {
             Self::static_policy(template_id)
@@ -70,6 +87,16 @@ impl TryFrom<&models::Policy> for ast::Policy {
 
 impl From<&ast::LiteralPolicy> for models::Policy {
     fn from(v: &ast::LiteralPolicy) -> Self {
+        let generalized_values = v
+            .generalized_values()
+            .iter()
+            .map(|(key, value)| {
+                let expr = ast::Expr::from(value.clone());
+                let models_expr = models::Expr::from(&expr);
+                (key.to_string(), models_expr)
+            })
+            .collect();
+
         Self {
             template_id: v.template_id().as_ref().to_string(),
             link_id: if v.is_static() {
@@ -84,12 +111,23 @@ impl From<&ast::LiteralPolicy> for models::Policy {
             resource_euid: v
                 .value(&ast::SlotId::resource())
                 .map(models::EntityUid::from),
+            generalized_values,
         }
     }
 }
 
 impl From<&ast::Policy> for models::Policy {
     fn from(v: &ast::Policy) -> Self {
+        let generalized_values = v
+            .generalized_env()
+            .iter()
+            .map(|(key, value)| {
+                let expr = ast::Expr::from(value.clone());
+                let models_expr = models::Expr::from(&expr);
+                (key.to_string(), models_expr)
+            })
+            .collect();
+
         Self {
             template_id: v.template().id().as_ref().to_string(),
             link_id: if v.is_static() {
@@ -106,6 +144,7 @@ impl From<&ast::Policy> for models::Policy {
                 .env()
                 .get(&ast::SlotId::resource())
                 .map(models::EntityUid::from),
+            generalized_values,
         }
     }
 }
@@ -116,10 +155,181 @@ impl From<&models::TemplateBody> for ast::Template {
     }
 }
 
+impl From<&models::slot_type_position::ScopePosition> for ast::ScopePosition {
+    fn from(v: &models::slot_type_position::ScopePosition) -> Self {
+        match v {
+            models::slot_type_position::ScopePosition::Principal => ast::ScopePosition::Principal,
+            &models::slot_type_position::ScopePosition::Resource => ast::ScopePosition::Resource,
+        }
+    }
+}
+
+impl From<&ast::ScopePosition> for models::slot_type_position::ScopePosition {
+    fn from(v: &ast::ScopePosition) -> Self {
+        match v {
+            ast::ScopePosition::Principal => models::slot_type_position::ScopePosition::Principal,
+            ast::ScopePosition::Resource => models::slot_type_position::ScopePosition::Resource,
+        }
+    }
+}
+
+impl From<&models::TemplateType> for json_schema::Type<RawName> {
+    // PANIC SAFETY: experimental feature
+    #[allow(clippy::expect_used)]
+    fn from(v: &models::TemplateType) -> Self {
+        let ty_variant = match &v.data.as_ref().expect("data field should exist") {
+            models::template_type::Data::Other(t) => json_schema::TypeVariant::EntityOrCommon {
+                type_name: RawName::from(t),
+            },
+            models::template_type::Data::SetElem(t) => json_schema::TypeVariant::Set {
+                element: Box::new(json_schema::Type::from(&**t)),
+            },
+            models::template_type::Data::Record(s) => {
+                json_schema::TypeVariant::Record(template_model_to_attributes(&s.attrs))
+            }
+        };
+        json_schema::Type::Type {
+            ty: ty_variant,
+            loc: None,
+        }
+    }
+}
+
+// PANIC SAFETY: experimental feature
+#[allow(clippy::fallible_impl_from)]
+impl From<&json_schema::Type<RawName>> for models::TemplateType {
+    // PANIC SAFETY: experimental feature
+    #[allow(clippy::expect_used, clippy::panic)]
+    fn from(v: &json_schema::Type<RawName>) -> Self {
+        match v {
+            json_schema::Type::Type { ty, loc: _ } => match &ty {
+                json_schema::TypeVariant::Record(r) => {
+                    let record: models::template_type::Record = models::template_type::Record {
+                        attrs: template_attributes_to_model(r),
+                    };
+                    Self {
+                        data: Some(models::template_type::Data::Record(record)),
+                    }
+                }
+                json_schema::TypeVariant::EntityOrCommon { type_name } => Self {
+                    data: Some(models::template_type::Data::Other(models::Name::from(
+                        type_name,
+                    ))),
+                },
+                json_schema::TypeVariant::Set { element } => Self {
+                    data: Some(models::template_type::Data::SetElem(Box::new(
+                        models::TemplateType::from(&**element),
+                    ))),
+                },
+                _ => panic!("TypeVariant<RawName> should not have any other fields"),
+            },
+            json_schema::Type::CommonTypeRef { .. } => {
+                panic!("Type<RawName> should not have any other fields")
+            }
+        }
+    }
+}
+
+fn template_model_to_attributes(
+    v: &HashMap<String, models::AttributeTemplateType>,
+) -> json_schema::RecordType<RawName> {
+    json_schema::RecordType {
+        attributes: v
+            .iter()
+            .map(|(key, value)| (key.to_smolstr(), json_schema::TypeOfAttribute::from(value)))
+            .collect(),
+        additional_attributes: false,
+    }
+}
+
+fn template_attributes_to_model(
+    v: &json_schema::RecordType<RawName>,
+) -> HashMap<String, models::AttributeTemplateType> {
+    v.attributes
+        .iter()
+        .map(|(key, value)| (key.to_string(), models::AttributeTemplateType::from(value)))
+        .collect()
+}
+
+impl From<&models::AttributeTemplateType> for json_schema::TypeOfAttribute<RawName> {
+    // PANIC SAFETY: experimental feature
+    #[allow(clippy::unwrap_used)]
+    fn from(v: &models::AttributeTemplateType) -> Self {
+        let ty: json_schema::Type<RawName> = json_schema::Type::from(v.attr_type.as_ref().unwrap());
+        let annotations = est::Annotations::default();
+        let required = v.is_required;
+
+        Self {
+            ty,
+            annotations,
+            required,
+            // #[cfg(feature = "extended-schema")]
+            loc: None,
+        }
+    }
+}
+
+impl From<&json_schema::TypeOfAttribute<RawName>> for models::AttributeTemplateType {
+    fn from(v: &json_schema::TypeOfAttribute<RawName>) -> Self {
+        Self {
+            attr_type: Some(models::TemplateType::from(&v.ty)),
+            is_required: v.required,
+        }
+    }
+}
+
+impl From<&models::SlotTypePosition> for ast::SlotTypePosition {
+    // PANIC SAFETY: experimental feature
+    #[allow(clippy::panic, clippy::unwrap_used)]
+    fn from(v: &models::SlotTypePosition) -> Self {
+        let ty = v.ty.clone().map(|ty| json_schema::Type::from(&ty));
+        let pos = (v.pos)
+            .map(|v| (&models::slot_type_position::ScopePosition::try_from(v).unwrap()).into());
+
+        match (ty, pos) {
+            (Some(ty), _) => ast::SlotTypePosition::Ty(ty),
+            (_, Some(pos)) => ast::SlotTypePosition::Position(pos),
+            (None, None) => panic!("generalized slot must have either a type or scope assigned"),
+        }
+    }
+}
+
+impl From<&ast::SlotTypePosition> for models::SlotTypePosition {
+    fn from(v: &ast::SlotTypePosition) -> Self {
+        match v {
+            ast::SlotTypePosition::Ty(ty) => {
+                let ty = models::TemplateType::from(ty);
+                Self {
+                    ty: Some(ty),
+                    pos: None,
+                }
+            }
+            ast::SlotTypePosition::Position(pos) => {
+                let pos = models::slot_type_position::ScopePosition::from(pos);
+                Self {
+                    ty: None,
+                    pos: Some(pos.into()),
+                }
+            }
+        }
+    }
+}
+
 impl From<&models::TemplateBody> for ast::TemplateBody {
     // PANIC SAFETY: experimental feature
     #[allow(clippy::expect_used, clippy::unwrap_used)]
     fn from(v: &models::TemplateBody) -> Self {
+        let generalized_slots_annotation: GeneralizedSlotsAnnotation = v
+            .generalized_slots_annotation
+            .iter()
+            .map(|(key, value)| {
+                (
+                    key.parse().expect("invalid slot name"),
+                    ast::SlotTypePosition::from(value),
+                )
+            })
+            .collect();
+
         ast::TemplateBody::new(
             ast::PolicyID::from_string(v.id.clone()),
             None,
@@ -135,6 +345,7 @@ impl From<&models::TemplateBody> for ast::TemplateBody {
                     )
                 })
                 .collect(),
+            generalized_slots_annotation,
             ast::Effect::from(&models::Effect::try_from(v.effect).expect("decode should succeed")),
             ast::PrincipalConstraint::from(
                 v.principal_constraint
@@ -167,9 +378,15 @@ impl From<&ast::TemplateBody> for models::TemplateBody {
             .map(|(key, value)| (key.as_ref().into(), value.as_ref().into()))
             .collect();
 
+        let generalized_slots_annotation: HashMap<String, models::SlotTypePosition> = v
+            .generalized_slots_annotation()
+            .map(|(k, v)| (k.to_string(), models::SlotTypePosition::from(v)))
+            .collect();
+
         Self {
             id: v.id().as_ref().to_string(),
             annotations,
+            generalized_slots_annotation,
             effect: models::Effect::from(&v.effect()).into(),
             principal_constraint: Some(models::PrincipalOrResourceConstraint::from(
                 v.principal_constraint(),
@@ -223,11 +440,7 @@ impl From<&models::EntityReference> for ast::EntityReference {
     fn from(v: &models::EntityReference) -> Self {
         match v.data.as_ref().expect("data field should exist") {
             models::entity_reference::Data::Slot(slot) => {
-                match models::entity_reference::Slot::try_from(*slot)
-                    .expect("decode should succeed")
-                {
-                    models::entity_reference::Slot::Unit => ast::EntityReference::Slot(None),
-                }
+                ast::EntityReference::Slot(ast::SlotId::from(slot), None)
             }
             models::entity_reference::Data::Euid(euid) => {
                 ast::EntityReference::euid(ast::EntityUID::from(euid).into())
@@ -244,10 +457,10 @@ impl From<&ast::EntityReference> for models::EntityReference {
                     models::EntityUid::from(euid.as_ref()),
                 )),
             },
-            ast::EntityReference::Slot(_) => Self {
-                data: Some(models::entity_reference::Data::Slot(
-                    models::entity_reference::Slot::Unit.into(),
-                )),
+            ast::EntityReference::Slot(slot, _) => Self {
+                data: Some(models::entity_reference::Data::Slot(models::SlotId::from(
+                    slot,
+                ))),
             },
         }
     }
@@ -546,9 +759,9 @@ mod test {
             ast::EntityReference::from(&models::EntityReference::from(&er1))
         );
         assert_eq!(
-            ast::EntityReference::Slot(None),
+            ast::EntityReference::Slot(ast::SlotId::principal(), None),
             ast::EntityReference::from(&models::EntityReference::from(
-                &ast::EntityReference::Slot(None)
+                &ast::EntityReference::Slot(ast::SlotId::principal(), None)
             ))
         );
 
@@ -636,13 +849,14 @@ mod test {
             ast::Annotations::from_iter([
                 (
                     ast::AnyId::from_normalized_str("read").unwrap(),
-                    annotation1,
+                    annotation1.clone(),
                 ),
                 (
                     ast::AnyId::from_normalized_str("write").unwrap(),
-                    annotation2,
+                    annotation2.clone(),
                 ),
             ]),
+            ast::GeneralizedSlotsAnnotation::from_iter([]),
             ast::Effect::Permit,
             pc.clone(),
             ac1.clone(),
@@ -654,6 +868,78 @@ mod test {
             ast::TemplateBody::from(&models::TemplateBody::from(&tb))
         );
 
+        let prc1 = ast::PrincipalOrResourceConstraint::is_eq_slot("?user".parse().unwrap());
+
+        assert_eq!(
+            prc1,
+            ast::PrincipalOrResourceConstraint::from(&models::PrincipalOrResourceConstraint::from(
+                &prc1
+            ))
+        );
+
+        let prc2 = ast::PrincipalOrResourceConstraint::is_eq_slot("?photo".parse().unwrap());
+
+        assert_eq!(
+            prc2,
+            ast::PrincipalOrResourceConstraint::from(&models::PrincipalOrResourceConstraint::from(
+                &prc2
+            ))
+        );
+
+        let tb = ast::TemplateBody::new(
+            ast::PolicyID::from_string("template"),
+            None,
+            ast::Annotations::from_iter([
+                (
+                    ast::AnyId::from_normalized_str("read").unwrap(),
+                    annotation1.clone(),
+                ),
+                (
+                    ast::AnyId::from_normalized_str("write").unwrap(),
+                    annotation2.clone(),
+                ),
+            ]),
+            ast::GeneralizedSlotsAnnotation::from_iter([
+                (
+                    ast::SlotId::generalized_slot("generalized".parse().unwrap()),
+                    ast::SlotTypePosition::Ty(json_schema::Type::Type {
+                        ty: json_schema::TypeVariant::EntityOrCommon {
+                            type_name: RawName::new("Bool".parse().unwrap(), None),
+                        },
+                        loc: None,
+                    }),
+                ),
+                (
+                    ast::SlotId::generalized_slot("user".parse().unwrap()),
+                    ast::SlotTypePosition::Ty(json_schema::Type::Type {
+                        ty: json_schema::TypeVariant::EntityOrCommon {
+                            type_name: RawName::new("Long".parse().unwrap(), None),
+                        },
+                        loc: None,
+                    }),
+                ),
+                (
+                    ast::SlotId::generalized_slot("photo".parse().unwrap()),
+                    ast::SlotTypePosition::Position(ast::ScopePosition::Principal),
+                ),
+            ]),
+            ast::Effect::Permit,
+            ast::PrincipalConstraint::new(prc1),
+            ac1.clone(),
+            ast::ResourceConstraint::new(prc2),
+            ast::Expr::is_eq(
+                ast::Expr::val(true),
+                ast::Expr::slot(ast::SlotId::generalized_slot(
+                    "generalized".parse().unwrap(),
+                )),
+            ),
+        );
+
+        assert_eq!(
+            tb,
+            ast::TemplateBody::from(&models::TemplateBody::from(&tb))
+        );
+
         let policy = ast::LiteralPolicy::template_linked_policy(
             ast::PolicyID::from_string("template"),
             ast::PolicyID::from_string("id"),
@@ -661,6 +947,7 @@ mod test {
                 ast::SlotId::principal(),
                 ast::EntityUID::with_eid_and_type("A", "eid").unwrap(),
             )]),
+            HashMap::from_iter([]),
         );
         assert_eq!(
             policy,
@@ -671,6 +958,7 @@ mod test {
             ast::PolicyID::from_string("\0\n \' \"+-$^!"),
             None,
             ast::Annotations::from_iter([]),
+            ast::GeneralizedSlotsAnnotation::from_iter([]),
             ast::Effect::Permit,
             pc,
             ac1,
@@ -689,6 +977,7 @@ mod test {
                 ast::SlotId::principal(),
                 ast::EntityUID::with_eid_and_type("A", "eid").unwrap(),
             )]),
+            HashMap::from_iter([]),
         );
         assert_eq!(
             policy,
@@ -708,8 +997,9 @@ mod test {
                     loc: None,
                 },
             )]),
+            ast::GeneralizedSlotsAnnotation::from_iter([]),
             ast::Effect::Permit,
-            ast::PrincipalConstraint::is_eq_slot(),
+            ast::PrincipalConstraint::is_eq_slot(ast::SlotId::principal()),
             ast::ActionConstraint::Eq(
                 ast::EntityUID::with_eid_and_type("Action", "read")
                     .unwrap()
@@ -749,6 +1039,8 @@ mod test {
                 ast::SlotId::principal(),
                 ast::EntityUID::with_eid_and_type("A", "friend").unwrap(),
             )]),
+            HashMap::from_iter([]),
+            None,
         )
         .unwrap();
         let mut mps = models::PolicySet::from(&ps);
@@ -778,8 +1070,9 @@ mod test {
                     loc: None,
                 },
             )]),
+            ast::GeneralizedSlotsAnnotation::from_iter([]),
             ast::Effect::Permit,
-            ast::PrincipalConstraint::is_eq_slot(),
+            ast::PrincipalConstraint::is_eq_slot(ast::SlotId::principal()),
             ast::ActionConstraint::Eq(
                 ast::EntityUID::with_eid_and_type("Action", "read")
                     .unwrap()
@@ -819,6 +1112,8 @@ mod test {
                 ast::SlotId::principal(),
                 ast::EntityUID::with_eid_and_type("A", "friend").unwrap(),
             )]),
+            HashMap::from_iter([]),
+            None,
         )
         .unwrap();
         let mut mps = models::PolicySet::from(&ps);
diff --git a/cedar-policy/src/proto/validator.rs b/cedar-policy/src/proto/validator.rs
index da85bc3b41..d7691a3946 100644
--- a/cedar-policy/src/proto/validator.rs
+++ b/cedar-policy/src/proto/validator.rs
@@ -17,7 +17,7 @@
 #![allow(clippy::use_self)]
 
 use super::models;
-use cedar_policy_core::validator::types;
+use cedar_policy_core::validator::{types, ValidatorType};
 use cedar_policy_core::{ast, parser::IntoMaybeLoc};
 use nonempty::NonEmpty;
 use smol_str::SmolStr;
@@ -28,6 +28,13 @@ impl From<&cedar_policy_core::validator::ValidatorSchema> for models::Schema {
         Self {
             entity_decls: v.entity_types().map(models::EntityDecl::from).collect(),
             action_decls: v.action_ids().map(models::ActionDecl::from).collect(),
+            common_decls: v
+                .common_types()
+                .map(|(k, v)| models::CommonDecl {
+                    name: Some(models::Name::from(k)),
+                    validator_type: Some(models::Type::from(&v.ty)),
+                })
+                .collect(),
         }
     }
 }
@@ -43,6 +50,19 @@ impl From<&models::Schema> for cedar_policy_core::validator::ValidatorSchema {
             v.action_decls
                 .iter()
                 .map(cedar_policy_core::validator::ValidatorActionId::from),
+            v.common_decls.iter().map(|common_decl| {
+                (
+                    ast::InternalName::from(
+                        common_decl.name.as_ref().expect("name field should exist"),
+                    ),
+                    ValidatorType::new(types::Type::from(
+                        common_decl
+                            .validator_type
+                            .as_ref()
+                            .expect("type field should exist"),
+                    )),
+                )
+            }),
         )
     }
 }
@@ -57,7 +77,9 @@ impl From<&cedar_policy_core::validator::ValidationMode> for models::ValidationM
                 models::ValidationMode::Permissive
             }
             #[cfg(feature = "partial-validate")]
-            cedar_policy_core::validator::ValidationMode::Partial => unimplemented!(),
+            cedar_policy_core::validator::ValidationMode::Partial => {
+                models::ValidationMode::Partial
+            }
         }
     }
 }
@@ -69,6 +91,14 @@ impl From<&models::ValidationMode> for cedar_policy_core::validator::ValidationM
             models::ValidationMode::Permissive => {
                 cedar_policy_core::validator::ValidationMode::Permissive
             }
+            #[cfg(feature = "partial-validate")]
+            models::ValidationMode::Partial => {
+                cedar_policy_core::validator::ValidationMode::Partial
+            }
+            #[cfg(not(feature = "partial-validate"))]
+            models::ValidationMode::Partial => {
+                panic!("Protobuf specifies partial validation, but `partial-validate` feature not enabled in this build")
+            }
         }
     }
 }
@@ -289,7 +319,6 @@ impl From<&models::AttributeType> for types::AttributeType {
                 v.attr_type.as_ref().expect("attr_type field should exist"),
             ),
             is_required: v.is_required,
-            #[cfg(feature = "extended-schema")]
             loc: None,
         }
     }
diff --git a/cedar-testing/src/cedar_test_impl.rs b/cedar-testing/src/cedar_test_impl.rs
index 05f7001fcc..ecfa510088 100644
--- a/cedar-testing/src/cedar_test_impl.rs
+++ b/cedar-testing/src/cedar_test_impl.rs
@@ -309,7 +309,7 @@ impl CedarTestImplementation for RustEngine {
             Extensions::none()
         };
         let evaluator = Evaluator::new(request.clone(), entities, exts);
-        let result = evaluator.interpret(expr, &HashMap::default());
+        let result = evaluator.interpret(expr, &HashMap::default(), &HashMap::default());
         let response = result.ok() == expected;
         TestResult::Success(response)
     }