diff --git a/cedar-language-server/src/schema/fold.rs b/cedar-language-server/src/schema/fold.rs
index 29bdde9f59..671ab8fb5d 100644
--- a/cedar-language-server/src/schema/fold.rs
+++ b/cedar-language-server/src/schema/fold.rs
@@ -80,7 +80,7 @@ pub(crate) fn fold_schema(schema_info: &SchemaInfo) -> Option<Vec<FoldingRange>>
         .filter_map(|et| et.loc.as_loc_ref());
     let action_locs = validator.action_ids().filter_map(|a| a.loc());
     let common_types = validator
-        .common_types()
+        .common_types_extended()
         .filter_map(|ct| ct.type_loc.as_loc_ref());
 
     // Combine all locations and create folding ranges
diff --git a/cedar-language-server/src/schema/symbols.rs b/cedar-language-server/src/schema/symbols.rs
index b0be0e6cc2..602f533746 100644
--- a/cedar-language-server/src/schema/symbols.rs
+++ b/cedar-language-server/src/schema/symbols.rs
@@ -125,7 +125,7 @@ pub(crate) fn schema_symbols(schema_info: &SchemaInfo) -> Option<Vec<DocumentSym
 
     // Create common type symbols
     let common_type_symbols: Vec<DocumentSymbol> = validator
-        .common_types()
+        .common_types_extended()
         .filter_map(|ct| {
             ct.name_loc
                 .as_ref()
diff --git a/cedar-policy-core/Cargo.toml b/cedar-policy-core/Cargo.toml
index 9f442a6427..b71ff4fe49 100644
--- a/cedar-policy-core/Cargo.toml
+++ b/cedar-policy-core/Cargo.toml
@@ -62,6 +62,7 @@ wasm = ["serde-wasm-bindgen", "tsify", "wasm-bindgen"]
 experimental = ["tpe", "tolerant-ast", "extended-schema", "entity-manifest", "partial-validate", "partial-eval"]
 extended-schema = []
 tpe = []
+generalized-templates = []
 
 # Feature for raw parsing
 raw-parsing = []
diff --git a/cedar-policy-core/src/ast.rs b/cedar-policy-core/src/ast.rs
index e8367a647d..00c1f2e9ef 100644
--- a/cedar-policy-core/src/ast.rs
+++ b/cedar-policy-core/src/ast.rs
@@ -54,5 +54,7 @@ mod expr_iterator;
 pub use expr_iterator::*;
 mod annotation;
 pub use annotation::*;
+mod slots_type_declaration;
+pub use slots_type_declaration::*;
 mod expr_visitor;
 pub use expr_visitor::*;
diff --git a/cedar-policy-core/src/ast/expr.rs b/cedar-policy-core/src/ast/expr.rs
index ee3c567ed8..66903de6f9 100644
--- a/cedar-policy-core/src/ast/expr.rs
+++ b/cedar-policy-core/src/ast/expr.rs
@@ -293,13 +293,27 @@ impl<T> Expr<T> {
         self.subexpressions()
             .filter_map(|exp| match &exp.expr_kind {
                 ExprKind::Slot(slotid) => Some(Slot {
-                    id: *slotid,
+                    id: slotid.clone(),
                     loc: exp.source_loc().into_maybe_loc(),
                 }),
                 _ => None,
             })
     }
 
+    /// Iterate over all of the principal and resource slots in this policy AST
+    pub fn principal_and_resource_slots(&self) -> impl Iterator<Item = Slot> + '_ {
+        self.subexpressions()
+            .filter_map(|exp| match &exp.expr_kind {
+                ExprKind::Slot(slotid) if slotid.is_principal() || slotid.is_resource() => {
+                    Some(Slot {
+                        id: slotid.clone(),
+                        loc: exp.source_loc().into_maybe_loc(),
+                    })
+                }
+                _ => None,
+            })
+    }
+
     /// Determine if the expression is projectable under partial evaluation
     /// An expression is projectable if it's guaranteed to never error on evaluation
     /// This is true if the expression is entirely composed of values or unknowns
@@ -1842,7 +1856,7 @@ mod test {
         let e = Expr::slot(SlotId::principal());
         let p = SlotId::principal();
         let r = SlotId::resource();
-        let set: HashSet<SlotId> = HashSet::from_iter([p]);
+        let set: HashSet<SlotId> = HashSet::from_iter([p.clone()]);
         assert_eq!(set, e.slots().map(|slot| slot.id).collect::<HashSet<_>>());
         let e = Expr::or(
             Expr::slot(SlotId::principal()),
diff --git a/cedar-policy-core/src/ast/expr_visitor.rs b/cedar-policy-core/src/ast/expr_visitor.rs
index ee6acd3f26..c5adb9b353 100644
--- a/cedar-policy-core/src/ast/expr_visitor.rs
+++ b/cedar-policy-core/src/ast/expr_visitor.rs
@@ -55,7 +55,7 @@ pub trait ExprVisitor {
         match expr.expr_kind() {
             ExprKind::Lit(lit) => self.visit_literal(lit, loc),
             ExprKind::Var(var) => self.visit_var(*var, loc),
-            ExprKind::Slot(slot) => self.visit_slot(*slot, loc),
+            ExprKind::Slot(slot) => self.visit_slot(slot.clone(), loc),
             ExprKind::Unknown(unknown) => self.visit_unknown(unknown, loc),
             ExprKind::If {
                 test_expr,
diff --git a/cedar-policy-core/src/ast/name.rs b/cedar-policy-core/src/ast/name.rs
index 8482cf6e39..72430ae8d2 100644
--- a/cedar-policy-core/src/ast/name.rs
+++ b/cedar-policy-core/src/ast/name.rs
@@ -21,6 +21,7 @@ use miette::Diagnostic;
 use ref_cast::RefCast;
 use regex::Regex;
 use serde::{Deserialize, Deserializer, Serialize, Serializer};
+use serde_with::{serde_as, DisplayFromStr};
 use smol_str::ToSmolStr;
 use std::collections::HashSet;
 use std::fmt::Display;
@@ -283,9 +284,10 @@ impl<'de> Deserialize<'de> for InternalName {
 /// Clone is O(1).
 // This simply wraps a separate enum -- currently [`ValidSlotId`] -- in case we
 // want to generalize later
-#[derive(Debug, Clone, Copy, Eq, PartialEq, PartialOrd, Ord, Hash, Serialize, Deserialize)]
+#[serde_as]
+#[derive(Debug, Clone, Eq, PartialEq, PartialOrd, Ord, Hash, Serialize, Deserialize)]
 #[serde(transparent)]
-pub struct SlotId(pub(crate) ValidSlotId);
+pub struct SlotId(#[serde_as(as = "DisplayFromStr")] pub(crate) ValidSlotId);
 
 impl SlotId {
     /// Get the slot for `principal`
@@ -298,6 +300,11 @@ impl SlotId {
         Self(ValidSlotId::Resource)
     }
 
+    /// Create a `generalized slot`
+    pub fn generalized_slot(id: Id) -> Self {
+        Self(ValidSlotId::GeneralizedSlot(id))
+    }
+
     /// Check if a slot represents a principal
     pub fn is_principal(&self) -> bool {
         matches!(self, Self(ValidSlotId::Principal))
@@ -307,6 +314,11 @@ impl SlotId {
     pub fn is_resource(&self) -> bool {
         matches!(self, Self(ValidSlotId::Resource))
     }
+
+    /// Check if a slot represents a generalized slot
+    pub fn is_generalized_slot(&self) -> bool {
+        matches!(self, Self(ValidSlotId::GeneralizedSlot(_)))
+    }
 }
 
 impl From<PrincipalOrResource> for SlotId {
@@ -318,28 +330,44 @@ impl From<PrincipalOrResource> for SlotId {
     }
 }
 
+impl std::fmt::Display for ValidSlotId {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        let s = match self {
+            ValidSlotId::Principal => "principal",
+            ValidSlotId::Resource => "resource",
+            ValidSlotId::GeneralizedSlot(id) => id.as_ref(),
+        };
+        write!(f, "?{s}")
+    }
+}
+
+impl FromStr for SlotId {
+    type Err = ParseErrors;
+
+    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        s.parse().map(SlotId)
+    }
+}
+
 impl std::fmt::Display for SlotId {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         write!(f, "{}", self.0)
     }
 }
 
-/// Two possible variants for Slots
-#[derive(Debug, Clone, Copy, Eq, PartialEq, PartialOrd, Ord, Hash, Serialize, Deserialize)]
+/// Three possible variants for Slots
+#[derive(Debug, Clone, Eq, PartialEq, PartialOrd, Ord, Hash)]
 pub(crate) enum ValidSlotId {
-    #[serde(rename = "?principal")]
     Principal,
-    #[serde(rename = "?resource")]
     Resource,
+    GeneralizedSlot(Id), // Slots for generalized templates, for more info see [RFC 98](https://github.com/cedar-policy/rfcs/pull/98).
 }
 
-impl std::fmt::Display for ValidSlotId {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        let s = match self {
-            ValidSlotId::Principal => "principal",
-            ValidSlotId::Resource => "resource",
-        };
-        write!(f, "?{s}")
+impl FromStr for ValidSlotId {
+    type Err = ParseErrors;
+
+    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        crate::parser::parse_slot(s)
     }
 }
 
diff --git a/cedar-policy-core/src/ast/policy.rs b/cedar-policy-core/src/ast/policy.rs
index 191d66079e..3c041e8009 100644
--- a/cedar-policy-core/src/ast/policy.rs
+++ b/cedar-policy-core/src/ast/policy.rs
@@ -15,13 +15,20 @@
  */
 
 use crate::ast::*;
+use crate::entities::{conformance::typecheck_restricted_expr_against_schematype, SchemaType};
+use crate::extensions::Extensions;
 use crate::parser::{AsLocRef, IntoMaybeLoc, Loc, MaybeLoc};
+use crate::validator::{
+    err::SchemaError, json_schema::Type as JSONSchemaType, types::Type as ValidatorType, RawName,
+    ValidatorSchema,
+};
 use annotation::{Annotation, Annotations};
 use educe::Educe;
 use itertools::Itertools;
 use miette::Diagnostic;
 use nonempty::{nonempty, NonEmpty};
 use serde::{Deserialize, Serialize};
+use slots_type_declaration::SlotsTypeDeclaration;
 use smol_str::SmolStr;
 use std::{
     collections::{HashMap, HashSet},
@@ -53,6 +60,9 @@ cfg_tolerant_ast! {
     static DEFAULT_ANNOTATIONS: std::sync::LazyLock<Arc<Annotations>> =
         std::sync::LazyLock::new(|| Arc::new(Annotations::default()));
 
+    static DEFAULT_SLOTS_TYPE_DECLARATION: std::sync::LazyLock<Arc<SlotsTypeDeclaration>> =
+        std::sync::LazyLock::new(|| Arc::new(SlotsTypeDeclaration::default()));
+
     static DEFAULT_PRINCIPAL_CONSTRAINT: std::sync::LazyLock<PrincipalConstraint> =
         std::sync::LazyLock::new(PrincipalConstraint::any);
 
@@ -120,6 +130,7 @@ impl Template {
         id: PolicyID,
         loc: MaybeLoc,
         annotations: Annotations,
+        slots_type_declaration: SlotsTypeDeclaration,
         effect: Effect,
         principal_constraint: PrincipalConstraint,
         action_constraint: ActionConstraint,
@@ -130,6 +141,7 @@ impl Template {
             id,
             loc,
             annotations,
+            slots_type_declaration,
             effect,
             principal_constraint,
             action_constraint,
@@ -154,6 +166,7 @@ impl Template {
         id: PolicyID,
         loc: MaybeLoc,
         annotations: Arc<Annotations>,
+        slots_type_declaration: Arc<SlotsTypeDeclaration>,
         effect: Effect,
         principal_constraint: PrincipalConstraint,
         action_constraint: ActionConstraint,
@@ -164,6 +177,7 @@ impl Template {
             id,
             loc,
             annotations,
+            slots_type_declaration,
             effect,
             principal_constraint,
             action_constraint,
@@ -238,6 +252,18 @@ impl Template {
         self.body.annotations_arc()
     }
 
+    /// Get all slots_type_declaration data.
+    pub fn slots_type_declaration(
+        &self,
+    ) -> impl Iterator<Item = (&SlotId, &JSONSchemaType<RawName>)> {
+        self.body.slots_type_declaration()
+    }
+
+    /// Get [`Arc`] owning the slots_type_declaration data.
+    pub fn slots_type_declaration_arc(&self) -> &Arc<SlotsTypeDeclaration> {
+        self.body.slots_type_declaration_arc()
+    }
+
     /// Get the condition expression of this template.
     ///
     /// This will be a conjunction of the template's scope constraints (on
@@ -247,11 +273,25 @@ impl Template {
         self.body.condition()
     }
 
-    /// List of open slots in this template
+    /// List of open slots in this template including principal, resource, and generalized slots
     pub fn slots(&self) -> impl Iterator<Item = &Slot> {
         self.slots.iter()
     }
 
+    /// List of principal and resource slots in this template
+    pub fn principal_resource_slots(&self) -> impl Iterator<Item = &Slot> {
+        self.slots
+            .iter()
+            .filter(|slot| slot.id.is_principal() || slot.id.is_resource())
+    }
+
+    /// List of generalized slots in this template
+    pub fn generalized_slots(&self) -> impl Iterator<Item = &Slot> {
+        self.slots
+            .iter()
+            .filter(|slot| slot.id.is_generalized_slot())
+    }
+
     /// Check if this template is a static policy
     ///
     /// Static policies can be linked without any slots,
@@ -263,18 +303,40 @@ impl Template {
     /// Ensure that every slot in the template is bound by values,
     /// and that no extra values are bound in values
     /// This upholds invariant (values total map)
+    ///
+    /// All callers of this function
+    /// must enforce INVARIANT that `?principal` and `?resource` slots
+    /// are in values and generalized slots are in generalized_values
     pub fn check_binding(
         template: &Template,
         values: &HashMap<SlotId, EntityUID>,
+        generalized_values: &HashMap<SlotId, RestrictedExpr>,
     ) -> Result<(), LinkingError> {
         // Verify all slots bound
-        let unbound = template
+        let unbound_values_and_generalized_values = template
             .slots
             .iter()
-            .filter(|slot| !values.contains_key(&slot.id))
+            .filter(|slot| {
+                !values.contains_key(&slot.id) && !generalized_values.contains_key(&slot.id)
+            })
+            .collect::<Vec<_>>();
+
+        let extra_values = values
+            .iter()
+            .filter_map(|(slot, _)| {
+                if !template
+                    .slots
+                    .iter()
+                    .any(|template_slot| template_slot.id == *slot)
+                {
+                    Some(slot)
+                } else {
+                    None
+                }
+            })
             .collect::<Vec<_>>();
 
-        let extra = values
+        let extra_generalized_values = generalized_values
             .iter()
             .filter_map(|(slot, _)| {
                 if !template
@@ -289,16 +351,75 @@ impl Template {
             })
             .collect::<Vec<_>>();
 
-        if unbound.is_empty() && extra.is_empty() {
+        if unbound_values_and_generalized_values.is_empty()
+            && extra_values.is_empty()
+            && extra_generalized_values.is_empty()
+        {
             Ok(())
         } else {
             Err(LinkingError::from_unbound_and_extras(
-                unbound.into_iter().map(|slot| slot.id),
-                extra.into_iter().copied(),
+                unbound_values_and_generalized_values
+                    .into_iter()
+                    .map(|slot| slot.id.clone()),
+                extra_values
+                    .into_iter()
+                    .cloned()
+                    .chain(extra_generalized_values.into_iter().cloned()),
             ))
         }
     }
 
+    /// Validates that the values provided for the generalized slots are of the types declared
+    pub fn link_time_type_checking(
+        template: &Template,
+        schema: Option<&ValidatorSchema>,
+        values: &HashMap<SlotId, EntityUID>,
+        generalized_values: &HashMap<SlotId, RestrictedExpr>,
+    ) -> Result<(), LinkingError> {
+        let slots_type_declaration = SlotsTypeDeclaration::from_iter(
+            template
+                .slots_type_declaration()
+                .map(|(k, v)| (k.clone(), v.clone())),
+        );
+        let validator_slots_type_declaration = match schema {
+            Some(schema) => slots_type_declaration.into_validator_slots_type_declaration(schema)?,
+            None => {
+                slots_type_declaration.into_validator_slots_type_declaration_without_schema()?
+            }
+        };
+
+        // Loop through all slots that have a type declaration and check that
+        // the values provided are of that type
+        for (slot, validator_type) in validator_slots_type_declaration.0 {
+            // PANIC SAFETY
+            // all slot values should binded
+            let restricted_expr = if slot.is_principal() || slot.is_resource() {
+                #[allow(clippy::unwrap_used)]
+                RestrictedExpr::val(values.get(&slot).unwrap().clone())
+            } else {
+                #[allow(clippy::unwrap_used)]
+                generalized_values.get(&slot).unwrap().clone()
+            };
+            let borrowed_restricted_expr = restricted_expr.as_borrowed();
+            #[allow(clippy::expect_used)]
+            let schema_ty = &SchemaType::try_from(validator_type.clone())
+                .expect("This should never happen as expected_ty is a statically annotated type");
+            let extensions = Extensions::all_available();
+            typecheck_restricted_expr_against_schematype(
+                borrowed_restricted_expr,
+                schema_ty,
+                extensions,
+            )
+            .map_err(|_| LinkingError::ValueProvidedForSlotIsNotOfTypeSpecified {
+                slot: slot.clone(),
+                value: restricted_expr.clone(),
+                ty: validator_type.clone(),
+            })?
+        }
+
+        Ok(())
+    }
+
     /// Attempt to create a template-linked policy from this template.
     /// This will fail if values for all open slots are not given.
     /// `new_instance_id` is the `PolicyId` for the created template-linked policy.
@@ -306,10 +427,15 @@ impl Template {
         template: Arc<Template>,
         new_id: PolicyID,
         values: HashMap<SlotId, EntityUID>,
+        generalized_values: HashMap<SlotId, RestrictedExpr>,
+        schema: Option<&ValidatorSchema>,
     ) -> Result<Policy, LinkingError> {
         // INVARIANT (policy total map) Relies on check_binding to uphold the invariant
-        Template::check_binding(&template, &values)
-            .map(|_| Policy::new(template, Some(new_id), values))
+        Template::check_binding(&template, &values, &generalized_values)
+            .and_then(|_| {
+                Template::link_time_type_checking(&template, schema, &values, &generalized_values)
+            })
+            .map(|_| Policy::new(template, Some(new_id), values, generalized_values))
     }
 
     /// Take a static policy and create a template and a template-linked policy for it.
@@ -324,7 +450,7 @@ impl Template {
             slots: vec![],
         });
         t.check_invariant();
-        let p = Policy::new(Arc::clone(&t), None, HashMap::new());
+        let p = Policy::new(Arc::clone(&t), None, HashMap::new(), HashMap::new());
         (t, p)
     }
 }
@@ -345,7 +471,7 @@ impl std::fmt::Display for Template {
 }
 
 /// Errors linking templates
-#[derive(Debug, Clone, PartialEq, Eq, Diagnostic, Error)]
+#[derive(Debug, Diagnostic, Error)]
 pub enum LinkingError {
     /// An error with the slot arguments provided
     // INVARIANT: `unbound_values` and `extra_values` can't both be empty
@@ -370,6 +496,31 @@ pub enum LinkingError {
         /// [`PolicyID`] where the conflict exists
         id: PolicyID,
     },
+
+    /// Value provided for slot in scope is not an EntityUID
+    #[error("value provided `{value}` for `{slot}` is not an EntityUID")]
+    ValueProvidedForSlotInScopeNotEntityUID {
+        /// Slot
+        slot: SlotId,
+        /// Value provided
+        value: RestrictedExpr,
+    },
+
+    /// Value provided for a slot is not of the type declared
+    #[error("value provided `{value}` for `{slot}` is not of declared type `{ty}`")]
+    ValueProvidedForSlotIsNotOfTypeSpecified {
+        /// Slot
+        slot: SlotId,
+        /// Value provided
+        value: RestrictedExpr,
+        /// Expected Type
+        ty: ValidatorType,
+    },
+
+    /// Types provided are not found in the Schema
+    #[error(transparent)]
+    #[diagnostic(transparent)]
+    DeclaredTypeNotFoundInSchema(#[from] SchemaError),
 }
 
 impl LinkingError {
@@ -421,23 +572,35 @@ pub struct Policy {
     /// The constructor `new` is only visible in this module,
     /// so it is the responsibility of callers to maintain
     values: HashMap<SlotId, EntityUID>,
+    /// All of the generalized slots in `template` MUST
+    /// be bound by `generalized values`.
+    /// The SlotId for generalized_values should be disjoint from
+    /// values as well
+    generalized_values: HashMap<SlotId, RestrictedExpr>,
 }
 
 impl Policy {
     /// Link a policy to its template
     /// INVARIANT (values total map):
     /// `values` must bind every open slot in `template`
-    fn new(template: Arc<Template>, link_id: Option<PolicyID>, values: SlotEnv) -> Self {
+    fn new(
+        template: Arc<Template>,
+        link_id: Option<PolicyID>,
+        values: SlotEnv,
+        generalized_values: GeneralizedSlotEnv,
+    ) -> Self {
         #[cfg(debug_assertions)]
         {
             // PANIC SAFETY: asserts (value total map invariant) which is justified at call sites
             #[allow(clippy::expect_used)]
-            Template::check_binding(&template, &values).expect("(values total map) does not hold!");
+            Template::check_binding(&template, &values, &generalized_values)
+                .expect("(values total map) does not hold!");
         }
         Self {
             template,
             link: link_id,
             values,
+            generalized_values,
         }
     }
 
@@ -464,13 +627,14 @@ impl Policy {
             id,
             loc,
             annotations,
+            Arc::new(SlotsTypeDeclaration::default()),
             effect,
             PrincipalConstraint::any(),
             ActionConstraint::any(),
             ResourceConstraint::any(),
             when,
         );
-        Self::new(Arc::new(t), None, SlotEnv::new())
+        Self::new(Arc::new(t), None, SlotEnv::new(), GeneralizedSlotEnv::new())
     }
 
     /// Get pointer to the template for this policy
@@ -503,6 +667,13 @@ impl Policy {
         self.template.annotations_arc()
     }
 
+    /// Get all slots_type_declaration data.
+    pub fn slots_type_declaration(
+        &self,
+    ) -> impl Iterator<Item = (&SlotId, &JSONSchemaType<RawName>)> {
+        self.template.slots_type_declaration()
+    }
+
     /// Get the principal constraint for this policy.
     ///
     /// By the invariant, this principal constraint will not contain
@@ -555,6 +726,12 @@ impl Policy {
         &self.values
     }
 
+    /// Get the mapping from generalized SlotIds to RestrictedExprs for this policy. (This will
+    /// be empty for inline policies.)
+    pub fn generalized_env(&self) -> &GeneralizedSlotEnv {
+        &self.generalized_values
+    }
+
     /// Get the ID of this policy.
     pub fn id(&self) -> &PolicyID {
         self.link.as_ref().unwrap_or_else(|| self.template.id())
@@ -567,11 +744,13 @@ impl Policy {
                 template: Arc::new(self.template.new_id(id)),
                 link: None,
                 values: self.values.clone(),
+                generalized_values: self.generalized_values.clone(),
             },
             Some(_) => Policy {
                 template: self.template.clone(),
                 link: Some(id),
                 values: self.values.clone(),
+                generalized_values: self.generalized_values.clone(),
             },
         }
     }
@@ -615,7 +794,7 @@ impl std::fmt::Display for Policy {
                 f,
                 "Template Instance of {}, slots: [{}]",
                 self.template().id(),
-                display_slot_env(self.env())
+                display_slot_env(self.env(), self.generalized_env())
             )
         }
     }
@@ -624,6 +803,9 @@ impl std::fmt::Display for Policy {
 /// Map from Slot Ids to Entity UIDs which fill the slots
 pub type SlotEnv = HashMap<SlotId, EntityUID>;
 
+/// Map from Slot Ids to RestrictedExpr which fill the generalized slots
+pub type GeneralizedSlotEnv = HashMap<SlotId, RestrictedExpr>;
+
 /// Represents either a static policy or a template linked policy.
 ///
 /// Contains less rich information than `Policy`. In particular, this form is
@@ -640,6 +822,8 @@ pub struct LiteralPolicy {
     link_id: Option<PolicyID>,
     /// Values of the slots
     values: SlotEnv,
+    /// Generalized values of the slots
+    generalized_values: GeneralizedSlotEnv,
 }
 
 impl LiteralPolicy {
@@ -651,6 +835,7 @@ impl LiteralPolicy {
             template_id,
             link_id: None,
             values: SlotEnv::new(),
+            generalized_values: GeneralizedSlotEnv::new(),
         }
     }
 
@@ -661,11 +846,13 @@ impl LiteralPolicy {
         template_id: PolicyID,
         link_id: PolicyID,
         values: SlotEnv,
+        generalized_values: GeneralizedSlotEnv,
     ) -> Self {
         Self {
             template_id,
             link_id: Some(link_id),
             values,
+            generalized_values,
         }
     }
 
@@ -673,6 +860,11 @@ impl LiteralPolicy {
     pub fn value(&self, slot: &SlotId) -> Option<&EntityUID> {
         self.values.get(slot)
     }
+
+    /// Returns the hashmap of generalized values
+    pub fn generalized_values(&self) -> GeneralizedSlotEnv {
+        self.generalized_values.clone()
+    }
 }
 
 // Can we verify the hash property?
@@ -713,6 +905,7 @@ mod hashing_tests {
             template_id: PolicyID::from_string("template"),
             link_id: Some(PolicyID::from_string("id")),
             values: map,
+            generalized_values: HashMap::new(),
         }
     }
 
@@ -750,8 +943,14 @@ impl LiteralPolicy {
             .get(&self.template_id)
             .ok_or_else(|| ReificationError::NoSuchTemplate(self.template_id().clone()))?;
         // INVARIANT (values total map)
-        Template::check_binding(template, &self.values).map_err(ReificationError::Linking)?;
-        Ok(Policy::new(template.clone(), self.link_id, self.values))
+        Template::check_binding(template, &self.values, &self.generalized_values)
+            .map_err(ReificationError::Linking)?;
+        Ok(Policy::new(
+            template.clone(),
+            self.link_id,
+            self.values,
+            self.generalized_values,
+        ))
     }
 
     /// Lookup the euid bound by a SlotId
@@ -777,9 +976,14 @@ impl LiteralPolicy {
     }
 }
 
-fn display_slot_env(env: &SlotEnv) -> String {
+fn display_slot_env(env: &SlotEnv, generalized_env: &GeneralizedSlotEnv) -> String {
     env.iter()
         .map(|(slot, value)| format!("{slot} -> {value}"))
+        .chain(
+            generalized_env
+                .iter()
+                .map(|(slot, value)| format!("{slot} -> {value}")),
+        )
         .join(",")
 }
 
@@ -792,7 +996,7 @@ impl std::fmt::Display for LiteralPolicy {
                 f,
                 "Template linked policy of {}, slots: [{}]",
                 self.template_id(),
-                display_slot_env(&self.values),
+                display_slot_env(&self.values, &self.generalized_values),
             )
         }
     }
@@ -804,6 +1008,7 @@ impl From<Policy> for LiteralPolicy {
             template_id: p.template.id().clone(),
             link_id: p.link,
             values: p.values,
+            generalized_values: p.generalized_values,
         }
     }
 }
@@ -904,6 +1109,7 @@ impl StaticPolicy {
         id: PolicyID,
         loc: MaybeLoc,
         annotations: Annotations,
+        slots_type_declaration: SlotsTypeDeclaration,
         effect: Effect,
         principal_constraint: PrincipalConstraint,
         action_constraint: ActionConstraint,
@@ -914,6 +1120,7 @@ impl StaticPolicy {
             id,
             loc,
             annotations,
+            slots_type_declaration,
             effect,
             principal_constraint,
             action_constraint,
@@ -971,6 +1178,8 @@ pub struct TemplateBodyImpl {
     /// Note that the keys are `AnyId`, so Cedar reserved words like `if` and `has`
     /// are explicitly allowed as annotations.
     annotations: Arc<Annotations>,
+    /// Stores the type information for slots
+    slots_type_declaration: Arc<SlotsTypeDeclaration>,
     /// `Effect` of this policy
     effect: Effect,
     /// Scope constraint for principal. This will be a boolean-valued expression:
@@ -1081,6 +1290,32 @@ impl TemplateBody {
         }
     }
 
+    /// Get shared ref to slots_type_declaration
+    pub fn slots_type_declaration_arc(&self) -> &Arc<SlotsTypeDeclaration> {
+        match self {
+            TemplateBody::TemplateBody(TemplateBodyImpl {
+                slots_type_declaration,
+                ..
+            }) => slots_type_declaration,
+            #[cfg(feature = "tolerant-ast")]
+            TemplateBody::TemplateBodyError(_, _) => &DEFAULT_SLOTS_TYPE_DECLARATION,
+        }
+    }
+
+    /// Get all slots_type_declaration data.
+    pub fn slots_type_declaration(
+        &self,
+    ) -> impl Iterator<Item = (&SlotId, &JSONSchemaType<RawName>)> {
+        match self {
+            TemplateBody::TemplateBody(TemplateBodyImpl {
+                slots_type_declaration,
+                ..
+            }) => slots_type_declaration.iter(),
+            #[cfg(feature = "tolerant-ast")]
+            TemplateBody::TemplateBodyError(_, _) => DEFAULT_SLOTS_TYPE_DECLARATION.iter(),
+        }
+    }
+
     /// Get the `principal` scope constraint of this policy.
     pub fn principal_constraint(&self) -> &PrincipalConstraint {
         match self {
@@ -1217,6 +1452,7 @@ impl TemplateBody {
         id: PolicyID,
         loc: MaybeLoc,
         annotations: Arc<Annotations>,
+        slots_type_declaration: Arc<SlotsTypeDeclaration>,
         effect: Effect,
         principal_constraint: PrincipalConstraint,
         action_constraint: ActionConstraint,
@@ -1227,6 +1463,7 @@ impl TemplateBody {
             id,
             loc,
             annotations,
+            slots_type_declaration,
             effect,
             principal_constraint,
             action_constraint,
@@ -1241,6 +1478,7 @@ impl TemplateBody {
         id: PolicyID,
         loc: MaybeLoc,
         annotations: Annotations,
+        slots_type_declaration: SlotsTypeDeclaration,
         effect: Effect,
         principal_constraint: PrincipalConstraint,
         action_constraint: ActionConstraint,
@@ -1251,6 +1489,7 @@ impl TemplateBody {
             id,
             loc,
             annotations: Arc::new(annotations),
+            slots_type_declaration: Arc::new(slots_type_declaration),
             effect,
             principal_constraint,
             action_constraint,
@@ -1384,6 +1623,29 @@ impl PrincipalConstraint {
             _ => self,
         }
     }
+
+    /// Return if the principal constraint has a slot
+    pub fn has_slot(&self) -> bool {
+        matches!(
+            self.constraint,
+            PrincipalOrResourceConstraint::Eq(EntityReference::Slot(_))
+                | PrincipalOrResourceConstraint::In(EntityReference::Slot(_))
+                | PrincipalOrResourceConstraint::IsIn(_, EntityReference::Slot(_))
+        )
+    }
+
+    /// If the principal constraint has a slot, return it
+    pub fn get_slot(self) -> Option<Slot> {
+        match self.constraint {
+            PrincipalOrResourceConstraint::Eq(EntityReference::Slot(l))
+            | PrincipalOrResourceConstraint::In(EntityReference::Slot(l))
+            | PrincipalOrResourceConstraint::IsIn(_, EntityReference::Slot(l)) => Some(Slot {
+                id: SlotId::principal(),
+                loc: l,
+            }),
+            _ => None,
+        }
+    }
 }
 
 impl std::fmt::Display for PrincipalConstraint {
@@ -1491,6 +1753,29 @@ impl ResourceConstraint {
             _ => self,
         }
     }
+
+    /// Return if the resource constraint has a slot
+    pub fn has_slot(&self) -> bool {
+        matches!(
+            self.constraint,
+            PrincipalOrResourceConstraint::Eq(EntityReference::Slot(_))
+                | PrincipalOrResourceConstraint::In(EntityReference::Slot(_))
+                | PrincipalOrResourceConstraint::IsIn(_, EntityReference::Slot(_))
+        )
+    }
+
+    /// If the resource constraint has a slot, return it
+    pub fn get_slot(self) -> Option<Slot> {
+        match self.constraint {
+            PrincipalOrResourceConstraint::Eq(EntityReference::Slot(l))
+            | PrincipalOrResourceConstraint::In(EntityReference::Slot(l))
+            | PrincipalOrResourceConstraint::IsIn(_, EntityReference::Slot(l)) => Some(Slot {
+                id: SlotId::resource(),
+                loc: l,
+            }),
+            _ => None,
+        }
+    }
 }
 
 impl std::fmt::Display for ResourceConstraint {
@@ -2007,6 +2292,7 @@ pub(crate) mod test_generators {
                         permit.clone(),
                         None,
                         Annotations::new(),
+                        SlotsTypeDeclaration::new(),
                         Effect::Permit,
                         principal.clone(),
                         action.clone(),
@@ -2017,6 +2303,7 @@ pub(crate) mod test_generators {
                         forbid.clone(),
                         None,
                         Annotations::new(),
+                        SlotsTypeDeclaration::new(),
                         Effect::Forbid,
                         principal.clone(),
                         action.clone(),
@@ -2056,10 +2343,12 @@ mod test {
             template.check_invariant();
             let t = Arc::new(template);
             let env = t
-                .slots()
-                .map(|slot| (slot.id, EntityUID::with_eid("eid")))
+                .principal_resource_slots()
+                .map(|slot| (slot.id.clone(), EntityUID::with_eid("eid")))
                 .collect();
-            let _ = Template::link(t, PolicyID::from_string("id"), env).expect("Linking failed");
+            let generalized_env = HashMap::new();
+            let _ = Template::link(t, PolicyID::from_string("id"), env, generalized_env, None)
+                .expect("Linking failed");
         }
     }
 
@@ -2072,7 +2361,17 @@ mod test {
             let a = template.action_constraint().clone();
             let r = template.resource_constraint().clone();
             let non_scope = template.non_scope_constraints().clone();
-            let t2 = Template::new(id, None, Annotations::new(), effect, p, a, r, non_scope);
+            let t2 = Template::new(
+                id,
+                None,
+                Annotations::new(),
+                SlotsTypeDeclaration::new(),
+                effect,
+                p,
+                a,
+                r,
+                non_scope,
+            );
             assert_eq!(template, t2);
         }
     }
@@ -2091,8 +2390,18 @@ mod test {
                 let a = ip.action_constraint().clone();
                 let r = ip.resource_constraint().clone();
                 let non_scope = ip.non_scope_constraints().clone();
-                let ip2 = StaticPolicy::new(id, None, anno, e, p, a, r, non_scope)
-                    .expect("Policy Creation Failed");
+                let ip2 = StaticPolicy::new(
+                    id,
+                    None,
+                    anno,
+                    SlotsTypeDeclaration::new(),
+                    e,
+                    p,
+                    a,
+                    r,
+                    non_scope,
+                )
+                .expect("Policy Creation Failed");
                 assert_eq!(ip, ip2);
                 let (t2, inst) = Template::link_static_policy(ip2);
                 assert!(inst.is_static());
@@ -2109,6 +2418,7 @@ mod test {
             tid,
             None,
             Annotations::new(),
+            SlotsTypeDeclaration::new(),
             Effect::Forbid,
             PrincipalConstraint::is_eq_slot(),
             ActionConstraint::Any,
@@ -2116,8 +2426,9 @@ mod test {
             Expr::val(true),
         ));
         let mut m = HashMap::new();
+        let generalized_env = HashMap::new();
         m.insert(SlotId::resource(), EntityUID::with_eid("eid"));
-        assert_matches!(Template::link(t, iid, m), Err(LinkingError::ArityError { unbound_values, extra_values }) => {
+        assert_matches!(Template::link(t, iid, m, generalized_env, None), Err(LinkingError::ArityError { unbound_values, extra_values }) => {
             assert_eq!(unbound_values, vec![SlotId::principal()]);
             assert_eq!(extra_values, vec![SlotId::resource()]);
         });
@@ -2131,19 +2442,22 @@ mod test {
             tid,
             None,
             Annotations::new(),
+            SlotsTypeDeclaration::new(),
             Effect::Forbid,
             PrincipalConstraint::is_eq_slot(),
             ActionConstraint::Any,
             ResourceConstraint::is_in_slot(),
             Expr::val(true),
         ));
-        assert_matches!(Template::link(t.clone(), iid.clone(), HashMap::new()), Err(LinkingError::ArityError { unbound_values, extra_values }) => {
+        let generalized_env = HashMap::new();
+        assert_matches!(Template::link(t.clone(), iid.clone(), HashMap::new(), generalized_env, None), Err(LinkingError::ArityError { unbound_values, extra_values }) => {
             assert_eq!(unbound_values, vec![SlotId::resource(), SlotId::principal()]);
             assert_eq!(extra_values, vec![]);
         });
         let mut m = HashMap::new();
         m.insert(SlotId::principal(), EntityUID::with_eid("eid"));
-        assert_matches!(Template::link(t, iid, m), Err(LinkingError::ArityError { unbound_values, extra_values }) => {
+        let generalized_env = HashMap::new();
+        assert_matches!(Template::link(t, iid, m, generalized_env, None), Err(LinkingError::ArityError { unbound_values, extra_values }) => {
             assert_eq!(unbound_values, vec![SlotId::resource()]);
             assert_eq!(extra_values, vec![]);
         });
@@ -2157,6 +2471,7 @@ mod test {
             tid,
             None,
             Annotations::new(),
+            SlotsTypeDeclaration::new(),
             Effect::Permit,
             PrincipalConstraint::is_in_slot(),
             ActionConstraint::any(),
@@ -2168,7 +2483,9 @@ mod test {
         m.insert(SlotId::principal(), EntityUID::with_eid("theprincipal"));
         m.insert(SlotId::resource(), EntityUID::with_eid("theresource"));
 
-        let r = Template::link(t, iid.clone(), m).expect("Should Succeed");
+        let generalized_env = HashMap::new();
+
+        let r = Template::link(t, iid.clone(), m, generalized_env, None).expect("Should Succeed");
         assert_eq!(r.id(), &iid);
         assert_eq!(
             r.env().get(&SlotId::principal()),
@@ -2365,7 +2682,7 @@ mod test {
                 .exactly_one_underline("?principal")
                 .build()
             );
-            assert_eq!(e.len(), 2);
+            assert_eq!(e.len(), 1);
         });
     }
 
diff --git a/cedar-policy-core/src/ast/policy_set.rs b/cedar-policy-core/src/ast/policy_set.rs
index 135531b3a3..429e000751 100644
--- a/cedar-policy-core/src/ast/policy_set.rs
+++ b/cedar-policy-core/src/ast/policy_set.rs
@@ -18,6 +18,8 @@ use super::{
     EntityUID, LinkingError, LiteralPolicy, Policy, PolicyID, ReificationError, SlotId,
     StaticPolicy, Template,
 };
+use crate::ast::RestrictedExpr;
+use crate::validator::ValidatorSchema;
 use itertools::Itertools;
 use miette::Diagnostic;
 use smol_str::format_smolstr;
@@ -498,22 +500,24 @@ impl PolicySet {
     /// set. Returns a references to the new template linked policy if
     /// successful.
     ///
-    /// Errors for two reasons
-    ///   1) The the passed SlotEnv either does not match the slots in the templates
+    /// Errors for three reasons
+    ///   1) The the passed SlotEnv or GeneralizedSlotEnv either does not match the slots in the templates
     ///   2) The passed link Id conflicts with an Id already in the set
+    ///   3) SlotEnv and GeneralizedSlotEnv do not conform to their type declarations
     pub fn link(
         &mut self,
         template_id: PolicyID,
         new_id: PolicyID,
         values: HashMap<SlotId, EntityUID>,
+        generalized_values: HashMap<SlotId, RestrictedExpr>,
+        schema: Option<&ValidatorSchema>,
     ) -> Result<&Policy, LinkingError> {
         let t =
             self.get_template_arc(&template_id)
                 .ok_or_else(|| LinkingError::NoSuchTemplate {
                     id: template_id.clone(),
                 })?;
-        let r = Template::link(t, new_id.clone(), values)?;
-
+        let r = Template::link(t, new_id.clone(), values, generalized_values, schema)?;
         // Both maps must not contain the `new_id`
         match (
             self.links.entry(new_id.clone()),
@@ -641,13 +645,82 @@ mod test {
     use crate::{
         ast::{
             annotation::Annotations, ActionConstraint, Effect, Expr, PrincipalConstraint,
-            ResourceConstraint,
+            ResourceConstraint, SlotsTypeDeclaration,
         },
         parser,
+        validator::{json_schema, types::Type, RawName},
     };
 
     use std::collections::HashMap;
 
+    fn simple_schema_file() -> json_schema::NamespaceDefinition<RawName> {
+        serde_json::from_value(serde_json::json!(
+            {
+                "entityTypes": {
+                    "Disk": {
+                        "memberOfTypes": [],
+                        "shape": {
+                            "type": "Record",
+                            "additionalAttributes": false,
+                            "attributes": {
+                                "owner": { "type": "String", "required": true}
+                            }
+                        }
+                    },
+                    "Folder": {
+                        "memberOfTypes": [],
+                        "shape": {
+                            "type": "Record",
+                            "additionalAttributes": false,
+                            "attributes": {
+                                "owner": { "type": "String", "required": true}
+                            }
+                        }
+                    },
+                    "Document": {
+                        "memberOfTypes": [ "Folder" ],
+                        "shape": {
+                            "type": "Record",
+                            "additionalAttributes": false,
+                            "attributes": {
+                                "owner": { "type": "String", "required": true}
+                            }
+                        }
+                    },
+                    "Person": {
+                        "memberOfTypes": [],
+                        "shape": {
+                            "type": "Record",
+                            "additionalAttributes": false,
+                            "attributes": {
+                                "age": { "type": "String", "required": false}
+                            }
+                        }
+                    }
+                },
+                "commonTypes": {
+                    "PersonInfo": {
+                        "type": "Record",
+                        "attributes": {
+                            "name": { "type": "String", "required": false},
+                            "age": { "type": "Long", "required": true},
+                        }
+                    }
+                },
+                "actions": {
+                    "Navigate": {
+                        "memberOf": [],
+                        "appliesTo": {
+                            "principalTypes": ["Person"],
+                            "resourceTypes": ["Disk", "Folder", "Document"]
+                        }
+                    }
+                }
+            }
+        ))
+        .expect("Expected valid schema")
+    }
+
     #[test]
     fn link_conflicts() {
         let mut pset = PolicySet::new();
@@ -669,7 +742,14 @@ mod test {
             r#"Test::"test""#.parse().expect("Failed to parse"),
         )]);
 
-        let r = pset.link(PolicyID::from_string("t"), PolicyID::from_string("id"), env);
+        let generalized_env = HashMap::new();
+        let r = pset.link(
+            PolicyID::from_string("t"),
+            PolicyID::from_string("id"),
+            env,
+            generalized_env,
+            None,
+        );
 
         match r {
             Ok(_) => panic!("Should have failed due to conflict"),
@@ -706,8 +786,15 @@ mod test {
             r#"Test::"test1""#.parse().expect("Failed to parse"),
         )]);
 
-        let p1 = Template::link(Arc::clone(&template), PolicyID::from_string("link"), env1)
-            .expect("Failed to link");
+        let generalized_env = HashMap::new();
+        let p1 = Template::link(
+            Arc::clone(&template),
+            PolicyID::from_string("link"),
+            env1,
+            generalized_env,
+            None,
+        )
+        .expect("Failed to link");
         pset.add(p1).expect(
             "Adding link should succeed, even though the template wasn't previously in the pset",
         );
@@ -721,10 +808,13 @@ mod test {
             r#"Test::"test2""#.parse().expect("Failed to parse"),
         )]);
 
+        let generalized_env = HashMap::new();
         let p2 = Template::link(
             Arc::clone(&template),
             PolicyID::from_string("link"),
             env2.clone(),
+            generalized_env,
+            None,
         )
         .expect("Failed to link");
         match pset.add(p2) {
@@ -732,8 +822,15 @@ mod test {
             Err(PolicySetError::Occupied { id }) => assert_eq!(id, PolicyID::from_string("link")),
         }
 
-        let p3 = Template::link(Arc::clone(&template), PolicyID::from_string("link2"), env2)
-            .expect("Failed to link");
+        let generalized_env = HashMap::new();
+        let p3 = Template::link(
+            Arc::clone(&template),
+            PolicyID::from_string("link2"),
+            env2,
+            generalized_env,
+            None,
+        )
+        .expect("Failed to link");
         pset.add(p3).expect(
             "Adding link should succeed, even though the template already existed in the pset",
         );
@@ -750,10 +847,13 @@ mod test {
             r#"Test::"test3""#.parse().expect("Failed to parse"),
         )]);
 
+        let generalized_env = HashMap::new();
         let p4 = Template::link(
             Arc::clone(&template2),
             PolicyID::from_string("unique3"),
             env3,
+            generalized_env,
+            None,
         )
         .expect("Failed to link");
         match pset.add(p4) {
@@ -906,6 +1006,8 @@ mod test {
             PolicyID::from_string("template"),
             PolicyID::from_string("id"),
             HashMap::from([(SlotId::principal(), EntityUID::with_eid("eid"))]),
+            HashMap::new(),
+            None,
         )
         .expect("Linking failed!");
         assert_eq!(set.static_policies().count(), 1);
@@ -920,6 +1022,7 @@ mod test {
             tid.clone(),
             None,
             Annotations::new(),
+            SlotsTypeDeclaration::new(),
             Effect::Permit,
             PrincipalConstraint::any(),
             ActionConstraint::any(),
@@ -929,7 +1032,13 @@ mod test {
 
         let mut s = PolicySet::new();
         let e = s
-            .link(tid.clone(), lid.clone(), HashMap::new())
+            .link(
+                tid.clone(),
+                lid.clone(),
+                HashMap::new(),
+                HashMap::new(),
+                None,
+            )
             .expect_err("Should fail");
 
         match e {
@@ -938,7 +1047,130 @@ mod test {
         };
 
         s.add_template(t).unwrap();
-        s.link(tid, lid, HashMap::new()).expect("Should succeed");
+        s.link(tid, lid, HashMap::new(), HashMap::new(), None)
+            .expect("Should succeed");
+    }
+
+    #[test]
+    fn extra_values_and_generalized_values() {
+        let mut pset = PolicySet::new();
+        let template = parser::parse_policy_or_template(
+            Some(PolicyID::from_string("t")),
+            "permit(principal, action, resource == ?resource);",
+        )
+        .expect("Failed to parse");
+        pset.add_template(template).expect("Add failed");
+
+        let env: HashMap<SlotId, EntityUID> = HashMap::from([(
+            SlotId::principal(),
+            r#"Test::"test""#.parse().expect("Failed to parse"),
+        )]);
+
+        let generalized_env: HashMap<SlotId, RestrictedExpr> = HashMap::from([(
+            SlotId::generalized_slot("generalized_slot".parse().expect("Failed to parse")),
+            r#"Test::"test""#.parse().expect("Failed to parse"),
+        )]);
+
+        let r = pset.link(
+            PolicyID::from_string("t"),
+            PolicyID::from_string("id"),
+            env,
+            generalized_env,
+            None,
+        );
+
+        match r {
+            Ok(_) => panic!("Should have failed due to arity error"),
+            Err(LinkingError::ArityError {
+                unbound_values,
+                extra_values,
+            }) => {
+                assert_eq!(unbound_values, vec![SlotId::resource()]);
+                assert_eq!(
+                    extra_values,
+                    vec![
+                        SlotId::principal(),
+                        SlotId::generalized_slot(
+                            "generalized_slot".parse().expect("Failed to parse")
+                        ),
+                    ]
+                )
+            }
+            Err(e) => panic!("Incorrect error: {e}"),
+        };
+    }
+
+    #[test]
+    fn generalized_link() {
+        let schema = ValidatorSchema::try_from(simple_schema_file()).ok();
+        let mut pset = PolicySet::new();
+        let template = parser::parse_policy_or_template(
+            Some(PolicyID::from_string("t")),
+            "template(?generalized: Person) =>
+                permit(principal, 
+                action, 
+                resource) when { principal == ?generalized };",
+        )
+        .expect("Failed to parse");
+        pset.add_template(template).expect("Add failed");
+
+        let env: HashMap<SlotId, EntityUID> = HashMap::from([]);
+
+        let generalized_slot = SlotId::generalized_slot("generalized".parse().unwrap());
+        let generalized_value: RestrictedExpr =
+            RestrictedExpr::val(EntityUID::with_eid_and_type("Person", "alice").unwrap());
+        let generalized_env: HashMap<SlotId, RestrictedExpr> =
+            HashMap::from([(generalized_slot.clone(), generalized_value.clone())]);
+
+        let r = pset.link(
+            PolicyID::from_string("t"),
+            PolicyID::from_string("id"),
+            env,
+            generalized_env,
+            schema.as_ref(),
+        );
+
+        assert!(r.is_ok())
+    }
+
+    #[test]
+    fn generalized_link_fails_when_values_provided_are_of_incorrect_types() {
+        let schema = ValidatorSchema::try_from(simple_schema_file()).ok();
+        let mut pset = PolicySet::new();
+        let template = parser::parse_policy_or_template(
+            Some(PolicyID::from_string("t")),
+            "template(?value: Long) => 
+            permit(principal, 
+            action, 
+            resource) when { ?value == 8 };",
+        )
+        .expect("Failed to parse");
+        pset.add_template(template).expect("Add failed");
+
+        let env: HashMap<SlotId, EntityUID> = HashMap::from([]);
+
+        let generalized_slot = SlotId::generalized_slot("value".parse().unwrap());
+        let generalized_value: RestrictedExpr = r#"Test::"test""#.parse().expect("Failed to parse");
+        let generalized_env: HashMap<SlotId, RestrictedExpr> =
+            HashMap::from([(generalized_slot.clone(), generalized_value.clone())]);
+
+        let r = pset.link(
+            PolicyID::from_string("t"),
+            PolicyID::from_string("id"),
+            env,
+            generalized_env,
+            schema.as_ref(),
+        );
+
+        match r {
+            Ok(_) => panic!("Should have failed due to value provided not being of specified type"),
+            Err(LinkingError::ValueProvidedForSlotIsNotOfTypeSpecified { slot, value, ty }) => {
+                assert_eq!(slot, generalized_slot.clone());
+                assert_eq!(value, generalized_value.clone());
+                assert_eq!(ty, Type::primitive_long())
+            }
+            Err(e) => panic!("Incorrect error: {e}"),
+        };
     }
 
     #[test]
@@ -949,6 +1181,7 @@ mod test {
             tid.clone(),
             None,
             Annotations::new(),
+            SlotsTypeDeclaration::new(),
             Effect::Permit,
             PrincipalConstraint::is_eq_slot(),
             ActionConstraint::any(),
@@ -963,7 +1196,9 @@ mod test {
         vals.insert(SlotId::principal(), EntityUID::with_eid("p"));
         vals.insert(SlotId::resource(), EntityUID::with_eid("a"));
 
-        s.link(tid.clone(), lid.clone(), vals).expect("Should link");
+        let generalized_env = HashMap::new();
+        s.link(tid.clone(), lid.clone(), vals, generalized_env, None)
+            .expect("Should link");
 
         let v: Vec<_> = s.policies().collect();
 
@@ -985,6 +1220,7 @@ mod test {
             id.clone(),
             None,
             Annotations::new(),
+            SlotsTypeDeclaration::new(),
             Effect::Forbid,
             PrincipalConstraint::any(),
             ActionConstraint::any(),
@@ -1014,6 +1250,7 @@ mod test {
             template_id.clone(),
             None,
             Annotations::new(),
+            SlotsTypeDeclaration::new(),
             Effect::Forbid,
             PrincipalConstraint::is_eq_slot(),
             ActionConstraint::any(),
@@ -1025,8 +1262,16 @@ mod test {
         let mut v = HashMap::new();
         let entity = EntityUID::with_eid("eid");
         v.insert(SlotId::principal(), entity.clone());
-        s.link(template_id.clone(), link_id.clone(), v)
-            .expect("Linking failed!");
+
+        let generalized_env = HashMap::new();
+        s.link(
+            template_id.clone(),
+            link_id.clone(),
+            v,
+            generalized_env,
+            None,
+        )
+        .expect("Linking failed!");
 
         let link = s.get(&link_id).expect("Link should exist");
         assert_eq!(&link_id, link.id());
@@ -1049,6 +1294,7 @@ mod test {
             id1.clone(),
             None,
             Annotations::new(),
+            SlotsTypeDeclaration::new(),
             Effect::Permit,
             PrincipalConstraint::any(),
             ActionConstraint::any(),
@@ -1060,6 +1306,7 @@ mod test {
             tid1.clone(),
             None,
             Annotations::new(),
+            SlotsTypeDeclaration::new(),
             Effect::Permit,
             PrincipalConstraint::any(),
             ActionConstraint::any(),
@@ -1080,6 +1327,7 @@ mod test {
             id2.clone(),
             None,
             Annotations::new(),
+            SlotsTypeDeclaration::new(),
             Effect::Forbid,
             PrincipalConstraint::is_eq(Arc::new(EntityUID::with_eid("jane"))),
             ActionConstraint::any(),
@@ -1095,6 +1343,7 @@ mod test {
             tid2.clone(),
             None,
             Annotations::new(),
+            SlotsTypeDeclaration::new(),
             Effect::Permit,
             PrincipalConstraint::is_eq_slot(),
             ActionConstraint::any(),
@@ -1109,6 +1358,8 @@ mod test {
             tid2.clone(),
             id3.clone(),
             HashMap::from([(SlotId::principal(), EntityUID::with_eid("example"))]),
+            HashMap::new(),
+            None,
         );
         r.expect("Linking failed");
 
diff --git a/cedar-policy-core/src/ast/slots_type_declaration.rs b/cedar-policy-core/src/ast/slots_type_declaration.rs
new file mode 100644
index 0000000000..4907783f5d
--- /dev/null
+++ b/cedar-policy-core/src/ast/slots_type_declaration.rs
@@ -0,0 +1,146 @@
+/*
+ * Copyright Cedar Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+use std::collections::BTreeMap;
+
+use crate::ast::SlotId;
+use crate::extensions::Extensions;
+use crate::validator::{
+    json_schema::Type as JSONSchemaType, types::Type as ValidatorType, RawName, SchemaError,
+    ValidatorSchema,
+};
+use serde::{Deserialize, Serialize};
+
+/// Struct storing the pairs of SlotId's and their corresponding type
+#[derive(Clone, Eq, PartialEq, PartialOrd, Ord, Debug, Hash, Serialize, Deserialize)]
+pub struct SlotsTypeDeclaration(BTreeMap<SlotId, JSONSchemaType<RawName>>);
+
+impl SlotsTypeDeclaration {
+    /// Create a new empty `SlotsTypeDeclaration` (with no slots)
+    pub fn new() -> Self {
+        Self(BTreeMap::new())
+    }
+
+    /// Get the type of the slot by key
+    pub fn get(&self, key: &SlotId) -> Option<&JSONSchemaType<RawName>> {
+        self.0.get(key)
+    }
+
+    /// Iterate over all pairs of slots and their types
+    pub fn iter(&self) -> impl Iterator<Item = (&SlotId, &JSONSchemaType<RawName>)> {
+        self.0.iter()
+    }
+
+    /// Tell if it's empty
+    pub fn is_empty(&self) -> bool {
+        self.0.is_empty()
+    }
+
+    /// Converts the types of slots_type_declaration to
+    /// use validator types so that they can be used by the typechecker
+    pub fn into_validator_slots_type_declaration(
+        self,
+        schema: &ValidatorSchema,
+    ) -> Result<ValidatorSlotsTypeDeclaration, SchemaError> {
+        let validator_slots_type_declaration: Result<BTreeMap<_, _>, SchemaError> = self
+            .0
+            .into_iter()
+            .map(|(k, ty)| -> Result<_, SchemaError> {
+                Ok((
+                    k,
+                    schema.json_schema_type_to_validator_type(ty, Extensions::all_available())?,
+                ))
+            })
+            .collect();
+        Ok(validator_slots_type_declaration?.into())
+    }
+
+    /// Converts the types of slots_type_declaration to
+    /// a validator type so we can perform link time type checking
+    /// for users who do not use a schema.
+    pub fn into_validator_slots_type_declaration_without_schema(
+        self,
+    ) -> Result<ValidatorSlotsTypeDeclaration, SchemaError> {
+        let validator_slots_type_declaration: Result<BTreeMap<_, _>, SchemaError> = self
+            .0
+            .into_iter()
+            .map(|(k, ty)| -> Result<_, SchemaError> {
+                Ok((
+                    k,
+                    ValidatorSchema::json_schema_type_to_validator_type_without_schema(
+                        ty,
+                        Extensions::all_available(),
+                    )?,
+                ))
+            })
+            .collect();
+        Ok(validator_slots_type_declaration?.into())
+    }
+}
+
+impl Default for SlotsTypeDeclaration {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
+impl FromIterator<(SlotId, JSONSchemaType<RawName>)> for SlotsTypeDeclaration {
+    fn from_iter<T: IntoIterator<Item = (SlotId, JSONSchemaType<RawName>)>>(iter: T) -> Self {
+        Self(BTreeMap::from_iter(iter))
+    }
+}
+
+impl From<BTreeMap<SlotId, JSONSchemaType<RawName>>> for SlotsTypeDeclaration {
+    fn from(value: BTreeMap<SlotId, JSONSchemaType<RawName>>) -> Self {
+        Self(value)
+    }
+}
+
+/// Struct storing the pairs of SlotId's and their corresponding validator types
+/// This struct is used when typechecking. JSONSchemaType's can't be used
+/// by the typechecker and need to be translated to a validator type by using a schema.
+#[derive(Clone, Eq, PartialEq, PartialOrd, Ord, Debug, Hash)]
+pub struct ValidatorSlotsTypeDeclaration(pub BTreeMap<SlotId, ValidatorType>);
+
+impl FromIterator<(SlotId, ValidatorType)> for ValidatorSlotsTypeDeclaration {
+    fn from_iter<T: IntoIterator<Item = (SlotId, ValidatorType)>>(iter: T) -> Self {
+        Self(BTreeMap::from_iter(iter))
+    }
+}
+
+impl From<BTreeMap<SlotId, ValidatorType>> for ValidatorSlotsTypeDeclaration {
+    fn from(value: BTreeMap<SlotId, ValidatorType>) -> Self {
+        Self(value)
+    }
+}
+
+impl Default for ValidatorSlotsTypeDeclaration {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
+impl ValidatorSlotsTypeDeclaration {
+    /// Create a new empty `ValidatorSlotsTypeDeclaration` (with no slots)
+    pub fn new() -> Self {
+        Self(BTreeMap::new())
+    }
+
+    /// Get the validator type of the slot by key
+    pub fn get(&self, slot: &SlotId) -> Option<&ValidatorType> {
+        self.0.get(slot)
+    }
+}
diff --git a/cedar-policy-core/src/authorizer.rs b/cedar-policy-core/src/authorizer.rs
index c332a6787f..f08f9aa478 100644
--- a/cedar-policy-core/src/authorizer.rs
+++ b/cedar-policy-core/src/authorizer.rs
@@ -192,7 +192,7 @@ impl std::fmt::Debug for Authorizer {
 #[cfg(test)]
 mod test {
     use super::*;
-    use crate::ast::Annotations;
+    use crate::ast::{Annotations, SlotsTypeDeclaration};
     use crate::parser;
 
     /// Sanity unit test case for is_authorized.
@@ -277,6 +277,7 @@ mod test {
             pid,
             None,
             Annotations::new(),
+            SlotsTypeDeclaration::new(),
             e,
             PrincipalConstraint::any(),
             ActionConstraint::any(),
@@ -293,6 +294,7 @@ mod test {
             pid,
             None,
             Annotations::new(),
+            SlotsTypeDeclaration::new(),
             effect,
             PrincipalConstraint::any(),
             ActionConstraint::any(),
diff --git a/cedar-policy-core/src/entities/json/value.rs b/cedar-policy-core/src/entities/json/value.rs
index 12a6252ec0..7cd533b345 100644
--- a/cedar-policy-core/src/entities/json/value.rs
+++ b/cedar-policy-core/src/entities/json/value.rs
@@ -135,6 +135,31 @@ impl<'de> Deserialize<'de> for CedarValueJson {
     }
 }
 
+impl<'de> DeserializeAs<'de, RestrictedExpr> for CedarValueJson {
+    fn deserialize_as<D>(deserializer: D) -> Result<RestrictedExpr, D::Error>
+    where
+        D: serde::Deserializer<'de>,
+    {
+        use serde::de::Error;
+        // We don't know the context that called us, so we'll rely on the statically set context
+        let context = || JsonDeserializationErrorContext::Unknown;
+        let cedar_value_json = CedarValueJson::deserialize(deserializer)?;
+        let restricted_expr = cedar_value_json.into_expr(context).map_err(Error::custom)?;
+        Ok(restricted_expr)
+    }
+}
+
+impl SerializeAs<RestrictedExpr> for CedarValueJson {
+    fn serialize_as<S>(source: &RestrictedExpr, serializer: S) -> Result<S::Ok, S::Error>
+    where
+        S: serde::Serializer,
+    {
+        use serde::ser::Error;
+        let json = CedarValueJson::from_expr(source.as_borrowed()).map_err(Error::custom)?;
+        json.serialize(serializer)
+    }
+}
+
 impl From<RawCedarValueJson> for CedarValueJson {
     fn from(value: RawCedarValueJson) -> Self {
         match value {
diff --git a/cedar-policy-core/src/est.rs b/cedar-policy-core/src/est.rs
index fbfd55f52f..abe7281cf7 100644
--- a/cedar-policy-core/src/est.rs
+++ b/cedar-policy-core/src/est.rs
@@ -28,11 +28,12 @@ mod annotation;
 pub use annotation::*;
 
 use crate::ast::EntityUID;
-use crate::ast::{self, Annotation};
+use crate::ast::{self, Annotation, SlotsTypeDeclaration};
 use crate::entities::json::{err::JsonDeserializationError, EntityUidJson};
+use crate::entities::CedarValueJson;
 use crate::expr_builder::ExprBuilder;
 use crate::parser::err::{parse_errors, ParseErrors, ToASTError, ToASTErrorKind};
-use crate::parser::util::{flatten_tuple_2, flatten_tuple_4};
+use crate::parser::util::{flatten_tuple_2, flatten_tuple_5};
 #[cfg(feature = "tolerant-ast")]
 use crate::parser::Loc;
 use crate::parser::{cst, IntoMaybeLoc};
@@ -70,6 +71,9 @@ pub struct Policy {
     #[serde(default)]
     #[serde(skip_serializing_if = "Annotations::is_empty")]
     annotations: Annotations,
+    #[serde(default)]
+    #[serde(skip_serializing_if = "SlotsTypeDeclaration::is_empty")]
+    slots_type_declaration: SlotsTypeDeclaration,
 }
 
 /// Serde JSON structure for a `when` or `unless` clause in the EST format
@@ -91,7 +95,11 @@ impl Policy {
     /// error if `vals` doesn't contain a necessary mapping, but does not throw
     /// an error if `vals` contains unused mappings -- and in particular if
     /// `self` is an inline policy (in which case it is returned unchanged).
-    pub fn link(self, vals: &HashMap<ast::SlotId, EntityUidJson>) -> Result<Self, LinkingError> {
+    pub fn link(
+        self,
+        vals: &HashMap<ast::SlotId, EntityUidJson>,
+        generalized_vals: &HashMap<ast::SlotId, CedarValueJson>,
+    ) -> Result<Self, LinkingError> {
         Ok(Policy {
             effect: self.effect,
             principal: self.principal.link(vals)?,
@@ -100,9 +108,11 @@ impl Policy {
             conditions: self
                 .conditions
                 .into_iter()
-                .map(|clause| clause.link(vals))
+                .map(|clause| clause.link(vals, generalized_vals))
                 .collect::<Result<Vec<_>, _>>()?,
             annotations: self.annotations,
+            // After linking we should not know that this policy was template linked
+            slots_type_declaration: SlotsTypeDeclaration::default(),
         })
     }
 
@@ -122,6 +132,7 @@ impl Policy {
                 .map(|clause| clause.sub_entity_literals(mapping))
                 .collect::<Result<Vec<_>, _>>()?,
             annotations: self.annotations,
+            slots_type_declaration: self.slots_type_declaration,
         })
     }
 
@@ -138,9 +149,15 @@ impl Clause {
     /// Fill in any slots in the clause using the values in `vals`. Throws an
     /// error if `vals` doesn't contain a necessary mapping, but does not throw
     /// an error if `vals` contains unused mappings.
-    pub fn link(self, _vals: &HashMap<ast::SlotId, EntityUidJson>) -> Result<Self, LinkingError> {
-        // currently, slots are not allowed in clauses
-        Ok(self)
+    pub fn link(
+        self,
+        vals: &HashMap<ast::SlotId, EntityUidJson>,
+        generalized_vals: &HashMap<ast::SlotId, CedarValueJson>,
+    ) -> Result<Self, LinkingError> {
+        match self {
+            Clause::When(e) => Ok(Clause::When(e.link(vals, generalized_vals)?)),
+            Clause::Unless(e) => Ok(Clause::Unless(e.link(vals, generalized_vals)?)),
+        }
     }
 
     /// Substitute entity literals
@@ -157,8 +174,10 @@ impl Clause {
 
     /// Returns true if this clause has a slot.
     pub fn has_slot(&self) -> bool {
-        // currently, slots are not allowed in clauses
-        false
+        match self {
+            Clause::When(e) => e.has_slot(),
+            Clause::Unless(e) => e.has_slot(),
+        }
     }
 }
 
@@ -184,6 +203,30 @@ impl TryFrom<cst::Policy> for Policy {
                 loc: l.into_maybe_loc(),
             })
         });
+
+        let (contains_slot_in_principal, contains_slot_in_resource) = match &maybe_scope {
+            Ok((p, _, r)) => (p.has_slot(), r.has_slot()),
+            Err(_) => (false, false),
+        };
+
+        // maximally get all the slots in the condition, any errors will have already been caught by maybe_cond
+        let cond_slots = policy
+            .conds
+            .iter()
+            .filter_map(|c| match c.to_expr::<ast::ExprBuilder<()>>() {
+                Ok((e, _)) => Some(e),
+                Err(_) => None,
+            })
+            .flat_map(|e| e.slots().collect::<Vec<ast::Slot>>())
+            .collect();
+
+        // get slots_type_declaration
+        let maybe_slots_type_declaration = policy.get_slots_type_declaration(
+            contains_slot_in_principal,
+            contains_slot_in_resource,
+            cond_slots,
+        );
+
         let maybe_conditions = ParseErrors::transpose(policy.conds.into_iter().map(|node| {
             let (cond, loc) = node.into_inner();
             let cond = cond.ok_or_else(|| {
@@ -192,9 +235,16 @@ impl TryFrom<cst::Policy> for Policy {
             cond.try_into()
         }));
 
-        let (effect, annotations, (principal, action, resource), conditions) = flatten_tuple_4(
+        let (
+            effect,
+            annotations,
+            slots_type_declaration,
+            (principal, action, resource),
+            conditions,
+        ) = flatten_tuple_5(
             maybe_effect,
             maybe_annotations,
+            maybe_slots_type_declaration,
             maybe_scope,
             maybe_conditions,
         )?;
@@ -205,6 +255,7 @@ impl TryFrom<cst::Policy> for Policy {
             resource: resource.into(),
             conditions,
             annotations: Annotations(annotations),
+            slots_type_declaration,
         })
     }
 }
@@ -280,10 +331,13 @@ impl Policy {
         id: Option<ast::PolicyID>,
     ) -> Result<ast::Template, FromJsonError> {
         let id = id.unwrap_or_else(|| ast::PolicyID::from_string("JSON policy"));
+        let has_principal_slot = self.principal.has_slot();
+        let has_resource_slot = self.resource.has_slot();
+
         let mut conditions_iter = self
             .conditions
             .into_iter()
-            .map(|cond| cond.try_into_ast(&id));
+            .map(|cond| cond.try_into_ast(has_principal_slot, has_resource_slot, &id));
         let conditions = match conditions_iter.next() {
             None => ast::Expr::val(true),
             Some(first) => ast::ExprBuilder::with_data(())
@@ -302,6 +356,7 @@ impl Policy {
                     )
                 })
                 .collect(),
+            self.slots_type_declaration,
             self.effect,
             self.principal.try_into()?,
             self.action.try_into()?,
@@ -312,25 +367,50 @@ impl Policy {
 }
 
 impl Clause {
-    fn filter_slots(e: ast::Expr, is_when: bool) -> Result<ast::Expr, FromJsonError> {
-        let first_slot = e.slots().next();
-        if let Some(slot) = first_slot {
-            Err(parse_errors::SlotsInConditionClause {
-                slot,
-                clause_type: if is_when { "when" } else { "unless" },
+    fn filter_slots(
+        e: ast::Expr,
+        has_principal_slot: bool,
+        has_resource_slot: bool,
+        is_when: bool,
+    ) -> Result<ast::Expr, FromJsonError> {
+        for slot in e.slots() {
+            if (slot.id.is_principal() && !has_principal_slot)
+                || (slot.id.is_resource() && !has_resource_slot)
+            {
+                return Err(FromJsonError::SlotsNotInScopeInConditionClause(
+                    parse_errors::SlotsNotInScopeInConditionClause {
+                        slot,
+                        clause_type: if is_when { "when" } else { "unless" },
+                    },
+                ));
             }
-            .into())
-        } else {
-            Ok(e)
         }
+        Ok(e)
     }
+
     /// `id` is the ID of the policy the clause belongs to, used only for reporting errors
-    fn try_into_ast(self, id: &ast::PolicyID) -> Result<ast::Expr, FromJsonError> {
+    /// has_principal_slot/has_resource_slot tells us whether there is a principal/resource slot in the scope
+    /// so we know when a slot is allowed to appear in the condition
+    /// an error is thrown otherwise if there is a slot not in the scope but in the condition
+    fn try_into_ast(
+        self,
+        has_principal_slot: bool,
+        has_resource_slot: bool,
+        id: &ast::PolicyID,
+    ) -> Result<ast::Expr, FromJsonError> {
         match self {
-            Clause::When(expr) => Self::filter_slots(expr.try_into_ast(id)?, true),
-            Clause::Unless(expr) => {
-                Self::filter_slots(ast::Expr::not(expr.try_into_ast(id)?), false)
-            }
+            Clause::When(expr) => Self::filter_slots(
+                expr.try_into_ast(id)?,
+                has_principal_slot,
+                has_resource_slot,
+                true,
+            ),
+            Clause::Unless(expr) => Self::filter_slots(
+                ast::Expr::not(expr.try_into_ast(id)?),
+                has_principal_slot,
+                has_resource_slot,
+                false,
+            ),
         }
     }
 }
@@ -352,6 +432,10 @@ impl From<ast::Policy> for Policy {
                     .map(|(k, v)| (k.clone(), Some(v.clone())))
                     .collect(),
             ),
+            slots_type_declaration: ast
+                .slots_type_declaration()
+                .map(|(k, v)| (k.clone(), v.clone()))
+                .collect(),
         }
     }
 }
@@ -373,6 +457,10 @@ impl From<ast::Template> for Policy {
                     .map(|(k, v)| (k.clone(), Some(v.clone())))
                     .collect(),
             ),
+            slots_type_declaration: ast
+                .slots_type_declaration()
+                .map(|(k, v)| (k.clone(), v.clone()))
+                .collect(),
         }
     }
 }
@@ -392,6 +480,17 @@ impl std::fmt::Display for Policy {
             }
             writeln!(f)?;
         }
+        if self.slots_type_declaration.iter().count() > 0 {
+            write!(
+                f,
+                "template({}) => ",
+                self.slots_type_declaration
+                    .iter()
+                    .map(|(k, v)| format!("{k}: {v}"))
+                    .collect::<Vec<String>>()
+                    .join(", ")
+            )?;
+        }
         write!(
             f,
             "{}({}, {}, {})",
@@ -3239,7 +3338,7 @@ mod test {
         let est: Policy = cst.try_into().unwrap();
         let err = est
             .clone()
-            .link(&HashMap::from_iter([]))
+            .link(&HashMap::from_iter([]), &HashMap::from_iter([]))
             .expect_err("didn't fill all the slots");
         expect_err(
             "",
@@ -3251,10 +3350,13 @@ mod test {
         );
         let err = est
             .clone()
-            .link(&HashMap::from_iter([(
-                ast::SlotId::principal(),
-                EntityUidJson::new("XYZCorp::User", "12UA45"),
-            )]))
+            .link(
+                &HashMap::from_iter([(
+                    ast::SlotId::principal(),
+                    EntityUidJson::new("XYZCorp::User", "12UA45"),
+                )]),
+                &HashMap::from_iter([]),
+            )
             .expect_err("didn't fill all the slots");
         expect_err(
             "",
@@ -3265,13 +3367,16 @@ mod test {
             .build(),
         );
         let linked = est
-            .link(&HashMap::from_iter([
-                (
-                    ast::SlotId::principal(),
-                    EntityUidJson::new("XYZCorp::User", "12UA45"),
-                ),
-                (ast::SlotId::resource(), EntityUidJson::new("Folder", "abc")),
-            ]))
+            .link(
+                &HashMap::from_iter([
+                    (
+                        ast::SlotId::principal(),
+                        EntityUidJson::new("XYZCorp::User", "12UA45"),
+                    ),
+                    (ast::SlotId::resource(), EntityUidJson::new("Folder", "abc")),
+                ]),
+                &HashMap::from_iter([]),
+            )
             .expect("did fill all the slots");
         let expected_json = json!(
             {
@@ -3320,6 +3425,156 @@ mod test {
         );
     }
 
+    #[test]
+    fn link_with_slots_in_condition() {
+        let template = r#"
+            permit(
+                principal == ?principal,
+                action == Action::"view",
+                resource in ?resource
+            ) when {
+                ?principal in resource.owners
+            };
+        "#;
+        let cst = parser::text_to_cst::parse_policy(template)
+            .unwrap()
+            .node
+            .unwrap();
+        let est: Policy = cst.try_into().unwrap();
+
+        let linked_est = est
+            .link(
+                &HashMap::from_iter([
+                    (
+                        ast::SlotId::principal(),
+                        EntityUidJson::new("XYZCorp::User", "12UA45"),
+                    ),
+                    (ast::SlotId::resource(), EntityUidJson::new("Folder", "abc")),
+                ]),
+                &HashMap::from_iter([]),
+            )
+            .expect("did fill all the slots");
+
+        let old_est = linked_est.clone();
+        let roundtripped = est_roundtrip(linked_est.clone());
+        assert_eq!(&old_est, &roundtripped);
+        let est = text_roundtrip(&old_est);
+        assert_eq!(&old_est, &est);
+
+        let expected_json = json!(
+            {
+                "effect": "permit",
+                "principal": {
+                    "op": "==",
+                    "entity": { "type": "XYZCorp::User", "id": "12UA45" },
+                },
+                "action": {
+                    "op": "==",
+                    "entity": { "type": "Action", "id": "view" },
+                },
+                "resource": {
+                    "op": "in",
+                    "entity": { "type": "Folder", "id": "abc" },
+                },
+                "conditions": [
+                    {
+                        "kind": "when",
+                        "body": {
+                            "in": {
+                                "left": {
+                                    "Value": {
+                                        "__entity": { "type": "XYZCorp::User", "id": "12UA45" }
+                                    }
+                                },
+                                "right": {
+                                    ".": {
+                                        "left": {
+                                            "Var": "resource"
+                                        },
+                                        "attr": "owners"
+                                    }
+                                }
+                            }
+                        }
+                    }
+                ],
+            }
+        );
+        let linked_json = serde_json::to_value(linked_est).unwrap();
+        assert_eq!(
+            linked_json,
+            expected_json,
+            "\nExpected:\n{}\n\nActual:\n{}\n\n",
+            serde_json::to_string_pretty(&expected_json).unwrap(),
+            serde_json::to_string_pretty(&linked_json).unwrap(),
+        );
+    }
+
+    #[test]
+    fn roundtrip_slots_type_declaration() {
+        let policy = r#"
+        template(?age: Long, ?test: Long) => 
+        permit(principal, 
+        action, 
+        resource) 
+        when 
+        { ?age == ?test };"#;
+        let cst = parser::text_to_cst::parse_policy(policy)
+            .unwrap()
+            .node
+            .unwrap();
+        let est: Policy = cst.try_into().unwrap();
+        let expected_json = json!(
+            {
+                "effect": "permit",
+                "principal": {
+                    "op": "All",
+                },
+                "action": {
+                    "op": "All",
+                },
+                "resource": {
+                    "op": "All",
+                },
+                "conditions": [{
+                    "kind": "when",
+                    "body": {
+                        "==": {
+                        "left": {
+                            "Slot": "?age"
+                        },
+                        "right": {
+                            "Slot": "?test"
+                        }
+                        }
+                    }
+                }],
+                "slots_type_declaration": {
+                    "?age": {
+                        "type": "EntityOrCommon",
+                        "name": "Long"
+                    },
+                    "?test": {
+                        "type": "EntityOrCommon",
+                        "name": "Long"
+                    },
+                }
+            }
+        );
+        assert_eq!(
+            serde_json::to_value(&est).unwrap(),
+            expected_json,
+            "\nExpected:\n{}\n\nActual:\n{}\n\n",
+            serde_json::to_string_pretty(&expected_json).unwrap(),
+            serde_json::to_string_pretty(&est).unwrap()
+        );
+        let old_est = est.clone();
+        let roundtripped = est_roundtrip(est);
+        assert_eq!(&old_est, &roundtripped);
+        let est = text_roundtrip(&old_est);
+        assert_eq!(&old_est, &est);
+    }
+
     #[test]
     fn eid_with_nulls() {
         let policy = r#"
@@ -3575,6 +3830,39 @@ mod test {
                 );
             }
         );
+
+        let template = json!({
+            "effect": "permit",
+            "principal": { "op": "All" },
+            "action": { "op": "All" },
+            "resource": { "op": "All" },
+            "conditions": [
+                {
+                    "kind": "when",
+                    "body": {
+                        "==": {
+                            "left": { "Var": "principal" },
+                            "right": { "Slot": "?principal" }
+                        }
+                    }
+                }
+            ]
+        });
+
+        let est: Policy = serde_json::from_value(template).unwrap();
+        let ast: Result<ast::Policy, _> = est.try_into_ast_policy(None);
+        assert_matches!(
+            ast,
+            Err(e) => {
+                expect_err(
+                    "",
+                    &miette::Report::new(e),
+                    &ExpectedErrorMessageBuilder::error("found template slot ?principal in a `when` clause")
+                    .help("?principal needs to appear in the scope to appear in the condition of the template")
+                    .build(),
+                );
+            }
+        )
     }
 
     #[test]
@@ -4265,7 +4553,9 @@ mod test {
                 .node
                 .unwrap();
             let est: Policy = cst.try_into().unwrap();
-            let err = est.clone().link(&HashMap::from_iter([]));
+            let err = est
+                .clone()
+                .link(&HashMap::from_iter([]), &HashMap::from_iter([]));
             assert_matches!(
                 err,
                 Err(e) => {
@@ -4277,10 +4567,13 @@ mod test {
                     );
                 }
             );
-            let err = est.clone().link(&HashMap::from_iter([(
-                ast::SlotId::principal(),
-                EntityUidJson::new("User", "alice"),
-            )]));
+            let err = est.clone().link(
+                &HashMap::from_iter([(
+                    ast::SlotId::principal(),
+                    EntityUidJson::new("User", "alice"),
+                )]),
+                &HashMap::from_iter([]),
+            );
             assert_matches!(
                 err,
                 Err(e) => {
@@ -4293,13 +4586,16 @@ mod test {
                 }
             );
             let linked = est
-                .link(&HashMap::from_iter([
-                    (
-                        ast::SlotId::principal(),
-                        EntityUidJson::new("User", "alice"),
-                    ),
-                    (ast::SlotId::resource(), EntityUidJson::new("Folder", "abc")),
-                ]))
+                .link(
+                    &HashMap::from_iter([
+                        (
+                            ast::SlotId::principal(),
+                            EntityUidJson::new("User", "alice"),
+                        ),
+                        (ast::SlotId::resource(), EntityUidJson::new("Folder", "abc")),
+                    ]),
+                    &HashMap::from_iter([]),
+                )
                 .expect("did fill all the slots");
             let expected_json = json!(
                 {
@@ -4338,7 +4634,7 @@ mod test {
                 .node
                 .unwrap();
             let est: Policy = cst.try_into().unwrap();
-            let linked = est.link(&HashMap::new()).unwrap();
+            let linked = est.link(&HashMap::new(), &HashMap::new()).unwrap();
             let expected_json = json!(
                 {
                     "effect": "permit",
@@ -4543,6 +4839,92 @@ mod test {
         }
     }
 
+    mod generalized_templates {
+
+        use super::*;
+
+        #[test]
+        fn is_template_generalized_slots_in_condition() {
+            let template = r#"
+            template(?age: Long) => 
+            permit(
+                principal,
+                action == Action::"view",
+                resource
+            ) when {
+                ?age == 8
+            };"#;
+            let cst = parser::text_to_cst::parse_policy(template)
+                .unwrap()
+                .node
+                .unwrap();
+            let est: Policy = cst.try_into().unwrap();
+
+            assert!(
+                est.is_template(),
+                "Policy with age slot not marked as template"
+            );
+        }
+
+        #[test]
+        fn link_with_generalized_template() {
+            let template = r#"
+            template(?slot: Bool) =>
+            permit(
+                principal,
+                action == Action::"view",
+                resource 
+            ) when { ?slot };"#;
+            let cst = parser::text_to_cst::parse_policy(template)
+                .unwrap()
+                .node
+                .unwrap();
+            let est: Policy = cst.try_into().unwrap();
+            let linked = est
+                .clone()
+                .link(
+                    &HashMap::from_iter([]),
+                    &HashMap::from_iter([(
+                        ast::SlotId::generalized_slot("slot".parse().unwrap()),
+                        CedarValueJson::Bool(true),
+                    )]),
+                )
+                .expect("did fill all the slots");
+
+            let expected_json = json!(
+                {
+                    "effect": "permit",
+                    "principal": {
+                        "op": "All",
+                    },
+                    "action": {
+                        "op": "==",
+                        "entity": { "type": "Action", "id": "view" },
+                    },
+                    "resource": {
+                        "op": "All",
+                    },
+                    "conditions": [
+                        {
+                            "kind": "when",
+                            "body": {
+                                "Value": true
+                            }
+                        }
+                    ],
+                }
+            );
+            let linked_json = serde_json::to_value(linked).unwrap();
+            assert_eq!(
+                linked_json,
+                expected_json,
+                "\nExpected:\n{}\n\nActual:\n{}\n\n",
+                serde_json::to_string_pretty(&expected_json).unwrap(),
+                serde_json::to_string_pretty(&linked_json).unwrap(),
+            );
+        }
+    }
+
     #[test]
     fn extended_has() {
         let policy_text = r#"
@@ -4689,6 +5071,46 @@ mod test {
         let est: Policy = cst.try_into().unwrap();
         assert!(!est.is_template(), "Static policy marked as template");
     }
+
+    #[test]
+    fn template_condition_has_slot() {
+        let template: &'static str = r#"
+            permit(
+                principal == ?principal,
+                action == Action::"view",
+                resource
+            ) when {
+                ?principal in resource.owners && ?principal has owners
+            };
+        "#;
+        let cst = parser::text_to_cst::parse_policy(template)
+            .unwrap()
+            .node
+            .unwrap();
+        let est: Policy = cst.try_into().unwrap();
+        let has_slot = est.conditions.iter().any(|c| c.has_slot());
+        assert!(has_slot, "Policy condition not marked as having a slot");
+
+        let template: &'static str = r#"
+            permit(
+                principal == ?principal,
+                action == Action::"view",
+                resource
+            ) when {
+                principal == resource.owners
+            };
+        "#;
+        let cst = parser::text_to_cst::parse_policy(template)
+            .unwrap()
+            .node
+            .unwrap();
+        let est: Policy = cst.try_into().unwrap();
+        let has_slot = est.conditions.iter().any(|c| c.has_slot());
+        assert!(
+            !has_slot,
+            "Policy condition marked as having a slot when it does not have a slot"
+        )
+    }
 }
 
 #[cfg(test)]
diff --git a/cedar-policy-core/src/est/err.rs b/cedar-policy-core/src/est/err.rs
index 2a6af4ff87..ddc99fa7fb 100644
--- a/cedar-policy-core/src/est/err.rs
+++ b/cedar-policy-core/src/est/err.rs
@@ -15,7 +15,7 @@
  */
 
 use crate::ast;
-use crate::entities::json::err::JsonDeserializationError;
+use crate::entities::json::err::{JsonDeserializationError, JsonSerializationError};
 use crate::parser::err::{parse_errors, ParseErrors};
 use crate::parser::unescape;
 use miette::Diagnostic;
@@ -50,10 +50,10 @@ pub enum FromJsonError {
     /// EST contained a template slot for `action`. This is not currently allowed
     #[error("slots are not allowed for actions")]
     ActionSlot,
-    /// EST contained a template slot in policy condition
+    /// EST contained a template slot in policy condition but not in the scope
     #[error(transparent)]
     #[diagnostic(transparent)]
-    SlotsInConditionClause(#[from] parse_errors::SlotsInConditionClause),
+    SlotsNotInScopeInConditionClause(#[from] parse_errors::SlotsNotInScopeInConditionClause),
     /// EST contained the empty JSON object `{}` where a key (operator) was expected
     #[error("missing operator, found empty object")]
     MissingOperator,
@@ -104,7 +104,7 @@ pub enum PolicySetFromJsonError {
 }
 
 /// Errors while linking a policy
-#[derive(Debug, PartialEq, Eq, Diagnostic, Error)]
+#[derive(Debug, Diagnostic, Error)]
 pub enum LinkingError {
     /// Template contains this slot, but a value wasn't provided for it
     #[error("failed to link template: no value provided for `{slot}`")]
@@ -112,6 +112,16 @@ pub enum LinkingError {
         /// Slot which didn't have a value provided for it
         slot: ast::SlotId,
     },
+
+    /// Encounter JSON Serialization error when linking
+    #[error(transparent)]
+    #[diagnostic(transparent)]
+    UnableToSerializeJSONValueProvided(#[from] JsonSerializationError),
+
+    /// Encountered JSON deserialization error when linking
+    #[error(transparent)]
+    #[diagnostic(transparent)]
+    InvalidJSON(#[from] JsonDeserializationError),
 }
 
 impl From<ast::UnexpectedSlotError> for FromJsonError {
diff --git a/cedar-policy-core/src/est/expr.rs b/cedar-policy-core/src/est/expr.rs
index 9dc89c3c30..66bcb98d91 100644
--- a/cedar-policy-core/src/est/expr.rs
+++ b/cedar-policy-core/src/est/expr.rs
@@ -22,8 +22,9 @@ use crate::ast::Infallible;
 use crate::ast::{self, BoundedDisplay, EntityUID};
 use crate::entities::json::{
     err::EscapeKind, err::JsonDeserializationError, err::JsonDeserializationErrorContext,
-    CedarValueJson, FnAndArgs,
+    CedarValueJson, EntityUidJson, FnAndArgs,
 };
+use crate::est::LinkingError;
 use crate::expr_builder::ExprBuilder;
 use crate::extensions::Extensions;
 use crate::jsonvalue::JsonValueWithNoDuplicateKeys;
@@ -877,6 +878,195 @@ impl Expr {
             }
         }
     }
+
+    /// Instantiate all the slots in an expression with their values
+    pub fn link(
+        self,
+        vals: &HashMap<ast::SlotId, EntityUidJson>,
+        generalized_vals: &HashMap<ast::SlotId, CedarValueJson>,
+    ) -> Result<Self, LinkingError> {
+        match self {
+            Expr::ExprNoExt(e) => match e {
+                v @ ExprNoExt::Value(_) => Ok(Expr::ExprNoExt(v)),
+                v @ ExprNoExt::Var(_) => Ok(Expr::ExprNoExt(v)),
+                ExprNoExt::Slot(slot) => {
+                    if slot.is_generalized_slot() {
+                        match generalized_vals.get(&slot) {
+                            Some(expr) => Ok(Expr::ExprNoExt(ExprNoExt::Value(expr.clone()))),
+                            None => Err(LinkingError::MissedSlot { slot }),
+                        }
+                    } else {
+                        match vals.get(&slot) {
+                            Some(e) => {
+                                let literal = CedarValueJson::from_lit(
+                                    e.clone()
+                                        .into_euid(|| JsonDeserializationErrorContext::Unknown)?
+                                        .into(),
+                                );
+                                Ok(Expr::ExprNoExt(ExprNoExt::Value(literal)))
+                            }
+                            None => Err(LinkingError::MissedSlot { slot }),
+                        }
+                    }
+                }
+                ExprNoExt::Not { arg } => Ok(Expr::ExprNoExt(ExprNoExt::Not {
+                    arg: Arc::new(Arc::unwrap_or_clone(arg).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::Neg { arg } => Ok(Expr::ExprNoExt(ExprNoExt::Neg {
+                    arg: Arc::new(Arc::unwrap_or_clone(arg).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::Eq { left, right } => Ok(Expr::ExprNoExt(ExprNoExt::Eq {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::NotEq { left, right } => Ok(Expr::ExprNoExt(ExprNoExt::NotEq {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::In { left, right } => Ok(Expr::ExprNoExt(ExprNoExt::In {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::Less { left, right } => Ok(Expr::ExprNoExt(ExprNoExt::Less {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::LessEq { left, right } => Ok(Expr::ExprNoExt(ExprNoExt::LessEq {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::Greater { left, right } => Ok(Expr::ExprNoExt(ExprNoExt::Greater {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::GreaterEq { left, right } => Ok(Expr::ExprNoExt(ExprNoExt::GreaterEq {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::And { left, right } => Ok(Expr::ExprNoExt(ExprNoExt::And {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::Or { left, right } => Ok(Expr::ExprNoExt(ExprNoExt::Or {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::Add { left, right } => Ok(Expr::ExprNoExt(ExprNoExt::Add {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::Sub { left, right } => Ok(Expr::ExprNoExt(ExprNoExt::Sub {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::Mul { left, right } => Ok(Expr::ExprNoExt(ExprNoExt::Mul {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::Contains { left, right } => Ok(Expr::ExprNoExt(ExprNoExt::Contains {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::ContainsAll { left, right } => {
+                    Ok(Expr::ExprNoExt(ExprNoExt::ContainsAll {
+                        left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                        right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                    }))
+                }
+                ExprNoExt::ContainsAny { left, right } => {
+                    Ok(Expr::ExprNoExt(ExprNoExt::ContainsAny {
+                        left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                        right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                    }))
+                }
+                ExprNoExt::IsEmpty { arg } => Ok(Expr::ExprNoExt(ExprNoExt::IsEmpty {
+                    arg: Arc::new(Arc::unwrap_or_clone(arg).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::GetTag { left, right } => Ok(Expr::ExprNoExt(ExprNoExt::GetTag {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::HasTag { left, right } => Ok(Expr::ExprNoExt(ExprNoExt::HasTag {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    right: Arc::new(Arc::unwrap_or_clone(right).link(vals, generalized_vals)?),
+                })),
+                ExprNoExt::GetAttr { left, attr } => Ok(Expr::ExprNoExt(ExprNoExt::GetAttr {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    attr,
+                })),
+                ExprNoExt::HasAttr { left, attr } => Ok(Expr::ExprNoExt(ExprNoExt::HasAttr {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    attr,
+                })),
+                ExprNoExt::Like { left, pattern } => Ok(Expr::ExprNoExt(ExprNoExt::Like {
+                    left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                    pattern,
+                })),
+                ExprNoExt::Is {
+                    left,
+                    entity_type,
+                    in_expr,
+                } => match in_expr {
+                    Some(in_expr) => Ok(Expr::ExprNoExt(ExprNoExt::Is {
+                        left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                        entity_type,
+                        in_expr: Some(Arc::new(
+                            Arc::unwrap_or_clone(in_expr).link(vals, generalized_vals)?,
+                        )),
+                    })),
+                    None => Ok(Expr::ExprNoExt(ExprNoExt::Is {
+                        left: Arc::new(Arc::unwrap_or_clone(left).link(vals, generalized_vals)?),
+                        entity_type,
+                        in_expr: None,
+                    })),
+                },
+                ExprNoExt::If {
+                    cond_expr,
+                    then_expr,
+                    else_expr,
+                } => Ok(Expr::ExprNoExt(ExprNoExt::If {
+                    cond_expr: Arc::new(
+                        Arc::unwrap_or_clone(cond_expr).link(vals, generalized_vals)?,
+                    ),
+                    then_expr: Arc::new(
+                        Arc::unwrap_or_clone(then_expr).link(vals, generalized_vals)?,
+                    ),
+                    else_expr: Arc::new(
+                        Arc::unwrap_or_clone(else_expr).link(vals, generalized_vals)?,
+                    ),
+                })),
+                ExprNoExt::Set(v) => {
+                    let mut new_v = vec![];
+                    for e in v {
+                        new_v.push(e.link(vals, generalized_vals)?);
+                    }
+                    Ok(Expr::ExprNoExt(ExprNoExt::Set(new_v)))
+                }
+                ExprNoExt::Record(m) => {
+                    let mut new_m = BTreeMap::new();
+                    for (k, v) in m {
+                        new_m.insert(k, v.link(vals, generalized_vals)?);
+                    }
+                    Ok(Expr::ExprNoExt(ExprNoExt::Record(new_m)))
+                }
+                #[cfg(feature = "tolerant-ast")]
+                ExprNoExt::Error(_) => Err(LinkingError::InvalidJSON(
+                    JsonDeserializationError::ASTErrorNode,
+                )),
+            },
+            Expr::ExtFuncCall(e_fn_call) => {
+                let mut new_m = HashMap::new();
+                for (k, v) in e_fn_call.call {
+                    let mut new_v = vec![];
+                    for e in v {
+                        new_v.push(e.link(vals, generalized_vals)?);
+                    }
+                    new_m.insert(k, new_v);
+                }
+                Ok(Expr::ExtFuncCall(ExtFuncCall { call: new_m }))
+            }
+        }
+    }
 }
 
 impl Expr {
@@ -1060,6 +1250,76 @@ impl Expr {
             Expr::ExprNoExt(ExprNoExt::Error(_)) => Err(FromJsonError::ASTErrorNode),
         }
     }
+
+    /// Returns true if expr has a slot
+    pub fn has_slot(&self) -> bool {
+        match self {
+            Expr::ExprNoExt(ExprNoExt::Value(..)) => false,
+            Expr::ExprNoExt(ExprNoExt::Var(..)) => false,
+            Expr::ExprNoExt(ExprNoExt::Slot(..)) => true,
+            Expr::ExprNoExt(ExprNoExt::Not { arg }) => arg.has_slot(),
+            Expr::ExprNoExt(ExprNoExt::Neg { arg }) => arg.has_slot(),
+            Expr::ExprNoExt(ExprNoExt::Eq { left, right }) => left.has_slot() || right.has_slot(),
+            Expr::ExprNoExt(ExprNoExt::NotEq { left, right }) => {
+                left.has_slot() || right.has_slot()
+            }
+            Expr::ExprNoExt(ExprNoExt::In { left, right }) => left.has_slot() || right.has_slot(),
+            Expr::ExprNoExt(ExprNoExt::Less { left, right }) => left.has_slot() || right.has_slot(),
+            Expr::ExprNoExt(ExprNoExt::LessEq { left, right }) => {
+                left.has_slot() || right.has_slot()
+            }
+            Expr::ExprNoExt(ExprNoExt::Greater { left, right }) => {
+                left.has_slot() || right.has_slot()
+            }
+            Expr::ExprNoExt(ExprNoExt::GreaterEq { left, right }) => {
+                left.has_slot() || right.has_slot()
+            }
+            Expr::ExprNoExt(ExprNoExt::And { left, right }) => left.has_slot() || right.has_slot(),
+            Expr::ExprNoExt(ExprNoExt::Or { left, right }) => left.has_slot() || right.has_slot(),
+            Expr::ExprNoExt(ExprNoExt::Add { left, right }) => left.has_slot() || right.has_slot(),
+            Expr::ExprNoExt(ExprNoExt::Sub { left, right }) => left.has_slot() || right.has_slot(),
+            Expr::ExprNoExt(ExprNoExt::Mul { left, right }) => left.has_slot() || right.has_slot(),
+            Expr::ExprNoExt(ExprNoExt::Contains { left, right }) => {
+                left.has_slot() || right.has_slot()
+            }
+            Expr::ExprNoExt(ExprNoExt::ContainsAll { left, right }) => {
+                left.has_slot() || right.has_slot()
+            }
+            Expr::ExprNoExt(ExprNoExt::ContainsAny { left, right }) => {
+                left.has_slot() || right.has_slot()
+            }
+            Expr::ExprNoExt(ExprNoExt::IsEmpty { arg }) => arg.has_slot(),
+            Expr::ExprNoExt(ExprNoExt::GetTag { left, right }) => {
+                left.has_slot() || right.has_slot()
+            }
+            Expr::ExprNoExt(ExprNoExt::HasTag { left, right }) => {
+                left.has_slot() || right.has_slot()
+            }
+            Expr::ExprNoExt(ExprNoExt::GetAttr { left, .. }) => left.has_slot(),
+            Expr::ExprNoExt(ExprNoExt::HasAttr { left, .. }) => left.has_slot(),
+            Expr::ExprNoExt(ExprNoExt::Like { left, .. }) => left.has_slot(),
+            Expr::ExprNoExt(ExprNoExt::Is { left, in_expr, .. }) => match in_expr {
+                Some(right) => left.has_slot() || right.has_slot(),
+                None => left.has_slot(),
+            },
+            Expr::ExprNoExt(ExprNoExt::If {
+                cond_expr,
+                then_expr,
+                else_expr,
+            }) => cond_expr.has_slot() || then_expr.has_slot() || else_expr.has_slot(),
+            Expr::ExprNoExt(ExprNoExt::Set(elements)) => {
+                elements.iter().any(|expr| expr.has_slot())
+            }
+            Expr::ExprNoExt(ExprNoExt::Record(map)) => map
+                .iter()
+                .fold(false, |init, (_, expr)| init || expr.has_slot()),
+            Expr::ExtFuncCall(ExtFuncCall { call }) => call.iter().fold(false, |init, (_, v)| {
+                init || (v.iter().any(|expr| expr.has_slot()))
+            }),
+            #[cfg(feature = "tolerant-ast")]
+            Expr::ExprNoExt(ExprNoExt::Error(_)) => false,
+        }
+    }
 }
 
 impl From<ast::Literal> for Expr {
diff --git a/cedar-policy-core/src/est/policy_set.rs b/cedar-policy-core/src/est/policy_set.rs
index 899cd1a719..7b4bdc7576 100644
--- a/cedar-policy-core/src/est/policy_set.rs
+++ b/cedar-policy-core/src/est/policy_set.rs
@@ -16,9 +16,9 @@
 
 use super::Policy;
 use super::PolicySetFromJsonError;
-use crate::ast::{self, EntityUID, PolicyID, SlotId};
+use crate::ast::{self, EntityUID, PolicyID, RestrictedExpr, SlotId};
 use crate::entities::json::err::JsonDeserializationErrorContext;
-use crate::entities::json::EntityUidJson;
+use crate::entities::{json::EntityUidJson, CedarValueJson};
 use crate::parser::cst::Policies;
 use crate::parser::err::ParseErrors;
 use crate::parser::Node;
@@ -56,9 +56,25 @@ impl PolicySet {
             .filter_map(|link| {
                 if &link.new_id == id {
                     self.get_template(&link.template_id).and_then(|template| {
-                        let unwrapped_est_vals: HashMap<SlotId, EntityUidJson> =
-                            link.values.iter().map(|(k, v)| (*k, v.into())).collect();
-                        template.link(&unwrapped_est_vals).ok()
+                        let unwrapped_est_vals: HashMap<SlotId, EntityUidJson> = link
+                            .values
+                            .iter()
+                            .map(|(k, v)| (k.clone(), v.into()))
+                            .collect();
+
+                        let unwrapped_est_generalized_vals: HashMap<SlotId, CedarValueJson> = link
+                            .generalized_values
+                            .iter()
+                            .map(|(k, v)| {
+                                (
+                                    k.clone(),
+                                    #[allow(clippy::expect_used)]
+                                    CedarValueJson::from_expr(v.as_borrowed()).expect("Conversion should only be done if policyset is well formed"),
+                                )
+                            })
+                            .collect();
+
+                        template.link(&unwrapped_est_vals, &unwrapped_est_generalized_vals).ok()
                     })
                 } else {
                     None
@@ -91,6 +107,10 @@ pub struct TemplateLink {
     /// Mapping between slots and entity uids
     #[serde_as(as = "serde_with::MapPreventDuplicates<_,EntityUidJson<TemplateLinkContext>>")]
     pub values: HashMap<SlotId, EntityUID>,
+    /// Mapping between generalized slots and restricted expr
+    #[serde_as(as = "serde_with::MapPreventDuplicates<_,CedarValueJson>")]
+    #[serde(default)]
+    pub generalized_values: HashMap<SlotId, RestrictedExpr>,
 }
 
 /// Statically set the deserialization error context to be deserialization of a template link
@@ -122,9 +142,10 @@ impl TryFrom<PolicySet> for ast::PolicySet {
             template_id,
             new_id,
             values,
+            generalized_values,
         } in value.template_links
         {
-            ast_pset.link(template_id, new_id, values)?;
+            ast_pset.link(template_id, new_id, values, generalized_values, None)?;
         }
 
         Ok(ast_pset)
diff --git a/cedar-policy-core/src/evaluator.rs b/cedar-policy-core/src/evaluator.rs
index 4f479be1c3..fb3ba97344 100644
--- a/cedar-policy-core/src/evaluator.rs
+++ b/cedar-policy-core/src/evaluator.rs
@@ -382,7 +382,8 @@ impl<'e> Evaluator<'e> {
     /// it doesn't consider whether we're processing a `Permit` policy or a
     /// `Forbid` policy.
     pub fn evaluate(&self, p: &Policy) -> Result<bool> {
-        self.interpret(&p.condition(), p.env())?.get_as_bool()
+        self.interpret(&p.condition(), p.env(), p.generalized_env())?
+            .get_as_bool()
     }
 
     /// Partially evaluate the given `Policy`, returning one of:
@@ -395,7 +396,7 @@ impl<'e> Evaluator<'e> {
     ///    it doesn't consider whether we're processing a `Permit` policy or a
     ///    `Forbid` policy.
     pub fn partial_evaluate(&self, p: &Policy) -> Result<Either<bool, Expr>> {
-        match self.partial_interpret(&p.condition(), p.env())? {
+        match self.partial_interpret(&p.condition(), p.env(), p.generalized_env())? {
             PartialValue::Value(v) => v.get_as_bool().map(Either::Left),
             PartialValue::Residual(e) => Ok(Either::Right(e)),
         }
@@ -406,8 +407,13 @@ impl<'e> Evaluator<'e> {
     /// Ensures the result is not a residual.
     /// May return an error, for instance if the `Expr` tries to access an
     /// attribute that doesn't exist.
-    pub fn interpret(&self, e: &Expr, slots: &SlotEnv) -> Result<Value> {
-        match self.partial_interpret(e, slots)? {
+    pub fn interpret(
+        &self,
+        e: &Expr,
+        slots: &SlotEnv,
+        generalized_slots: &GeneralizedSlotEnv,
+    ) -> Result<Value> {
+        match self.partial_interpret(e, slots, generalized_slots)? {
             PartialValue::Value(v) => Ok(v),
             PartialValue::Residual(r) => Err(EvaluationError::non_value(r)),
         }
@@ -418,10 +424,15 @@ impl<'e> Evaluator<'e> {
     /// May return a residual expression, if the input expression is symbolic.
     /// May return an error, for instance if the `Expr` tries to access an
     /// attribute that doesn't exist.
-    pub fn partial_interpret(&self, expr: &Expr, slots: &SlotEnv) -> Result<PartialValue> {
+    pub fn partial_interpret(
+        &self,
+        expr: &Expr,
+        slots: &SlotEnv,
+        generalized_slots: &GeneralizedSlotEnv,
+    ) -> Result<PartialValue> {
         stack_size_check()?;
 
-        let res = self.partial_interpret_internal(expr, slots);
+        let res = self.partial_interpret_internal(expr, slots, generalized_slots);
 
         // set the returned value's source location to the same source location
         // as the input expression had.
@@ -447,14 +458,30 @@ impl<'e> Evaluator<'e> {
     /// all errors are set properly before returning them from
     /// `partial_interpret()`.
     #[allow(clippy::cognitive_complexity)]
-    fn partial_interpret_internal(&self, expr: &Expr, slots: &SlotEnv) -> Result<PartialValue> {
+    fn partial_interpret_internal(
+        &self,
+        expr: &Expr,
+        slots: &SlotEnv,
+        generalized_slots: &GeneralizedSlotEnv,
+    ) -> Result<PartialValue> {
         let loc = expr.source_loc(); // the `loc` describing the location of the entire expression
         match expr.expr_kind() {
             ExprKind::Lit(lit) => Ok(lit.clone().into()),
-            ExprKind::Slot(id) => slots
-                .get(id)
-                .ok_or_else(|| err::EvaluationError::unlinked_slot(*id, loc.into_maybe_loc()))
-                .map(|euid| PartialValue::from(euid.clone())),
+            ExprKind::Slot(slot) => {
+                if slot.is_generalized_slot() {
+                    let restricted_expr = generalized_slots.get(slot).ok_or_else(|| {
+                        err::EvaluationError::unlinked_slot(slot.clone(), loc.into_maybe_loc())
+                    })?;
+                    self.partial_interpret(restricted_expr, slots, generalized_slots)
+                } else {
+                    slots
+                        .get(slot)
+                        .ok_or_else(|| {
+                            err::EvaluationError::unlinked_slot(slot.clone(), loc.into_maybe_loc())
+                        })
+                        .map(|euid| PartialValue::from(euid.clone()))
+                }
+            }
             ExprKind::Var(v) => match v {
                 Var::Principal => Ok(self.principal.evaluate(*v)),
                 Var::Action => Ok(self.action.evaluate(*v)),
@@ -466,9 +493,9 @@ impl<'e> Evaluator<'e> {
                 test_expr,
                 then_expr,
                 else_expr,
-            } => self.eval_if(test_expr, then_expr, else_expr, slots),
+            } => self.eval_if(test_expr, then_expr, else_expr, slots, generalized_slots),
             ExprKind::And { left, right } => {
-                match self.partial_interpret(left, slots)? {
+                match self.partial_interpret(left, slots, generalized_slots)? {
                     // PE Case
                     PartialValue::Residual(e) => {
                         Ok(PartialValue::Residual(Expr::and(e, right.as_ref().clone())))
@@ -476,7 +503,7 @@ impl<'e> Evaluator<'e> {
                     // Full eval case
                     PartialValue::Value(v) => {
                         if v.get_as_bool()? {
-                            match self.partial_interpret(right, slots)? {
+                            match self.partial_interpret(right, slots, generalized_slots)? {
                                 // you might think that `true && <residual>` can be optimized to `<residual>`, but this isn't true because
                                 // <residual> must be boolean, or else it needs to type error. So return `true && <residual>` to ensure
                                 // type check happens
@@ -494,7 +521,7 @@ impl<'e> Evaluator<'e> {
                 }
             }
             ExprKind::Or { left, right } => {
-                match self.partial_interpret(left, slots)? {
+                match self.partial_interpret(left, slots, generalized_slots)? {
                     // PE cases
                     PartialValue::Residual(r) => {
                         Ok(PartialValue::Residual(Expr::or(r, right.as_ref().clone())))
@@ -505,7 +532,7 @@ impl<'e> Evaluator<'e> {
                             // We can short circuit here
                             Ok(true.into())
                         } else {
-                            match self.partial_interpret(right, slots)? {
+                            match self.partial_interpret(right, slots, generalized_slots)? {
                                 PartialValue::Residual(rhs) =>
                                 // you might think that `false || <residual>` can be optimized to `<residual>`, but this isn't true because
                                 // <residual> must be boolean, or else it needs to type error. So return `false || <residual>` to ensure
@@ -519,20 +546,24 @@ impl<'e> Evaluator<'e> {
                     }
                 }
             }
-            ExprKind::UnaryApp { op, arg } => match self.partial_interpret(arg, slots)? {
-                PartialValue::Value(arg) => unary_app(*op, arg, loc).map(Into::into),
-                // NOTE, there was a bug here found during manual review. (I forgot to wrap in unary_app call)
-                // Could be a nice target for fault injection
-                PartialValue::Residual(r) => Ok(PartialValue::Residual(Expr::unary_app(*op, r))),
-            },
+            ExprKind::UnaryApp { op, arg } => {
+                match self.partial_interpret(arg, slots, generalized_slots)? {
+                    PartialValue::Value(arg) => unary_app(*op, arg, loc).map(Into::into),
+                    // NOTE, there was a bug here found during manual review. (I forgot to wrap in unary_app call)
+                    // Could be a nice target for fault injection
+                    PartialValue::Residual(r) => {
+                        Ok(PartialValue::Residual(Expr::unary_app(*op, r)))
+                    }
+                }
+            }
             ExprKind::BinaryApp { op, arg1, arg2 } => {
                 // NOTE: There are more precise partial eval opportunities here, esp w/ typed unknowns
                 // Current limitations:
                 //   Operators are not partially evaluated, except in a few 'simple' cases when comparing a concrete value with an unknown of known type
                 //   implemented in short_circuit_*
                 let (arg1, arg2) = match (
-                    self.partial_interpret(arg1, slots)?,
-                    self.partial_interpret(arg2, slots)?,
+                    self.partial_interpret(arg1, slots, generalized_slots)?,
+                    self.partial_interpret(arg2, slots, generalized_slots)?,
                 ) {
                     (PartialValue::Value(v1), PartialValue::Value(v2)) => (v1, v2),
                     (PartialValue::Value(v1), PartialValue::Residual(e2)) => {
@@ -659,7 +690,7 @@ impl<'e> Evaluator<'e> {
             ExprKind::ExtensionFunctionApp { fn_name, args } => {
                 let args = args
                     .iter()
-                    .map(|arg| self.partial_interpret(arg, slots))
+                    .map(|arg| self.partial_interpret(arg, slots, generalized_slots))
                     .collect::<Result<Vec<_>>>()?;
                 match split(args) {
                     Either::Left(vals) => {
@@ -672,33 +703,37 @@ impl<'e> Evaluator<'e> {
                     )),
                 }
             }
-            ExprKind::GetAttr { expr, attr } => self.get_attr(expr.as_ref(), attr, slots, loc),
-            ExprKind::HasAttr { expr, attr } => match self.partial_interpret(expr, slots)? {
-                PartialValue::Value(Value {
-                    value: ValueKind::Record(record),
-                    ..
-                }) => Ok(record.get(attr).is_some().into()),
-                PartialValue::Value(Value {
-                    value: ValueKind::Lit(Literal::EntityUID(uid)),
-                    ..
-                }) => match self.entities.entity(&uid) {
-                    Dereference::NoSuchEntity => Ok(false.into()),
-                    Dereference::Residual(r) => {
-                        Ok(PartialValue::Residual(Expr::has_attr(r, attr.clone())))
-                    }
-                    Dereference::Data(e) => Ok(e.get(attr).is_some().into()),
-                },
-                PartialValue::Value(val) => Err(err::EvaluationError::type_error(
-                    nonempty![
-                        Type::Record,
-                        Type::entity_type(names::ANY_ENTITY_TYPE.clone())
-                    ],
-                    &val,
-                )),
-                PartialValue::Residual(r) => Ok(Expr::has_attr(r, attr.clone()).into()),
-            },
+            ExprKind::GetAttr { expr, attr } => {
+                self.get_attr(expr.as_ref(), attr, slots, generalized_slots, loc)
+            }
+            ExprKind::HasAttr { expr, attr } => {
+                match self.partial_interpret(expr, slots, generalized_slots)? {
+                    PartialValue::Value(Value {
+                        value: ValueKind::Record(record),
+                        ..
+                    }) => Ok(record.get(attr).is_some().into()),
+                    PartialValue::Value(Value {
+                        value: ValueKind::Lit(Literal::EntityUID(uid)),
+                        ..
+                    }) => match self.entities.entity(&uid) {
+                        Dereference::NoSuchEntity => Ok(false.into()),
+                        Dereference::Residual(r) => {
+                            Ok(PartialValue::Residual(Expr::has_attr(r, attr.clone())))
+                        }
+                        Dereference::Data(e) => Ok(e.get(attr).is_some().into()),
+                    },
+                    PartialValue::Value(val) => Err(err::EvaluationError::type_error(
+                        nonempty![
+                            Type::Record,
+                            Type::entity_type(names::ANY_ENTITY_TYPE.clone())
+                        ],
+                        &val,
+                    )),
+                    PartialValue::Residual(r) => Ok(Expr::has_attr(r, attr.clone()).into()),
+                }
+            }
             ExprKind::Like { expr, pattern } => {
-                let v = self.partial_interpret(expr, slots)?;
+                let v = self.partial_interpret(expr, slots, generalized_slots)?;
                 match v {
                     PartialValue::Value(v) => {
                         Ok((pattern.wildcard_match(v.get_as_string()?)).into())
@@ -707,7 +742,7 @@ impl<'e> Evaluator<'e> {
                 }
             }
             ExprKind::Is { expr, entity_type } => {
-                let v = self.partial_interpret(expr, slots)?;
+                let v = self.partial_interpret(expr, slots, generalized_slots)?;
                 match v {
                     PartialValue::Value(v) => {
                         Ok((v.get_as_entity()?.entity_type() == entity_type).into())
@@ -730,7 +765,7 @@ impl<'e> Evaluator<'e> {
             ExprKind::Set(items) => {
                 let vals = items
                     .iter()
-                    .map(|item| self.partial_interpret(item, slots))
+                    .map(|item| self.partial_interpret(item, slots, generalized_slots))
                     .collect::<Result<Vec<_>>>()?;
                 match split(vals) {
                     Either::Left(vals) => Ok(Value::set(vals, loc.into_maybe_loc()).into()),
@@ -740,7 +775,12 @@ impl<'e> Evaluator<'e> {
             ExprKind::Record(map) => {
                 let map = map
                     .iter()
-                    .map(|(k, v)| Ok((k.clone(), self.partial_interpret(v, slots)?)))
+                    .map(|(k, v)| {
+                        Ok((
+                            k.clone(),
+                            self.partial_interpret(v, slots, generalized_slots)?,
+                        ))
+                    })
                     .collect::<Result<Vec<_>>>()?;
                 let (names, evalled): (Vec<SmolStr>, Vec<PartialValue>) = map.into_iter().unzip();
                 match split(evalled) {
@@ -835,13 +875,14 @@ impl<'e> Evaluator<'e> {
         consequent: &Arc<Expr>,
         alternative: &Arc<Expr>,
         slots: &SlotEnv,
+        generalized_slots: &GeneralizedSlotEnv,
     ) -> Result<PartialValue> {
-        match self.partial_interpret(guard, slots)? {
+        match self.partial_interpret(guard, slots, generalized_slots)? {
             PartialValue::Value(v) => {
                 if v.get_as_bool()? {
-                    self.partial_interpret(consequent, slots)
+                    self.partial_interpret(consequent, slots, generalized_slots)
                 } else {
-                    self.partial_interpret(alternative, slots)
+                    self.partial_interpret(alternative, slots, generalized_slots)
                 }
             }
             PartialValue::Residual(guard) => {
@@ -858,9 +899,10 @@ impl<'e> Evaluator<'e> {
         expr: &Expr,
         attr: &SmolStr,
         slots: &SlotEnv,
+        generalized_slots: &GeneralizedSlotEnv,
         source_loc: Option<&Loc>,
     ) -> Result<PartialValue> {
-        match self.partial_interpret(expr, slots)? {
+        match self.partial_interpret(expr, slots, generalized_slots)? {
             // PE Cases
             PartialValue::Residual(res) => {
                 match res.expr_kind() {
@@ -882,7 +924,7 @@ impl<'e> Evaluator<'e> {
                                         source_loc.into_maybe_loc(),
                                     )
                                 })
-                                .and_then(|e| self.partial_interpret(e, slots))
+                                .and_then(|e| self.partial_interpret(e, slots, generalized_slots))
                         } else if map.keys().any(|k| k == attr) {
                             Ok(PartialValue::Residual(Expr::get_attr(
                                 Expr::record_arc(Arc::clone(map)),
@@ -1045,7 +1087,7 @@ impl Evaluator<'_> {
     /// location is propagated to the result.
     pub fn interpret_inline_policy(&self, e: &Expr) -> Result<Value> {
         use std::collections::HashMap;
-        match self.partial_interpret(e, &HashMap::new())? {
+        match self.partial_interpret(e, &HashMap::new(), &HashMap::new())? {
             PartialValue::Value(v) => {
                 debug_assert!(e.source_loc().is_some() == v.source_loc().is_some());
                 Ok(v)
@@ -1060,7 +1102,8 @@ impl Evaluator<'_> {
     /// Evaluate an expression, potentially leaving a residual
     pub fn partial_eval_expr(&self, p: &Expr) -> Result<Either<Value, Expr>> {
         let env = SlotEnv::new();
-        match self.partial_interpret(p, &env)? {
+        let generalized_env = GeneralizedSlotEnv::new();
+        match self.partial_interpret(p, &env, &generalized_env)? {
             PartialValue::Value(v) => Ok(Either::Left(v)),
             PartialValue::Residual(r) => Ok(Either::Right(r)),
         }
@@ -1162,6 +1205,32 @@ pub(crate) mod test {
 
     use cool_asserts::assert_matches;
 
+    fn schema() -> crate::validator::ValidatorSchema {
+        let src = r#"
+            namespace FS {
+                entity Disk = {
+                    owner: String, 
+                };
+                entity Folder in Disk = {
+                    owner: String,
+                };
+                entity Document in Folder = {
+                    owner: String,
+                };
+                entity Person;
+            }
+            action Navigate appliesTo {
+                principal: FS::Person,
+                resource: [FS::Disk, FS::Folder, FS::Document],
+            };
+            action Write appliesTo {
+                principal: FS::Person,
+                resource: [FS::Disk, FS::Folder, FS::Document],
+            };
+        "#;
+        src.parse().unwrap()
+    }
+
     /// Many of these tests use this Request
     pub fn basic_request() -> Request {
         Request::new(
@@ -4873,14 +4942,16 @@ pub(crate) mod test {
         let e = Expr::slot(SlotId::principal());
 
         let slots = HashMap::new();
-        let r = evaluator.partial_interpret(&e, &slots);
+        let generalized_slots = HashMap::new();
+        let r = evaluator.partial_interpret(&e, &slots, &generalized_slots);
         assert_matches!(r, Err(EvaluationError::UnlinkedSlot(UnlinkedSlotError { slot, .. })) => {
             assert_eq!(slot, SlotId::principal());
         });
 
         let mut slots = HashMap::new();
         slots.insert(SlotId::principal(), EntityUID::with_eid("eid"));
-        let r = evaluator.partial_interpret(&e, &slots);
+        let generalized_slots = HashMap::new();
+        let r = evaluator.partial_interpret(&e, &slots, &generalized_slots);
         assert_matches!(r, Ok(e) => {
             assert_eq!(
                 e,
@@ -4903,10 +4974,13 @@ pub(crate) mod test {
             .expect("Template already present in PolicySet");
         let mut values = HashMap::new();
         values.insert(SlotId::principal(), EntityUID::with_eid("p"));
+        let generalized_env = HashMap::new();
         pset.link(
             PolicyID::from_string("template"),
             PolicyID::from_string("instance"),
             values,
+            generalized_env,
+            None,
         )
         .expect("Linking failed!");
         let q = Request::new(
@@ -4929,6 +5003,72 @@ pub(crate) mod test {
         });
     }
 
+    #[test]
+    fn generalized_template_interp() {
+        let schema = schema();
+        let t = parse_policy_or_template(
+            Some(PolicyID::from_string("template")),
+            r#"template(?body: Long, ?disk: FS::Disk) => 
+            permit(principal, action, resource) 
+            when { ?body == 8 && ?disk.owner == "James" };"#,
+        )
+        .expect("Parse Error");
+
+        let mut pset = PolicySet::new();
+        pset.add_template(t)
+            .expect("Template already present in PolicySet");
+        let values = HashMap::new();
+        let generalized_values = HashMap::from_iter([
+            (
+                SlotId::generalized_slot("body".parse().unwrap()),
+                RestrictedExpr::val(8),
+            ),
+            (
+                SlotId::generalized_slot("disk".parse().unwrap()),
+                RestrictedExpr::val("FS::Disk::\"SSD\"".parse::<EntityUID>().unwrap()),
+            ),
+        ]);
+        pset.link(
+            PolicyID::from_string("template"),
+            PolicyID::from_string("instance"),
+            values,
+            generalized_values,
+            Some(&schema),
+        )
+        .expect("Linking failed!");
+        let q = Request::new(
+            (EntityUID::with_eid("p"), None),
+            (EntityUID::with_eid("read"), None),
+            (EntityUID::with_eid("r"), None),
+            Context::empty(),
+            Some(&RequestSchemaAllPass),
+            Extensions::none(),
+        )
+        .unwrap();
+
+        let eparser: EntityJsonParser<'_, '_> =
+            EntityJsonParser::new(None, Extensions::none(), TCComputation::ComputeNow);
+        let entities = eparser
+            .from_json_str(
+                r#"
+        [{
+            "uid": {
+                "type": "FS::Disk",
+                "id": "SSD"
+            },
+            "attrs": { "owner": "James" },
+            "parents": []
+        }]"#,
+            )
+            .expect("empty slice");
+        let eval = Evaluator::new(q.clone(), &entities, Extensions::none());
+
+        let ir = pset.policies().next().expect("No linked policies");
+        assert_matches!(eval.partial_evaluate(ir), Ok(Either::Left(b)) => {
+            assert!(b, "Should be enforced");
+        });
+    }
+
     #[track_caller] // report the caller's location as the location of the panic, not the location in this function
     fn assert_restricted_expression_error(e: &Expr) {
         assert_matches!(
@@ -5087,7 +5227,7 @@ pub(crate) mod test {
                 let m: HashMap<_, _> = HashMap::from([("principal".into(), Value::from(euid))]);
                 let new_expr = expr.substitute_typed(&m).unwrap();
                 assert_eq!(
-                    e.partial_interpret(&new_expr, &HashMap::new())
+                    e.partial_interpret(&new_expr, &HashMap::new(), &HashMap::new())
                         .expect("Failed to eval"),
                     PartialValue::Value(true.into())
                 );
@@ -5348,7 +5488,9 @@ pub(crate) mod test {
 
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         assert_eq!(
             r,
@@ -5396,7 +5538,9 @@ pub(crate) mod test {
         .unwrap();
         let eval = Evaluator::new(q, &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         assert_eq!(
             r,
@@ -5425,7 +5569,8 @@ pub(crate) mod test {
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
         assert_eq!(
-            eval.partial_interpret(&e, &HashMap::new()).unwrap(),
+            eval.partial_interpret(&e, &HashMap::new(), &HashMap::new())
+                .unwrap(),
             PartialValue::Residual(Expr::ite(
                 Expr::unknown(Unknown::new_untyped("guard")),
                 b,
@@ -5445,7 +5590,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         assert_eq!(r, PartialValue::Value(Value::from(false)));
     }
@@ -5461,7 +5608,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         assert_eq!(
             r,
@@ -5483,7 +5632,10 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        assert_matches!(eval.partial_interpret(&e, &HashMap::new()), Err(_));
+        assert_matches!(
+            eval.partial_interpret(&e, &HashMap::new(), &HashMap::new()),
+            Err(_)
+        );
     }
 
     #[test]
@@ -5501,7 +5653,10 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        assert_matches!(eval.partial_interpret(&e, &HashMap::new()), Ok(_));
+        assert_matches!(
+            eval.partial_interpret(&e, &HashMap::new(), &HashMap::new()),
+            Ok(_)
+        );
     }
 
     #[test]
@@ -5516,7 +5671,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         assert_eq!(r, PartialValue::Value(Value::from(true)));
     }
@@ -5532,7 +5689,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         assert_eq!(
             r,
@@ -5554,7 +5713,10 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        assert_matches!(eval.partial_interpret(&e, &HashMap::new()), Err(_));
+        assert_matches!(
+            eval.partial_interpret(&e, &HashMap::new(), &HashMap::new()),
+            Err(_)
+        );
     }
 
     #[test]
@@ -5572,7 +5734,10 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        assert_matches!(eval.partial_interpret(&e, &HashMap::new()), Ok(_));
+        assert_matches!(
+            eval.partial_interpret(&e, &HashMap::new(), &HashMap::new()),
+            Ok(_)
+        );
     }
 
     #[test]
@@ -5585,7 +5750,10 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        assert_matches!(eval.partial_interpret(&a, &HashMap::new()), Err(_));
+        assert_matches!(
+            eval.partial_interpret(&a, &HashMap::new(), &HashMap::new()),
+            Err(_)
+        );
     }
 
     #[test]
@@ -5598,7 +5766,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&a, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&a, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         let expected = PartialValue::unknown(Unknown::new_untyped("test"));
 
@@ -5619,7 +5789,10 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        assert_matches!(eval.partial_interpret(&a, &HashMap::new()), Err(_));
+        assert_matches!(
+            eval.partial_interpret(&a, &HashMap::new(), &HashMap::new()),
+            Err(_)
+        );
     }
 
     #[test]
@@ -5636,7 +5809,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&a, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&a, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         let expected = PartialValue::unknown(Unknown::new_untyped("b"));
 
@@ -5653,7 +5828,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         let expected = Expr::ite(guard, Expr::val(1), Expr::val(2));
 
@@ -5670,7 +5847,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         let expected = Expr::ite(guard, cons, Expr::val(2));
 
@@ -5687,7 +5866,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         let expected = Expr::ite(guard, Expr::val(2), alt);
         assert_eq!(r, PartialValue::Residual(expected));
@@ -5704,7 +5885,8 @@ pub(crate) mod test {
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
         assert_eq!(
-            eval.partial_interpret(&e, &HashMap::new()).unwrap(),
+            eval.partial_interpret(&e, &HashMap::new(), &HashMap::new())
+                .unwrap(),
             PartialValue::Residual(Expr::ite(guard, cons, alt))
         );
     }
@@ -5718,7 +5900,10 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        assert_matches!(eval.partial_interpret(&e, &HashMap::new()), Err(_));
+        assert_matches!(
+            eval.partial_interpret(&e, &HashMap::new(), &HashMap::new()),
+            Err(_)
+        );
     }
 
     // err || res -> err
@@ -5730,7 +5915,10 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        assert_matches!(eval.partial_interpret(&e, &HashMap::new()), Err(_));
+        assert_matches!(
+            eval.partial_interpret(&e, &HashMap::new(), &HashMap::new()),
+            Err(_)
+        );
     }
 
     // true && res -> true && res
@@ -5742,7 +5930,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         let expected = Expr::and(
             Expr::val(true),
@@ -5760,7 +5950,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
         assert_eq!(r, PartialValue::Value(Value::from(false)));
     }
 
@@ -5773,7 +5965,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
         let expected = Expr::and(lhs, rhs);
         assert_eq!(r, PartialValue::Residual(expected));
     }
@@ -5786,7 +5980,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
         let expected = Expr::and(lhs, rhs);
         assert_eq!(r, PartialValue::Residual(expected));
     }
@@ -5800,7 +5996,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         let expected = Expr::and(
             Expr::unknown(Unknown::new_untyped("b")),
@@ -5818,7 +6016,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         let expected = Expr::and(
             Expr::get_attr(Expr::unknown(Unknown::new_untyped("test")), "field".into()),
@@ -5836,7 +6036,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
         assert_eq!(r, PartialValue::Value(Value::from(true)));
     }
 
@@ -5849,7 +6051,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
         let expected = Expr::or(
             Expr::val(false),
             Expr::get_attr(Expr::unknown(Unknown::new_untyped("test")), "field".into()),
@@ -5866,7 +6070,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
         let expected = Expr::or(lhs, rhs);
         assert_eq!(r, PartialValue::Residual(expected));
     }
@@ -5879,7 +6085,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
         let expected = Expr::or(lhs, rhs);
         assert_eq!(r, PartialValue::Residual(expected));
     }
@@ -5893,7 +6101,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         let expected = Expr::or(
             Expr::unknown(Unknown::new_untyped("b")),
@@ -5911,7 +6121,9 @@ pub(crate) mod test {
         let es = Entities::new();
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         let expected = Expr::or(
             Expr::get_attr(Expr::unknown(Unknown::new_untyped("test")), "field".into()),
@@ -5926,15 +6138,21 @@ pub(crate) mod test {
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
         let e = Expr::unary_app(UnaryOp::Neg, Expr::unknown(Unknown::new_untyped("a")));
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
         assert_eq!(r, PartialValue::Residual(e));
 
         let e = Expr::unary_app(UnaryOp::Not, Expr::unknown(Unknown::new_untyped("a")));
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
         assert_eq!(r, PartialValue::Residual(e));
 
         let e = Expr::unary_app(UnaryOp::IsEmpty, Expr::unknown(Unknown::new_untyped("a")));
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
         assert_eq!(r, PartialValue::Residual(e));
     }
 
@@ -5962,7 +6180,9 @@ pub(crate) mod test {
                 Expr::binary_app(BinaryOp::Add, Expr::val(1), Expr::val(2)),
                 Expr::unknown(Unknown::new_untyped("a")),
             );
-            let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+            let r = eval
+                .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+                .unwrap();
             let expected = Expr::binary_app(
                 binop,
                 Expr::val(3),
@@ -5975,14 +6195,19 @@ pub(crate) mod test {
                 Expr::binary_app(BinaryOp::Add, Expr::val("hello"), Expr::val(2)),
                 Expr::unknown(Unknown::new_untyped("a")),
             );
-            assert_matches!(eval.partial_interpret(&e, &HashMap::new()), Err(_));
+            assert_matches!(
+                eval.partial_interpret(&e, &HashMap::new(), &HashMap::new()),
+                Err(_)
+            );
             // ensure PE evaluates right side
             let e = Expr::binary_app(
                 binop,
                 Expr::unknown(Unknown::new_untyped("a")),
                 Expr::binary_app(BinaryOp::Add, Expr::val(1), Expr::val(2)),
             );
-            let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+            let r = eval
+                .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+                .unwrap();
             let expected = Expr::binary_app(
                 binop,
                 Expr::unknown(Unknown::new_untyped("a")),
@@ -5995,14 +6220,19 @@ pub(crate) mod test {
                 Expr::unknown(Unknown::new_untyped("a")),
                 Expr::binary_app(BinaryOp::Add, Expr::val("hello"), Expr::val(2)),
             );
-            assert_matches!(eval.partial_interpret(&e, &HashMap::new()), Err(_));
+            assert_matches!(
+                eval.partial_interpret(&e, &HashMap::new(), &HashMap::new()),
+                Err(_)
+            );
             // Both left and right residuals
             let e = Expr::binary_app(
                 binop,
                 Expr::unknown(Unknown::new_untyped("a")),
                 Expr::unknown(Unknown::new_untyped("b")),
             );
-            let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+            let r = eval
+                .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+                .unwrap();
             let expected = Expr::binary_app(
                 binop,
                 Expr::unknown(Unknown::new_untyped("a")),
@@ -6018,7 +6248,9 @@ pub(crate) mod test {
         let eval = Evaluator::new(empty_request(), &es, Extensions::none());
 
         let e = Expr::mul(Expr::unknown(Unknown::new_untyped("a")), Expr::val(32));
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
         assert_eq!(r, PartialValue::Residual(e));
     }
 
@@ -6032,7 +6264,9 @@ pub(crate) mod test {
             vec![Expr::unknown(Unknown::new_untyped("a"))],
         );
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         assert_eq!(r, PartialValue::Residual(e));
     }
@@ -6047,7 +6281,9 @@ pub(crate) mod test {
         let b = Expr::unknown(Unknown::new_untyped("a"));
         let e = Expr::call_extension_fn("isInRange".parse().unwrap(), vec![a, b]);
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         assert_eq!(r, PartialValue::Residual(e));
 
@@ -6055,7 +6291,9 @@ pub(crate) mod test {
         let a = Expr::unknown(Unknown::new_untyped("a"));
         let e = Expr::call_extension_fn("isInRange".parse().unwrap(), vec![a, b]);
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         assert_eq!(r, PartialValue::Residual(e));
 
@@ -6063,7 +6301,10 @@ pub(crate) mod test {
         let a = Expr::unknown(Unknown::new_untyped("a"));
         let e = Expr::call_extension_fn("isInRange".parse().unwrap(), vec![a, b]);
 
-        assert_matches!(eval.partial_interpret(&e, &HashMap::new()), Err(_));
+        assert_matches!(
+            eval.partial_interpret(&e, &HashMap::new(), &HashMap::new()),
+            Err(_)
+        );
     }
 
     #[test]
@@ -6076,7 +6317,9 @@ pub(crate) mod test {
             Pattern::from(vec![]),
         );
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         assert_eq!(r, PartialValue::Residual(e));
     }
@@ -6091,7 +6334,9 @@ pub(crate) mod test {
             "User".parse().unwrap(),
         );
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         assert_eq!(r, PartialValue::Residual(e));
     }
@@ -6103,7 +6348,9 @@ pub(crate) mod test {
 
         let e = Expr::has_attr(Expr::unknown(Unknown::new_untyped("a")), "test".into());
 
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
 
         assert_eq!(r, PartialValue::Residual(e));
     }
@@ -6118,7 +6365,9 @@ pub(crate) mod test {
             Expr::unknown(Unknown::new_untyped("a")),
             Expr::val(2),
         ]);
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
         assert_eq!(r, PartialValue::Residual(e));
 
         let e = Expr::set([
@@ -6126,7 +6375,9 @@ pub(crate) mod test {
             Expr::unknown(Unknown::new_untyped("a")),
             Expr::binary_app(BinaryOp::Add, Expr::val(1), Expr::val(2)),
         ]);
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
         assert_eq!(
             r,
             PartialValue::Residual(Expr::set([
@@ -6141,7 +6392,10 @@ pub(crate) mod test {
             Expr::unknown(Unknown::new_untyped("a")),
             Expr::binary_app(BinaryOp::Add, Expr::val(1), Expr::val("a")),
         ]);
-        assert_matches!(eval.partial_interpret(&e, &HashMap::new()), Err(_));
+        assert_matches!(
+            eval.partial_interpret(&e, &HashMap::new(), &HashMap::new()),
+            Err(_)
+        );
     }
 
     #[test]
@@ -6155,7 +6409,9 @@ pub(crate) mod test {
             ("c".into(), Expr::val(2)),
         ])
         .unwrap();
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
         assert_eq!(r, PartialValue::Residual(e));
 
         let e = Expr::record([
@@ -6193,7 +6449,9 @@ pub(crate) mod test {
             ),
         ])
         .unwrap();
-        let r = eval.partial_interpret(&e, &HashMap::new()).unwrap();
+        let r = eval
+            .partial_interpret(&e, &HashMap::new(), &HashMap::new())
+            .unwrap();
         assert_eq!(
             r,
             PartialValue::Residual(
@@ -6215,7 +6473,10 @@ pub(crate) mod test {
             ),
         ])
         .unwrap();
-        assert_matches!(eval.partial_interpret(&e, &HashMap::new()), Err(_));
+        assert_matches!(
+            eval.partial_interpret(&e, &HashMap::new(), &HashMap::new()),
+            Err(_)
+        );
     }
 
     #[test]
diff --git a/cedar-policy-core/src/parser.rs b/cedar-policy-core/src/parser.rs
index 9a660057b6..812125860b 100644
--- a/cedar-policy-core/src/parser.rs
+++ b/cedar-policy-core/src/parser.rs
@@ -293,6 +293,15 @@ pub(crate) fn parse_ident(id: &str) -> Result<ast::Id, err::ParseErrors> {
     cst.to_valid_ident()
 }
 
+/// parse a slot
+///
+/// Private to this crate. Users outside Core should use `ValidSlotId`'s `FromStr` impl
+/// or its constructors
+pub(crate) fn parse_slot(slot: &str) -> Result<ast::ValidSlotId, err::ParseErrors> {
+    let cst = text_to_cst::parse_slot(slot)?;
+    (&cst).try_into()
+}
+
 /// parse an `AnyId`
 ///
 /// Private to this crate. Users outside Core should use `AnyId`'s `FromStr` impl
@@ -813,11 +822,12 @@ mod tests {
                 resource == ?resource
             };
             "#;
-        let slot_in_when_clause =
-            ExpectedErrorMessageBuilder::error("found template slot ?resource in a `when` clause")
-                .help("slots are currently unsupported in `when` clauses")
-                .exactly_one_underline("?resource")
-                .build();
+        let slot_in_when_clause = ExpectedErrorMessageBuilder::error(
+            "found template slot ?resource in a `when` clause",
+        )
+        .help("?resource needs to appear in the scope to appear in the condition of the template")
+        .exactly_one_underline("?resource")
+        .build();
         let unexpected_template = ExpectedErrorMessageBuilder::error(
             "expected a static policy, got a template containing the slot ?resource",
         )
@@ -852,11 +862,12 @@ mod tests {
                 resource == ?principal
             };
             "#;
-        let slot_in_when_clause =
-            ExpectedErrorMessageBuilder::error("found template slot ?principal in a `when` clause")
-                .help("slots are currently unsupported in `when` clauses")
-                .exactly_one_underline("?principal")
-                .build();
+        let slot_in_when_clause = ExpectedErrorMessageBuilder::error(
+            "found template slot ?principal in a `when` clause",
+        )
+        .help("?principal needs to appear in the scope to appear in the condition of the template")
+        .exactly_one_underline("?principal")
+        .build();
         let unexpected_template = ExpectedErrorMessageBuilder::error(
             "expected a static policy, got a template containing the slot ?principal",
         )
@@ -886,34 +897,6 @@ mod tests {
             expect_exactly_one_error(src, &e, &slot_in_when_clause);
         });
 
-        let src = r#"
-            permit(principal, action, resource) when {
-                resource == ?blah
-            };
-            "#;
-        let error = ExpectedErrorMessageBuilder::error("`?blah` is not a valid template slot")
-            .help("a template slot may only be `?principal` or `?resource`")
-            .exactly_one_underline("?blah")
-            .build();
-        assert_matches!(parse_policy(None, src), Err(e) => {
-            expect_exactly_one_error(src, &e, &error);
-        });
-        assert_matches!(parse_policy_or_template(None, src), Err(e) => {
-            expect_exactly_one_error(src, &e, &error);
-        });
-        assert_matches!(parse_policy_to_est_and_ast(None, src), Err(e) => {
-            expect_exactly_one_error(src, &e, &error);
-        });
-        assert_matches!(parse_policy_or_template_to_est_and_ast(None, src), Err(e) => {
-            expect_exactly_one_error(src, &e, &error);
-        });
-        assert_matches!(parse_policyset(src), Err(e) => {
-            expect_exactly_one_error(src, &e, &error);
-        });
-        assert_matches!(parse_policyset_to_ests_and_pset(src), Err(e) => {
-            expect_exactly_one_error(src, &e, &error);
-        });
-
         let src = r#"
             permit(principal, action, resource) unless {
                 resource == ?resource
@@ -922,7 +905,7 @@ mod tests {
         let slot_in_unless_clause = ExpectedErrorMessageBuilder::error(
             "found template slot ?resource in a `unless` clause",
         )
-        .help("slots are currently unsupported in `unless` clauses")
+        .help("?resource needs to appear in the scope to appear in the condition of the template")
         .exactly_one_underline("?resource")
         .build();
         let unexpected_template = ExpectedErrorMessageBuilder::error(
@@ -962,7 +945,7 @@ mod tests {
         let slot_in_unless_clause = ExpectedErrorMessageBuilder::error(
             "found template slot ?principal in a `unless` clause",
         )
-        .help("slots are currently unsupported in `unless` clauses")
+        .help("?principal needs to appear in the scope to appear in the condition of the template")
         .exactly_one_underline("?principal")
         .build();
         let unexpected_template = ExpectedErrorMessageBuilder::error(
@@ -994,34 +977,6 @@ mod tests {
             expect_exactly_one_error(src, &e, &slot_in_unless_clause);
         });
 
-        let src = r#"
-            permit(principal, action, resource) unless {
-                resource == ?blah
-            };
-            "#;
-        let error = ExpectedErrorMessageBuilder::error("`?blah` is not a valid template slot")
-            .help("a template slot may only be `?principal` or `?resource`")
-            .exactly_one_underline("?blah")
-            .build();
-        assert_matches!(parse_policy(None, src), Err(e) => {
-            expect_exactly_one_error(src, &e, &error);
-        });
-        assert_matches!(parse_policy_or_template(None, src), Err(e) => {
-            expect_exactly_one_error(src, &e, &error);
-        });
-        assert_matches!(parse_policy_to_est_and_ast(None, src), Err(e) => {
-            expect_exactly_one_error(src, &e, &error);
-        });
-        assert_matches!(parse_policy_or_template_to_est_and_ast(None, src), Err(e) => {
-            expect_exactly_one_error(src, &e, &error);
-        });
-        assert_matches!(parse_policyset(src), Err(e) => {
-            expect_exactly_one_error(src, &e, &error);
-        });
-        assert_matches!(parse_policyset_to_ests_and_pset(src), Err(e) => {
-            expect_exactly_one_error(src, &e, &error);
-        });
-
         let src = r#"
             permit(principal, action, resource) unless {
                 resource == ?resource
@@ -1029,15 +984,16 @@ mod tests {
                 resource == ?resource
             };
             "#;
-        let slot_in_when_clause =
-            ExpectedErrorMessageBuilder::error("found template slot ?resource in a `when` clause")
-                .help("slots are currently unsupported in `when` clauses")
-                .exactly_one_underline("?resource")
-                .build();
+        let slot_in_when_clause = ExpectedErrorMessageBuilder::error(
+            "found template slot ?resource in a `when` clause",
+        )
+        .help("?resource needs to appear in the scope to appear in the condition of the template")
+        .exactly_one_underline("?resource")
+        .build();
         let slot_in_unless_clause = ExpectedErrorMessageBuilder::error(
             "found template slot ?resource in a `unless` clause",
         )
-        .help("slots are currently unsupported in `unless` clauses")
+        .help("?resource needs to appear in the scope to appear in the condition of the template")
         .exactly_one_underline("?resource")
         .build();
         let unexpected_template = ExpectedErrorMessageBuilder::error(
@@ -1169,7 +1125,7 @@ mod tests {
             "@if(\"a\")",
             "unexpected end of input",
             "",
-            "expected `@` or identifier",
+            "expected `@`, `template`, or identifier",
         );
         // AST actually requires `principal` (`action`, `resource`, resp.). In
         // the `principal` case we also claim to expect `)` because an empty scope
diff --git a/cedar-policy-core/src/parser/cst.rs b/cedar-policy-core/src/parser/cst.rs
index 16a30c1757..fb4033aa76 100644
--- a/cedar-policy-core/src/parser/cst.rs
+++ b/cedar-policy-core/src/parser/cst.rs
@@ -14,6 +14,7 @@
  * limitations under the License.
  */
 
+use crate::validator::cedar_schema::Type;
 use smol_str::SmolStr;
 
 // shortcut because we need CST nodes to potentially be empty,
@@ -52,6 +53,8 @@ pub enum Str {
 pub struct PolicyImpl {
     /// Annotations
     pub annotations: Vec<Node<Annotation>>,
+    /// Slots Declaration
+    pub slots_type_declaration: Option<Node<SlotsTypeDeclaration>>,
     /// policy effect
     pub effect: Node<Ident>,
     /// Variables
@@ -407,4 +410,25 @@ impl Slot {
                 | (Slot::Resource, crate::ast::Var::Resource)
         )
     }
+
+    /// Check if a slot is a generalized slot
+    pub fn is_generalized(&self) -> bool {
+        matches!(self, Slot::Other(_))
+    }
+}
+
+/// SlotType: types for generalized slots
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub struct SlotType {
+    /// slot name
+    pub slot: Node<Slot>,
+    /// type
+    pub ty: Node<Type>,
+}
+
+/// SlotsTypeDeclaration: a vector of pairs consisting of a slot and it's type
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub struct SlotsTypeDeclaration {
+    /// a vector of slot and type pairs
+    pub values: Vec<Node<SlotType>>,
 }
diff --git a/cedar-policy-core/src/parser/cst_to_ast.rs b/cedar-policy-core/src/parser/cst_to_ast.rs
index dfb27b6edb..bde95e0cdb 100644
--- a/cedar-policy-core/src/parser/cst_to_ast.rs
+++ b/cedar-policy-core/src/parser/cst_to_ast.rs
@@ -36,16 +36,19 @@
 use super::err::{parse_errors, ParseError, ParseErrors, ToASTError, ToASTErrorKind};
 use super::node::Node;
 use super::unescape::{to_pattern, to_unescaped_string};
-use super::util::{flatten_tuple_2, flatten_tuple_3, flatten_tuple_4};
+use super::util::{flatten_tuple_2, flatten_tuple_3, flatten_tuple_4, flatten_tuple_5};
 use super::{cst, AsLocRef, IntoMaybeLoc, Loc, MaybeLoc};
 #[cfg(feature = "tolerant-ast")]
 use crate::ast::expr_allows_errors::ExprWithErrsBuilder;
 use crate::ast::{
     self, ActionConstraint, CallStyle, Integer, PatternElem, PolicySetError, PrincipalConstraint,
-    PrincipalOrResourceConstraint, ResourceConstraint, UnreservedId,
+    PrincipalOrResourceConstraint, ResourceConstraint, SlotsTypeDeclaration, UnreservedId,
 };
 use crate::expr_builder::ExprBuilder;
 use crate::fuzzy_match::fuzzy_search_limited;
+use crate::validator::{
+    cedar_schema::to_json_schema, json_schema::Type as JSONSchemaType, RawName,
+};
 use itertools::{Either, Itertools};
 use nonempty::nonempty;
 use nonempty::NonEmpty;
@@ -270,16 +273,18 @@ impl Node<Option<cst::Policy>> {
             )
             .into()),
             // The source failed to parse completely. If the parse errors include
-            // `SlotsInConditionClause` also add an `ExpectedStaticPolicy` error.
+            // `SlotsNotInScopeInConditionClause` also add an `ExpectedStaticPolicy` error.
             Err(mut errs) => {
                 let new_errs = errs
                     .iter()
                     .filter_map(|err| match err {
                         ParseError::ToAST(err) => match err.kind() {
-                            ToASTErrorKind::SlotsInConditionClause(inner) => Some(ToASTError::new(
-                                ToASTErrorKind::expected_static_policy(inner.slot.clone()),
-                                err.source_loc().into_maybe_loc(),
-                            )),
+                            ToASTErrorKind::SlotsNotInScopeInConditionClause(inner) => {
+                                Some(ToASTError::new(
+                                    ToASTErrorKind::expected_static_policy(inner.slot.clone()),
+                                    err.source_loc().into_maybe_loc(),
+                                ))
+                            }
                             _ => None,
                         },
                         _ => None,
@@ -319,31 +324,75 @@ impl Node<Option<cst::Policy>> {
         // convert scope
         let maybe_scope = policy.extract_scope();
 
+        let (contains_slot_in_principal, contains_slot_in_resource) = match &maybe_scope {
+            Ok((p, _, r)) => (p.has_slot(), r.has_slot()),
+            Err(_) => (false, false),
+        };
+
+        // maximally get all the slots in the condition, any errors will have already been caught by maybe_cond
+        let cond_slots = policy
+            .conds
+            .iter()
+            .filter_map(|c| match c.to_expr::<ast::ExprBuilder<()>>() {
+                Ok((e, _)) => Some(e),
+                Err(_) => None,
+            })
+            .flat_map(|e| e.slots().collect::<Vec<ast::Slot>>())
+            .collect();
+
+        // get slots_type_declaration
+        let maybe_slots_type_declaration = policy.get_slots_type_declaration(
+            contains_slot_in_principal,
+            contains_slot_in_resource,
+            cond_slots,
+        );
+
         // convert conditions
-        let maybe_conds = ParseErrors::transpose(policy.conds.iter().map(|c| {
-            let (e, is_when) = c.to_expr::<ast::ExprBuilder<()>>()?;
+        let maybe_conds = match policy.extract_scope() {
+            Ok((p, _, r)) => {
+                let slots_in_scope: HashSet<ast::Slot> =
+                    HashSet::from_iter(vec![p.get_slot(), r.get_slot()].into_iter().flatten());
+
+                ParseErrors::transpose(policy.conds.iter().map(|c| {
+                    let (e, is_when) = c.to_expr::<ast::ExprBuilder<()>>()?;
+                    let slot_errs = e
+                        .principal_and_resource_slots()
+                        .filter(|slot| !slots_in_scope.contains(slot))
+                        .map(|slot| {
+                            ToASTError::new(
+                                ToASTErrorKind::slots_not_in_scope_in_condition_clause(
+                                    slot.clone(),
+                                    if is_when { "when" } else { "unless" },
+                                ),
+                                slot.loc,
+                            )
+                            .into()
+                        });
 
-            let slot_errs = e.slots().map(|slot| {
-                ToASTError::new(
-                    ToASTErrorKind::slots_in_condition_clause(
-                        slot.clone(),
-                        if is_when { "when" } else { "unless" },
-                    ),
-                    slot.loc.or_else(|| c.loc.clone()),
-                )
-                .into()
-            });
-            match ParseErrors::from_iter(slot_errs) {
-                Some(errs) => Err(errs),
-                None => Ok(e),
+                    match ParseErrors::from_iter(slot_errs) {
+                        Some(errs) => Err(errs),
+                        None => Ok(e),
+                    }
+                }))
             }
-        }));
+            Err(_) => ParseErrors::transpose(policy.conds.iter().map(|c| {
+                let (e, _) = c.to_expr::<ast::ExprBuilder<()>>()?;
+                Ok(e)
+            })),
+        };
 
-        let (effect, annotations, (principal, action, resource), conds) =
-            flatten_tuple_4(maybe_effect, maybe_annotations, maybe_scope, maybe_conds)?;
+        let (effect, annotations, slots_type_declaration, (principal, action, resource), conds) =
+            flatten_tuple_5(
+                maybe_effect,
+                maybe_annotations,
+                maybe_slots_type_declaration,
+                maybe_scope,
+                maybe_conds,
+            )?;
         Ok(construct_template_policy(
             id,
             annotations.into(),
+            slots_type_declaration,
             effect,
             principal,
             action,
@@ -371,16 +420,18 @@ impl Node<Option<cst::Policy>> {
             )
             .into()),
             // The source failed to parse completely. If the parse errors include
-            // `SlotsInConditionClause` also add an `ExpectedStaticPolicy` error.
+            // `SlotsNotInScopeInConditionClause` also add an `ExpectedStaticPolicy` error.
             Err(mut errs) => {
                 let new_errs = errs
                     .iter()
                     .filter_map(|err| match err {
                         ParseError::ToAST(err) => match err.kind() {
-                            ToASTErrorKind::SlotsInConditionClause(inner) => Some(ToASTError::new(
-                                ToASTErrorKind::expected_static_policy(inner.slot.clone()),
-                                err.source_loc().into_maybe_loc(),
-                            )),
+                            ToASTErrorKind::SlotsNotInScopeInConditionClause(inner) => {
+                                Some(ToASTError::new(
+                                    ToASTErrorKind::expected_static_policy(inner.slot.clone()),
+                                    err.source_loc().into_maybe_loc(),
+                                ))
+                            }
                             _ => None,
                         },
                         _ => None,
@@ -417,30 +468,74 @@ impl Node<Option<cst::Policy>> {
         // convert scope
         let maybe_scope = policy.extract_scope_tolerant_ast();
 
+        let (contains_slot_in_principal, contains_slot_in_resource) = match &maybe_scope {
+            Ok((p, _, r)) => (p.has_slot(), r.has_slot()),
+            Err(_) => (false, false),
+        };
+
+        // maximally get all the slots in the condition, any errors will have already been caught by maybe_cond
+        let cond_slots = policy
+            .conds
+            .iter()
+            .filter_map(|c| match c.to_expr::<ast::ExprBuilder<()>>() {
+                Ok((e, _)) => Some(e),
+                Err(_) => None,
+            })
+            .flat_map(|e| e.slots().collect::<Vec<ast::Slot>>())
+            .collect();
+
+        // get slots_type_declaration
+        let maybe_slots_type_declaration = policy.get_slots_type_declaration(
+            contains_slot_in_principal,
+            contains_slot_in_resource,
+            cond_slots,
+        );
+
         // convert conditions
-        let maybe_conds = ParseErrors::transpose(policy.conds.iter().map(|c| {
-            let (e, is_when) = c.to_expr::<ExprWithErrsBuilder<()>>()?;
-            let slot_errs = e.slots().map(|slot| {
-                ToASTError::new(
-                    ToASTErrorKind::slots_in_condition_clause(
-                        slot.clone(),
-                        if is_when { "when" } else { "unless" },
-                    ),
-                    slot.loc.or_else(|| c.loc.clone()),
-                )
-                .into()
-            });
-            match ParseErrors::from_iter(slot_errs) {
-                Some(errs) => Err(errs),
-                None => Ok(e),
+        let maybe_conds = match policy.extract_scope_tolerant_ast() {
+            Ok((p, _, r)) => {
+                let slots_in_scope: HashSet<ast::Slot> =
+                    HashSet::from_iter(p.as_expr().slots().chain(r.as_expr().slots()));
+                ParseErrors::transpose(policy.conds.iter().map(|c| {
+                    let (e, is_when) = c.to_expr::<ExprWithErrsBuilder<()>>()?;
+                    let slot_errs = e
+                        .principal_and_resource_slots()
+                        .filter(|slot| !slots_in_scope.contains(slot))
+                        .map(|slot| {
+                            ToASTError::new(
+                                ToASTErrorKind::slots_not_in_scope_in_condition_clause(
+                                    slot.clone(),
+                                    if is_when { "when" } else { "unless" },
+                                ),
+                                slot.loc,
+                            )
+                            .into()
+                        });
+
+                    match ParseErrors::from_iter(slot_errs) {
+                        Some(errs) => Err(errs),
+                        None => Ok(e),
+                    }
+                }))
             }
-        }));
+            Err(_) => ParseErrors::transpose(policy.conds.iter().map(|c| {
+                let (e, _) = c.to_expr::<ExprWithErrsBuilder<()>>()?;
+                Ok(e)
+            })),
+        };
 
-        let (effect, annotations, (principal, action, resource), conds) =
-            flatten_tuple_4(maybe_effect, maybe_annotations, maybe_scope, maybe_conds)?;
+        let (effect, annotations, slots_type_declaration, (principal, action, resource), conds) =
+            flatten_tuple_5(
+                maybe_effect,
+                maybe_annotations,
+                maybe_slots_type_declaration,
+                maybe_scope,
+                maybe_conds,
+            )?;
         Ok(construct_template_policy(
             id,
             annotations.into(),
+            slots_type_declaration,
             effect,
             principal,
             action,
@@ -671,6 +766,93 @@ impl cst::PolicyImpl {
             None => Ok(annotations),
         }
     }
+
+    /// Get the slots_type_declaration from the `cst::Policy`
+    pub fn get_slots_type_declaration(
+        &self,
+        contains_slot_in_principal: bool,
+        contains_slot_in_resource: bool,
+        slots_in_cond: HashSet<ast::Slot>,
+    ) -> Result<SlotsTypeDeclaration> {
+        let mut slots_type_declaration: BTreeMap<ast::SlotId, JSONSchemaType<RawName>> =
+            BTreeMap::new();
+        let mut all_errs: Vec<ParseErrors> = vec![];
+
+        let cst_slots_type_declaration = match &self.slots_type_declaration {
+            Some(n) => n.try_as_inner()?.values.clone(),
+            None => vec![],
+        };
+
+        for node in cst_slots_type_declaration {
+            let loc = node.loc.clone();
+            let slot_type_pair = match node.try_into_inner() {
+                Ok(slot_type_pair) => slot_type_pair,
+                Err(e) => {
+                    all_errs.push(e.into());
+                    continue;
+                }
+            };
+
+            let ast_slot = match ast::SlotId::try_from(&slot_type_pair.slot) {
+                Ok(ast_slot) => ast_slot,
+                Err(e) => {
+                    all_errs.push(e);
+                    continue;
+                }
+            };
+
+            use std::collections::btree_map::Entry;
+
+            match slots_type_declaration.entry(ast_slot.clone()) {
+                Entry::Occupied(oentry) => {
+                    all_errs.push(
+                        ToASTError::new(
+                            ToASTErrorKind::DuplicateSlotsTypeDeclaration(oentry.key().clone()),
+                            loc,
+                        )
+                        .into(),
+                    );
+                }
+
+                Entry::Vacant(ventry) => {
+                    match slot_type_pair.ty.try_as_inner() {
+                        Ok(ty) => {
+                            let t = to_json_schema::cedar_type_to_json_type(Node {
+                                node: ty.clone(),
+                                loc: None,
+                            });
+                            ventry.insert(t);
+                        }
+                        Err(e) => {
+                            all_errs.push(e.into());
+                        }
+                    };
+                }
+            }
+        }
+
+        for slot in slots_type_declaration.keys() {
+            if !(slots_in_cond).contains(&ast::Slot {
+                id: slot.clone(),
+                loc: None,
+            }) && !(slot.is_principal() && contains_slot_in_principal)
+                && !(slot.is_resource() && contains_slot_in_resource)
+            {
+                all_errs.push(
+                    ToASTError::new(
+                        ToASTErrorKind::SlotsTypeDeclarationNotUsed(slot.clone()),
+                        None,
+                    )
+                    .into(),
+                )
+            }
+        }
+
+        match ParseErrors::flatten(all_errs) {
+            Some(errs) => Err(errs),
+            None => Ok(slots_type_declaration.into()),
+        }
+    }
 }
 
 impl Node<Option<cst::Annotation>> {
@@ -1105,7 +1287,7 @@ impl Node<Option<cst::Cond>> {
     /// `true` if the cond is a `when` clause, `false` if it is an `unless`
     /// clause. (The returned `expr` is already adjusted for this, the `bool` is
     /// for information only.)
-    fn to_expr<Build: ExprBuilder>(&self) -> Result<(Build::Expr, bool)> {
+    pub fn to_expr<Build: ExprBuilder>(&self) -> Result<(Build::Expr, bool)> {
         let cond = self.try_as_inner()?;
         let is_when = cond.cond.to_cond_is_when()?;
 
@@ -2102,32 +2284,47 @@ impl Node<Option<cst::Primary>> {
 
 impl Node<Option<cst::Slot>> {
     fn into_expr<Build: ExprBuilder>(self) -> Result<Build::Expr> {
-        match self.try_as_inner()?.try_into() {
+        match (&self).try_into() {
             Ok(slot_id) => Ok(Build::new()
                 .with_maybe_source_loc(self.loc.as_loc_ref())
                 .slot(slot_id)),
-            Err(e) => Err(self.to_ast_err(e).into()),
+            Err(e) => Err(e),
         }
     }
 }
 
-impl TryFrom<&cst::Slot> for ast::SlotId {
-    type Error = ToASTErrorKind;
-
-    fn try_from(slot: &cst::Slot) -> std::result::Result<Self, Self::Error> {
+impl TryFrom<&Node<Option<cst::Slot>>> for ast::ValidSlotId {
+    type Error = ParseErrors;
+    fn try_from(node: &Node<Option<cst::Slot>>) -> std::result::Result<Self, Self::Error> {
+        let slot = node.try_as_inner()?;
         match slot {
-            cst::Slot::Principal => Ok(ast::SlotId::principal()),
-            cst::Slot::Resource => Ok(ast::SlotId::resource()),
-            cst::Slot::Other(slot) => Err(ToASTErrorKind::InvalidSlot(slot.clone())),
+            cst::Slot::Principal => Ok(ast::ValidSlotId::Principal),
+            cst::Slot::Resource => Ok(ast::ValidSlotId::Resource),
+            cst::Slot::Other(s) => match s.as_ref() {
+                "action" | "context" => Err(ToASTError::new(
+                    ToASTErrorKind::ReservedSlotName(slot.to_string().to_smolstr()),
+                    node.loc.clone(),
+                )
+                .into()),
+                _ => Ok(ast::ValidSlotId::GeneralizedSlot(s.parse()?)),
+            },
         }
     }
 }
 
+impl TryFrom<&Node<Option<cst::Slot>>> for ast::SlotId {
+    type Error = ParseErrors;
+    fn try_from(slot: &Node<Option<cst::Slot>>) -> std::result::Result<Self, Self::Error> {
+        slot.try_into().map(ast::SlotId)
+    }
+}
+
 impl From<ast::SlotId> for cst::Slot {
     fn from(slot: ast::SlotId) -> cst::Slot {
         match slot {
             ast::SlotId(ast::ValidSlotId::Principal) => cst::Slot::Principal,
             ast::SlotId(ast::ValidSlotId::Resource) => cst::Slot::Resource,
+            ast::SlotId(ast::ValidSlotId::GeneralizedSlot(id)) => cst::Slot::Other(id.to_smolstr()),
         }
     }
 }
@@ -2335,6 +2532,7 @@ impl Node<Option<cst::RecInit>> {
 fn construct_template_policy(
     id: ast::PolicyID,
     annotations: ast::Annotations,
+    slots_type_declaration: ast::SlotsTypeDeclaration,
     effect: ast::Effect,
     principal: ast::PrincipalConstraint,
     action: ast::ActionConstraint,
@@ -2347,6 +2545,7 @@ fn construct_template_policy(
             id,
             loc.into_maybe_loc(),
             annotations,
+            slots_type_declaration,
             effect,
             principal,
             action,
@@ -2517,6 +2716,29 @@ mod tests {
         }
     }
 
+    #[track_caller]
+    fn assert_parse_template_succeeds(text: &str) -> ast::Template {
+        text_to_cst::parse_policy(text)
+            .expect("failed parser")
+            .to_template(ast::PolicyID::from_string("id"))
+            .unwrap_or_else(|errs| {
+                panic!("failed conversion to AST:\n{:?}", miette::Report::new(errs))
+            })
+    }
+
+    #[track_caller]
+    fn assert_parse_template_fails(text: &str) -> ParseErrors {
+        let result = text_to_cst::parse_policy(text)
+            .expect("failed parser")
+            .to_template(ast::PolicyID::from_string("id"));
+        match result {
+            Ok(policy) => {
+                panic!("conversion to AST should have failed, but succeeded with:\n{policy}")
+            }
+            Err(errs) => errs,
+        }
+    }
+
     #[test]
     fn show_expr1() {
         assert_parse_expr_succeeds(
@@ -3662,6 +3884,159 @@ mod tests {
         }
     }
 
+    #[test]
+    fn slots_type_declaration() {
+        let txt = r#"
+        template(?age: Long) =>
+        permit(principal, action, resource) when {
+            ?age == 5
+        };
+        "#;
+        assert_parse_template_succeeds(txt);
+
+        let txt = r#"
+        template(?age: Long, ?age: String) =>
+        permit(principal, action, resource) when {
+            ?age == 5
+        };
+        "#;
+        assert_parse_template_fails(txt);
+
+        let txt = r#"
+        template(?age: Long, ?age: Long) =>
+        permit(principal, action, resource) when {
+            ?age == 5
+        };
+        "#;
+        assert_parse_template_fails(txt);
+
+        let txt = r#"
+        template(?age: Long) =>
+        permit(principal, action, resource) when {
+            ?invalid == 5
+        };
+        "#;
+        assert_parse_template_fails(txt);
+
+        let txt = r#"
+        template(?age: Long, ?age: Long) =>
+        permit(principal, action, resource) when {
+            ?invalid == 5
+        };
+        "#;
+        assert_parse_template_fails(txt);
+    }
+
+    #[test]
+    fn generalized_slot_can_be_duplicated_in_the_cond() {
+        let txt = r#"
+        template(?age: Long) =>
+        permit(principal, action, resource) when {
+            ?age == 8 || ?age == 5 
+        };
+        "#;
+        assert_parse_template_succeeds(txt);
+    }
+
+    #[test]
+    fn slots_type_declaration_can_be_principal_or_resource() {
+        let txt = r#"
+        template(?principal: University::Department) => 
+        permit(principal == ?principal, action, resource); 
+        "#;
+        assert_parse_template_succeeds(txt);
+
+        let txt = r#"
+        template(?resource: University::Department) => 
+        permit(principal, action, resource == ?resource); 
+        "#;
+        assert_parse_template_succeeds(txt);
+
+        let txt = r#"
+        template(?principal: University::Department, ?resource: University::Department) => 
+        permit(principal == ?principal, action, resource == ?resource); 
+        "#;
+        assert_parse_template_succeeds(txt);
+    }
+
+    #[test]
+    fn special_identifiers_can_not_be_used_as_generalized_slot_names() {
+        let txt = r#"
+        template(?action: Long, ?context: Long) =>
+        permit(principal, action, resource);
+        "#;
+        assert_parse_template_fails(txt);
+
+        let txt = r#"
+        permit(principal == ?action, action, resource);
+        "#;
+        assert_parse_template_fails(txt);
+
+        let txt = r#"
+        permit(principal, action, resource == ?context);
+        "#;
+        assert_parse_template_fails(txt);
+    }
+
+    #[test]
+    fn slots_type_declaration_can_not_have_duplicate_slots() {
+        let txt = r#"
+        template(?age: Long, ?age: Long) =>
+        permit(principal, action, resource) unless {
+            ?age == 8
+        };
+        "#;
+        assert_parse_template_fails(txt);
+
+        let txt = r#"
+        template(?age: Long, ?age: String) =>
+        permit(principal, action, resource); 
+        "#;
+        assert_parse_template_fails(txt);
+    }
+
+    #[test]
+    fn generalized_slot_can_not_be_duplicated_in_scope() {
+        let txt = r#"
+        permit(principal == ?age, action, resource == ?age);
+        "#;
+        assert_parse_template_fails(txt);
+
+        let txt = r#"
+        template(?name: University::Department) =>
+        forbid(principal == ?name, action, resource == ?name);
+        "#;
+        assert_parse_template_fails(txt);
+
+        let txt = r#"
+        permit(principal == ?principal, action, resource == ?principal);
+        "#;
+        assert_parse_template_fails(txt);
+    }
+
+    #[test]
+    fn generalized_slot_in_annotation_must_be_used() {
+        let txt = r#"
+        template(?temp: Long) => 
+        permit(principal, action, resource); 
+        "#;
+        assert_parse_template_fails(txt);
+
+        let txt = r#"
+        template(?temp: Long, ?rand: String) => 
+        permit(principal, action, resource); 
+        "#;
+        assert_parse_template_fails(txt);
+    }
+
+    #[test]
+    fn flipped_principal_resource_in_the_scope_is_not_valid() {
+        let txt = r#"
+        permit(principal == ?resource, action, resource == ?principal); 
+        "#;
+        assert_parse_template_fails(txt);
+    }
+
     #[test]
     fn var_type() {
         assert_parse_policy_succeeds(
@@ -4755,15 +5130,6 @@ mod tests {
                 r#"permit(principal, action, resource in ?baz);"#,
                 ExpectedErrorMessageBuilder::error("expected an entity uid or matching template slot, found ?baz instead of ?resource").exactly_one_underline("?baz").build(),
             ),
-            (
-                r#"permit(principal, action, resource) when { principal == ?foo};"#,
-                ExpectedErrorMessageBuilder::error(
-                    "`?foo` is not a valid template slot",
-                ).help(
-                    "a template slot may only be `?principal` or `?resource`",
-                ).exactly_one_underline("?foo").build(),
-            ),
-
             (
                 r#"permit(principal, action == ?action, resource);"#,
                 ExpectedErrorMessageBuilder::error("expected single entity uid, found template slot").exactly_one_underline("?action").build(),
@@ -4805,6 +5171,94 @@ mod tests {
         }
     }
 
+    #[test]
+    fn template_slot_in_condition() {
+        let src = r#"permit(principal == ?principal, action == Action::"action", resource in ?resource) when {?principal.name == true && ?resource.valid == 5};"#;
+        text_to_cst::parse_policy(src)
+            .expect("parse_error")
+            .to_template(ast::PolicyID::from_string("i0"))
+            .unwrap_or_else(|errs| {
+                panic!(
+                    "Failed to create a policy template: {:?}",
+                    miette::Report::new(errs)
+                );
+            });
+    }
+
+    #[test]
+    fn template_slot_not_in_scope_in_condition_1() {
+        let src =
+            r#"permit(principal, action == Action::"action", resource) when {?principal.valid};"#;
+        let errs = text_to_cst::parse_policy(src)
+            .expect("parse_error")
+            .to_template(ast::PolicyID::from_string("i0"))
+            .unwrap_err();
+
+        expect_n_errors(src, &errs, 1);
+        expect_some_error_matches(
+            src,
+            &errs,
+            &ExpectedErrorMessageBuilder::error("found template slot ?principal in a `when` clause")
+                .help("?principal needs to appear in the scope to appear in the condition of the template")
+                .exactly_one_underline("?principal")
+                .build(),
+        );
+    }
+
+    #[test]
+    fn template_slot_not_in_scope_in_condition_2() {
+        let src = r#"forbid(principal, action == Action::"action", resource) unless {?resource.storage == 5};"#;
+        let errs = text_to_cst::parse_policy(src)
+            .expect("parse_error")
+            .to_template(ast::PolicyID::from_string("i0"))
+            .unwrap_err();
+
+        expect_n_errors(src, &errs, 1);
+        expect_some_error_matches(
+            src,
+            &errs,
+            &ExpectedErrorMessageBuilder::error(
+                "found template slot ?resource in a `unless` clause",
+            )
+            .help(
+                "?resource needs to appear in the scope to appear in the condition of the template",
+            )
+            .exactly_one_underline("?resource")
+            .build(),
+        );
+    }
+
+    #[test]
+    fn template_slot_not_in_scope_in_condition_3() {
+        let src = r#"permit(principal, action == Action::"action", resource) unless {?principal.valid && ?resource.storage == 5};"#;
+        let errs = text_to_cst::parse_policy(src)
+            .expect("parse_error")
+            .to_template(ast::PolicyID::from_string("i0"))
+            .unwrap_err();
+
+        expect_n_errors(src, &errs, 2);
+        expect_some_error_matches(
+            src,
+            &errs,
+            &ExpectedErrorMessageBuilder::error("found template slot ?principal in a `unless` clause")
+                .help("?principal needs to appear in the scope to appear in the condition of the template")
+                .exactly_one_underline("?principal")
+                .build(),
+        );
+        expect_some_error_matches(
+            src,
+            &errs,
+            &ExpectedErrorMessageBuilder::error(
+                "found template slot ?resource in a `unless` clause",
+            )
+            .help(
+                "?resource needs to appear in the scope to appear in the condition of the template",
+            )
+            .exactly_one_underline("?resource")
+            .build(),
+        );
+    }
+
     #[test]
     fn missing_scope_constraint() {
         let p_src = "permit();";
@@ -6064,15 +6518,6 @@ mod tests {
                 r#"permit(principal, action, resource in ?baz);"#,
                 ExpectedErrorMessageBuilder::error("expected an entity uid or matching template slot, found ?baz instead of ?resource").exactly_one_underline("?baz").build(),
             ),
-            (
-                r#"permit(principal, action, resource) when { principal == ?foo};"#,
-                ExpectedErrorMessageBuilder::error(
-                    "`?foo` is not a valid template slot",
-                ).help(
-                    "a template slot may only be `?principal` or `?resource`",
-                ).exactly_one_underline("?foo").build(),
-            ),
-
             (
                 r#"permit(principal, action == ?action, resource);"#,
                 ExpectedErrorMessageBuilder::error("expected single entity uid, found template slot").exactly_one_underline("?action").build(),
diff --git a/cedar-policy-core/src/parser/err.rs b/cedar-policy-core/src/parser/err.rs
index 00dd3a9a69..cc22c60b68 100644
--- a/cedar-policy-core/src/parser/err.rs
+++ b/cedar-policy-core/src/parser/err.rs
@@ -148,11 +148,22 @@ pub enum ToASTErrorKind {
     /// conflicting annotations
     #[error("duplicate annotation: @{0}")]
     DuplicateAnnotation(ast::AnyId),
-    /// Returned when a policy contains template slots in a when/unless clause.
-    /// This is not currently supported; see [RFC 3](https://github.com/cedar-policy/rfcs/pull/3).
+    /// Returned when we attempt to parse a policy with repeated slot names in
+    /// slots_type_declaration
+    #[error("duplicate slots_type_declaration: @{0}")]
+    DuplicateSlotsTypeDeclaration(ast::SlotId),
+    /// Return when a slot appears in the slots_type_declaration
+    /// but is not used within the template
+    #[error("{0} slot is given a type declaration, however it is not used with the template")]
+    SlotsTypeDeclarationNotUsed(ast::SlotId),
+    /// Returned when a policy contains `?principal` or `?resource`
+    /// slots in a when/unless clause but not in the scope.
     #[error(transparent)]
     #[diagnostic(transparent)]
-    SlotsInConditionClause(#[from] parse_errors::SlotsInConditionClause),
+    SlotsNotInScopeInConditionClause(#[from] parse_errors::SlotsNotInScopeInConditionClause),
+    /// Returned when a user tries to use a reserved slot name
+    #[error("{0} is not a valid slot name")]
+    ReservedSlotName(SmolStr),
     /// Returned when a policy is missing one of the three required scope elements
     /// (`principal`, `action`, and `resource`)
     #[error("this policy is missing the `{0}` variable in the scope")]
@@ -455,9 +466,12 @@ impl ToASTErrorKind {
         }
     }
 
-    /// Constructor for the [`ToASTErrorKind::SlotsInConditionClause`] error
-    pub fn slots_in_condition_clause(slot: ast::Slot, clause_type: &'static str) -> Self {
-        parse_errors::SlotsInConditionClause { slot, clause_type }.into()
+    /// Constructor for the [`ToASTErrorKind::SlotsNotInScopeInConditionClause`] error
+    pub fn slots_not_in_scope_in_condition_clause(
+        slot: ast::Slot,
+        clause_type: &'static str,
+    ) -> Self {
+        parse_errors::SlotsNotInScopeInConditionClause { slot, clause_type }.into()
     }
 
     /// Constructor for the [`ToASTErrorKind::ExpectedStaticPolicy`] error
@@ -546,11 +560,11 @@ pub mod parse_errors {
         }
     }
 
-    /// Details about a `SlotsInConditionClause` error.
+    /// Details about a `SlotsNotInScopeInConditionClause` error.
     #[derive(Debug, Clone, Diagnostic, Error, PartialEq, Eq)]
     #[error("found template slot {} in a `{clause_type}` clause", slot.id)]
-    #[diagnostic(help("slots are currently unsupported in `{clause_type}` clauses"))]
-    pub struct SlotsInConditionClause {
+    #[diagnostic(help("{} needs to appear in the scope to appear in the condition of the template", slot.id))]
+    pub struct SlotsNotInScopeInConditionClause {
         /// Slot that was found in a when/unless clause
         pub(crate) slot: ast::Slot,
         /// Clause type, e.g. "when" or "unless"
@@ -768,6 +782,7 @@ lazy_static! {
             "ACTION",
             "RESOURCE",
             "CONTEXT",
+            "SET",
         ]),
         identifier_sentinel: "IDENTIFIER",
         first_set_identifier_tokens: HashSet::from(["TRUE", "FALSE", "IF"]),
diff --git a/cedar-policy-core/src/parser/fmt.rs b/cedar-policy-core/src/parser/fmt.rs
index 45f3c295ca..8192ece00b 100644
--- a/cedar-policy-core/src/parser/fmt.rs
+++ b/cedar-policy-core/src/parser/fmt.rs
@@ -458,11 +458,11 @@ impl fmt::Display for Str {
 impl std::fmt::Display for Slot {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         let src = match self {
-            Slot::Principal => "?principal",
-            Slot::Resource => "?resource",
+            Slot::Principal => "principal",
+            Slot::Resource => "resource",
             Slot::Other(slot) => slot.as_ref(),
         };
-        write!(f, "{src}")
+        write!(f, "?{src}")
     }
 }
 
diff --git a/cedar-policy-core/src/parser/grammar.lalrpop b/cedar-policy-core/src/parser/grammar.lalrpop
index 540bde8a77..b02da06aac 100644
--- a/cedar-policy-core/src/parser/grammar.lalrpop
+++ b/cedar-policy-core/src/parser/grammar.lalrpop
@@ -22,6 +22,9 @@ use lalrpop_util::{ParseError, ErrorRecovery};
 use crate::parser::*;
 use crate::parser::err::{RawErrorRecovery, RawUserError};
 use crate::parser::node::Node;
+use crate::validator::cedar_schema::{Path, Type as SType, AttrDecl, Annotated};
+use crate::ast::{Annotations, Id}; 
+use smol_str::ToSmolStr;
 
 /// `errors` collects generated errors.
 ///
@@ -66,6 +69,12 @@ match {
     "?resource" => RESOURCE_SLOT,
     r"\?[_a-zA-Z][_a-zA-Z0-9]*" => OTHER_SLOT,
 
+    // templates
+    "template",
+    "=>", 
+    "Set" => SET, 
+    "?",
+
     // data input
     r"[_a-zA-Z][_a-zA-Z0-9]*" => IDENTIFIER,
     // The `NUMBER` token is a positive integer.
@@ -104,16 +113,29 @@ Annotation: Node<Option<cst::Annotation>> = {
     <l:@L> "@" <key:AnyIdent> <value: ("(" <Str> ")")?> <r:@R> => Node::with_maybe_source_loc(Some(cst::Annotation{key,value}), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src))))
 }
 
+// SlotType := { Name ':' SType }
+SlotType: Node<Option<cst::SlotType>> = {
+    <l:@L> <slot: Slot> ":" <ty: Type> <r:@R> => {
+        let ty = ty.map(|ty| Some(ty));
+        (Node::with_maybe_source_loc(Some(cst::SlotType{slot, ty}), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))))}, 
+}
+
+// SlotsTypeDeclaration := { 'template' '(' ( SlotType { ',' SlotType } ) ')' '=>' }
+SlotsTypeDeclaration: Node<Option<cst::SlotsTypeDeclaration>> = {
+    <l:@L> "template" "(" <values: Comma<SlotType>> ")" "=>" <r:@R> => Node::with_maybe_source_loc(Some(cst::SlotsTypeDeclaration{ values }), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src))))
+}
+
 // Policy := "label" ('permit' | 'forbid') '(' {VariableDef} ')' {Cond} ;
 pub Policy: Node<Option<cst::Policy>> = {
     <l:@L>
     <annotations:Annotation*>
+    <slots_type_declaration:SlotsTypeDeclaration?>
     <effect:AnyIdent>
     "(" <variables: Comma<VariableDef>> ")"
     <conds:Cond*>
     ";"
     <r:@R>
-    => Node::with_maybe_source_loc(Some(cst::Policy::Policy(cst::PolicyImpl{ annotations,effect,variables,conds })), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))),
+    => Node::with_maybe_source_loc(Some(cst::Policy::Policy(cst::PolicyImpl{ annotations,slots_type_declaration,effect,variables,conds })), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))),
     <l:@L> <err:!> ";" <r:@R> => {
         // Tolerant AST creates a valid CST node representing the unparsable policy
         #[cfg(feature = "tolerant-ast")]
@@ -167,6 +189,8 @@ CommonIdent: Node<Option<cst::Ident>> = {
         => Node::with_maybe_source_loc(Some(cst::Ident::Then), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))),
     <l:@L> ELSE <r:@R>
         => Node::with_maybe_source_loc(Some(cst::Ident::Else), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))),
+    <l:@L> <i:SET> <r:@R>
+        => Node::with_maybe_source_loc(Some(cst::Ident::Ident( i.into() )), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))),
     <l:@L> <i:IDENTIFIER> <r:@R>
         => Node::with_maybe_source_loc(Some(cst::Ident::Ident( i.into() )), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))),
 }
@@ -397,13 +421,13 @@ RecInit: Node<Option<cst::RecInit>> = {
         => Node::with_maybe_source_loc(Some(cst::RecInit(e1,e2)), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))),
 }
 
-Slot: Node<Option<cst::Slot>> = {
+pub Slot: Node<Option<cst::Slot>> = {
     <l:@L> PRINCIPAL_SLOT <r:@R>
         => Node::with_maybe_source_loc(Some(cst::Slot::Principal), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))),
     <l:@L> RESOURCE_SLOT <r:@R>
         => Node::with_maybe_source_loc(Some(cst::Slot::Resource), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))),
     <l:@L> <s: OTHER_SLOT> <r:@R>
-        => Node::with_maybe_source_loc(Some(cst::Slot::Other(s.into())), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))),
+        => Node::with_maybe_source_loc(Some(cst::Slot::Other(s[1..s.len()].into())), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))),
 }
 
 // LITERAL   := BOOL | INT | STR
@@ -425,3 +449,51 @@ Str: Node<Option<cst::Str>> = {
     <l:@L> <s:STRINGLIT> <r:@R>
         => Node::with_maybe_source_loc(Some(cst::Str::String(s[1..(s.len() - 1)].into())), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))),
 }
+
+/* The following grammar was taken from the schema grammar with changes to make it work with the Policy's terminals */ 
+/* Updates in the grammar of types in either location require changes to both files to ensure that the two definitions line up. */
+
+/* 
+AttrDecls can not have annotations in the policy. We also use Cedar Policy's IDENTIFIER terminal here which is able to express more terminals compared with 
+Cedar Schema's Ident terminal. So any Record that can be expressed in Cedar Schema can also be expressed in Cedar Policy modulo the annotation. 
+*/
+AttrDecls: Vec<Node<Annotated<AttrDecl>>> = {
+    <l:@L> <name: IDENTIFIER> <required:"?"?> ":" <ty:Type> ","? <r:@R>
+        =>? {
+            let name = Node::with_maybe_source_loc(name.to_smolstr(), None); 
+            let annotated = Annotated {
+                data: AttrDecl { name, required: required.is_none(), ty}, 
+                annotations: Annotations::new(), 
+            };
+            Ok(vec![Node::with_maybe_source_loc(annotated, maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src))))])
+        },
+    <l:@L> <name: IDENTIFIER> <required:"?"?> ":" <ty:Type> "," <r:@R> <mut ds: AttrDecls>
+        =>? {
+            let name = Node::with_maybe_source_loc(name.to_smolstr(), None); 
+            let annotated = Annotated {
+                data: AttrDecl { name, required: required.is_none(), ty}, 
+                annotations: Annotations::new(), 
+            };
+            ds.insert(0, Node::with_maybe_source_loc(annotated, maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))));
+            Ok(ds)
+        },
+}
+
+/* We convert the Cedar Policy's Name terminal to Cedar Schema's Path terminal. Name is able to express more terminals 
+compared with Path so any type that can be expressed in Cedar Schema can also be expressed in Cedar Policy. */
+pub Type: Node<SType> = {
+    <n:Name>
+        =>? { 
+            let loc = n.loc.clone().into_maybe_loc(); 
+            match Path::try_from(&n) { 
+                Ok(path) => Ok(Node::with_maybe_source_loc(SType::Ident(path), loc)), 
+                Err(e) => Err(ParseError::User {
+                    error: Node::with_maybe_source_loc(format!("Path parse error {e}"), loc),
+                }),
+            }
+        },
+    <l:@L> SET "<" <t:Type> ">" <r:@R>
+        => Node::with_maybe_source_loc(SType::Set(Box::new(t)), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))),
+    <l:@L> "{" <ds:AttrDecls?> "}" <r:@R>
+        => Node::with_maybe_source_loc(SType::Record(ds.unwrap_or_default()), maybe_loc!(keep_src, Loc::new(l..r, Arc::clone(src)))),
+}
\ No newline at end of file
diff --git a/cedar-policy-core/src/parser/text_to_cst.rs b/cedar-policy-core/src/parser/text_to_cst.rs
index 61a73f377d..f0e0567eaf 100644
--- a/cedar-policy-core/src/parser/text_to_cst.rs
+++ b/cedar-policy-core/src/parser/text_to_cst.rs
@@ -120,6 +120,7 @@ lazy_static::lazy_static! {
     static ref PRIMARY_PARSER: grammar::PrimaryParser = grammar::PrimaryParser::new();
     static ref NAME_PARSER: grammar::NameParser = grammar::NameParser::new();
     static ref IDENT_PARSER: grammar::IdentParser = grammar::IdentParser::new();
+    static ref SLOT_PARSER: grammar::SlotParser = grammar::SlotParser::new();
 }
 
 /// Create CST for multiple policies from text
@@ -162,6 +163,11 @@ pub fn parse_ident(text: &str) -> Result<Node<Option<cst::Ident>>, err::ParseErr
     parse_collect_errors(&*IDENT_PARSER, grammar::IdentParser::parse, true, text)
 }
 
+/// Parse text as a slot, or fail if it does not parse as a slot
+pub fn parse_slot(text: &str) -> Result<Node<Option<cst::Slot>>, err::ParseErrors> {
+    parse_collect_errors(&*SLOT_PARSER, grammar::SlotParser::parse, true, text)
+}
+
 /// Create CST for multiple policies from text, but without retaining source information
 #[cfg(feature = "raw-parsing")]
 pub fn parse_policies_raw(text: &str) -> Result<Node<Option<cst::Policies>>, err::ParseErrors> {
@@ -892,7 +898,7 @@ mod tests {
             src,
             &errs,
             &ExpectedErrorMessageBuilder::error("unexpected token `/`")
-                .exactly_one_underline_with_label("/", "expected `@` or identifier")
+                .exactly_one_underline_with_label("/", "expected `@`, `template`, or identifier")
                 .build(),
         );
         let src = r#"
@@ -1147,7 +1153,10 @@ mod tests {
             src,
             &errs,
             &ExpectedErrorMessageBuilder::error("unexpected token `-`")
-                .exactly_one_underline_with_label("-", "expected `(`, `@`, or identifier")
+                .exactly_one_underline_with_label(
+                    "-",
+                    "expected `(`, `@`, `template`, or identifier",
+                )
                 .build(),
         );
 
@@ -1176,7 +1185,10 @@ mod tests {
             src,
             &errs,
             &ExpectedErrorMessageBuilder::error("unexpected token `+`")
-                .exactly_one_underline_with_label("+", "expected `(`, `@`, or identifier")
+                .exactly_one_underline_with_label(
+                    "+",
+                    "expected `(`, `@`, `template`, or identifier",
+                )
                 .build(),
         );
     }
@@ -1810,4 +1822,194 @@ mod tests {
         let e = assert_parse_succeeds(parse_expr_tolerant, src);
         assert!(matches!(e, Expr::Expr(_)));
     }
+
+    #[test]
+    fn generalized_templates() {
+        assert_parse_succeeds(
+            parse_policy,
+            r#"
+        template(?age: Long) =>
+        permit(principal, action, resource) when {
+            ?temp == 5
+        };
+        "#,
+        );
+
+        assert_parse_succeeds(
+            parse_policy,
+            r#"
+        permit(principal == ?resources, action, resource) when {
+            principal has true.if
+        };
+        "#,
+        );
+
+        assert_parse_succeeds(
+            parse_policy,
+            r#"
+        permit(principal, action, resource == ?principals) when {
+            principal has true.if
+        };
+        "#,
+        );
+
+        assert_parse_succeeds(
+            parse_policy,
+            r#"
+        template(?age: Long, ?date: datetime) => 
+        permit(principal, action, resource) when {
+            ?age == 8 && ?date == context.date
+        };
+        "#,
+        );
+
+        assert_parse_succeeds(
+            parse_policy,
+            r#"
+        @first("annotation")
+        template(?age: Long, ?date: datetime) => 
+        permit(principal, action, resource) when {
+            ?age == 8 && ?date == context.date
+        };
+        "#,
+        );
+
+        assert_parse_succeeds(
+            parse_policy,
+            r#"
+        @first("annotation")
+        template(?age: Long, ?entity: Group::jane_friends) => 
+        permit(principal, action, resource) when {
+            ?age == 8 && entity in Group
+        };
+        "#,
+        );
+
+        assert_parse_succeeds(
+            parse_policy,
+            r#"
+        @first("annotation")
+        @second("annotation")
+        template(?age: Long, ?date: datetime) => 
+        permit(principal, action, resource) when {
+            ?age == 8 && ?date == context.date
+        };
+        "#,
+        );
+
+        assert_parse_fails(
+            parse_policy,
+            r#"
+        template(?age: Long, ?date: datetime) => 
+        @second("annotation")
+        permit(principal, action, resource) when {
+            ?age == 8 && ?date == context.date
+        };
+        "#,
+        );
+
+        assert_parse_fails(
+            parse_policy,
+            r#"
+        template(?age: Long ?date: datetime) => 
+        permit(principal, action, resource) when {
+            ?age == 8 && ?date == context.date
+        };
+        "#,
+        );
+
+        assert_parse_fails(
+            parse_policy,
+            r#"
+        template(?age: Long, ?date: datetime)  
+        permit(principal, action, resource) when {
+            ?age == 8 && ?date == context.date
+        };
+        "#,
+        );
+
+        assert_parse_fails(
+            parse_policy,
+            r#"
+        template(?age?: Long, ?date: datetime)  
+        permit(principal, action, resource) when {
+            ?age == 8 && ?date == context.date
+        };
+        "#,
+        );
+    }
+
+    #[test]
+    fn generalized_template_set_types() {
+        assert_parse_succeeds(
+            parse_policy,
+            r#"
+        template(?age: Set<Long>, ?date: Set<datetime>) => 
+        permit(principal, action, resource) when {
+            ?age == 8 && ?date == context.date
+        };
+        "#,
+        );
+
+        assert_parse_succeeds(
+            parse_policy,
+            r#"
+        template(?districts: Set<School::District>) => 
+        permit(principal, action, resource); 
+        "#,
+        );
+    }
+
+    #[test]
+    fn generalized_templates_record_types() {
+        assert_parse_succeeds(
+            parse_policy,
+            r#"
+        template(?info: { date: datetime, name: String }) => 
+        permit(principal, action, resource); 
+        "#,
+        );
+
+        assert_parse_succeeds(
+            parse_policy,
+            r#"
+        template(?info: { date: datetime, name: { test: Bool, age: Long } }, ?record: { district?: School::District }) => 
+        permit(principal, action, resource); 
+        "#,
+        );
+
+        assert_parse_succeeds(
+            parse_policy,
+            r#"
+        template(?info: { date: datetime, name: { test: Bool, age: Long } }, ?record: { district?: School::District }) => 
+        permit(principal, action, resource) when {
+            ?info.name.test 
+        }; 
+        "#,
+        );
+
+        assert_parse_succeeds(
+            parse_policy,
+            r#"
+        template(?info: { date?: datetime, name: String, }) => 
+        permit(principal, action, resource); 
+        "#,
+        );
+
+        assert_parse_fails(
+            parse_policy,
+            r#"
+        template(?info: { date?: datetime, name: }) => 
+        permit(principal, action, resource); 
+        "#,
+        );
+
+        assert_parse_fails(
+            parse_policy,
+            r#"
+        template(?info: { date?: datetime, name: String ) => 
+        permit(principal, action, resource); 
+        "#,
+        );
+    }
 }
diff --git a/cedar-policy-core/src/parser/util.rs b/cedar-policy-core/src/parser/util.rs
index f8e0e61c0d..fe87377af2 100644
--- a/cedar-policy-core/src/parser/util.rs
+++ b/cedar-policy-core/src/parser/util.rs
@@ -61,3 +61,18 @@ pub fn flatten_tuple_4<T1, T2, T3, T4>(
         flatten_tuple_2(flatten_tuple_2(flatten_tuple_2(res1, res2), res3), res4)?;
     Ok((v1, v2, v3, v4))
 }
+
+/// Combine five `Result`s into a single `Result`
+pub fn flatten_tuple_5<T1, T2, T3, T4, T5>(
+    res1: Result<T1>,
+    res2: Result<T2>,
+    res3: Result<T3>,
+    res4: Result<T4>,
+    res5: Result<T5>,
+) -> Result<(T1, T2, T3, T4, T5)> {
+    let ((((v1, v2), v3), v4), v5) = flatten_tuple_2(
+        flatten_tuple_2(flatten_tuple_2(flatten_tuple_2(res1, res2), res3), res4),
+        res5,
+    )?;
+    Ok((v1, v2, v3, v4, v5))
+}
diff --git a/cedar-policy-core/src/tpe.rs b/cedar-policy-core/src/tpe.rs
index fb1e6846bd..474770ac39 100644
--- a/cedar-policy-core/src/tpe.rs
+++ b/cedar-policy-core/src/tpe.rs
@@ -24,11 +24,11 @@ pub mod residual;
 
 use std::collections::HashMap;
 
-use crate::ast::PolicyID;
+use crate::ast::{PolicyID, SlotsTypeDeclaration};
 use crate::tpe::err::{NonstaticPolicyError, TPEError};
 use crate::validator::{
     typecheck::{PolicyCheck, Typechecker},
-    ValidatorSchema,
+    ValidationError, ValidatorSchema,
 };
 use crate::{ast::PolicySet, extensions::Extensions};
 
@@ -54,7 +54,21 @@ pub fn tpe_policies(
             return Err(NonstaticPolicyError.into());
         }
         let t = p.template();
-        match tc.typecheck_by_single_request_env(t, &env) {
+        let validator_slots_type_declaration = SlotsTypeDeclaration::from_iter(
+            t.slots_type_declaration()
+                .map(|(k, v)| (k.clone(), v.clone())),
+        )
+        .into_validator_slots_type_declaration(schema)
+        .map_err(|_| {
+            TPEError::Validation(vec![
+                ValidationError::incompatible_schema_with_slots_type_declaration(
+                    None,
+                    t.id().clone(),
+                ),
+            ])
+        })?;
+
+        match tc.typecheck_by_single_request_env(t, &env, &validator_slots_type_declaration) {
             PolicyCheck::Success(expr) => {
                 exprs.insert(p.id(), expr);
             }
diff --git a/cedar-policy-core/src/validator.rs b/cedar-policy-core/src/validator.rs
index c9cf9e1aa8..af4c204e3a 100644
--- a/cedar-policy-core/src/validator.rs
+++ b/cedar-policy-core/src/validator.rs
@@ -182,7 +182,8 @@ impl Validator {
                     // schema if it only failed when there is a known action
                     // applied to known principal/resource entity types that are
                     // not in its `appliesTo`.
-                    .chain(self.validate_template_action_application(p)),
+                    .chain(self.validate_template_action_application(p))
+                    .chain(self.validate_generalized_slots_has_type_binding(p)),
             )
         }
         .into_iter()
@@ -212,7 +213,7 @@ impl Validator {
         // `Policy::resource_constraint()` return a copy of the constraint with
         // the slot filled by the appropriate value.
         Some(
-            self.validate_entity_types_in_slots(p.id(), p.env())
+            self.validate_entity_types_in_slots(p.id(), p.env(), p.generalized_env())
                 .chain(self.validate_linked_action_application(p)),
         )
     }
@@ -425,10 +426,14 @@ mod test {
                 None,
             ),
         );
+
+        let generalized_env = HashMap::new();
         set.link(
             ast::PolicyID::from_string("template"),
             ast::PolicyID::from_string("link1"),
             values,
+            generalized_env,
+            None,
         )
         .expect("Linking failed!");
         let result = validator.validate(&set, ValidationMode::default());
@@ -444,10 +449,14 @@ mod test {
                 None,
             ),
         );
+
+        let generalized_env = HashMap::new();
         set.link(
             ast::PolicyID::from_string("template"),
             ast::PolicyID::from_string("link2"),
             values,
+            generalized_env,
+            None,
         )
         .expect("Linking failed!");
         let result = validator.validate(&set, ValidationMode::default());
@@ -478,10 +487,14 @@ mod test {
                 None,
             ),
         );
+
+        let generalized_env = HashMap::new();
         set.link(
             ast::PolicyID::from_string("template"),
             ast::PolicyID::from_string("link3"),
             values,
+            generalized_env,
+            None,
         )
         .expect("Linking failed!");
         let result = validator.validate(&set, ValidationMode::default());
@@ -768,3 +781,72 @@ mod enumerated_entity_types {
         );
     }
 }
+
+#[cfg(test)]
+mod generalized_templates {
+    use crate::{
+        ast::{PolicyID, SlotId},
+        extensions::Extensions,
+        parser::parse_policy_or_template,
+    };
+    use itertools::Itertools;
+
+    use crate::validator::{
+        typecheck::test::test_utils::get_loc, ValidationError, Validator, ValidatorSchema,
+    };
+
+    #[track_caller]
+    fn schema() -> ValidatorSchema {
+        ValidatorSchema::from_json_value(
+            serde_json::json!(
+                {
+                    "":  {  "entityTypes": {
+                             "Foo": {
+                                "enum": [ "foo" ],
+                            },
+                            "Bar": {
+                                "memberOfTypes": ["Foo"],
+                            }
+                        },
+                        "actions": {
+                            "a": {
+                                "appliesTo": {
+                                    "principalTypes": ["Foo"],
+                                    "resourceTypes": ["Bar"],
+                                }
+                            }
+                        }
+                }
+            }
+            ),
+            Extensions::none(),
+        )
+        .unwrap()
+    }
+
+    #[test]
+    fn generalized_slot_in_condition_clause_but_not_in_type_declaration() {
+        let schema = schema();
+        let src = r#"permit(principal, action == Action::"a", resource) when { ?r == ?b };"#;
+        let template = parse_policy_or_template(None, src).unwrap();
+        let validator = Validator::new(schema);
+        let (errors, warnings) =
+            validator.validate_policy(&template, crate::validator::ValidationMode::Strict);
+        assert!(warnings.collect_vec().is_empty());
+        assert_eq!(
+            errors.collect_vec(),
+            [
+                ValidationError::generalized_slot_in_condition_clause_not_in_slots_type_declaration(
+                    get_loc(src, r#"?b"#),
+                    PolicyID::from_string("policy0"),
+                    SlotId::generalized_slot("b".parse().unwrap())
+                ),
+                ValidationError::generalized_slot_in_condition_clause_not_in_slots_type_declaration(
+                    get_loc(src, r#"?r"#),
+                    PolicyID::from_string("policy0"),
+                    SlotId::generalized_slot("r".parse().unwrap())
+                )
+            ]
+        );
+    }
+}
diff --git a/cedar-policy-core/src/validator/cedar_schema.rs b/cedar-policy-core/src/validator/cedar_schema.rs
index 543754f898..df20518e9c 100644
--- a/cedar-policy-core/src/validator/cedar_schema.rs
+++ b/cedar-policy-core/src/validator/cedar_schema.rs
@@ -17,7 +17,7 @@
 //! The Cedar syntax for schemas
 
 mod ast;
-pub use ast::Path;
+pub use ast::{Annotated, AttrDecl, Path, Type};
 mod err;
 pub mod fmt;
 pub mod parser;
diff --git a/cedar-policy-core/src/validator/cedar_schema/ast.rs b/cedar-policy-core/src/validator/cedar_schema/ast.rs
index b86bdd479e..f830bf6ba9 100644
--- a/cedar-policy-core/src/validator/cedar_schema/ast.rs
+++ b/cedar-policy-core/src/validator/cedar_schema/ast.rs
@@ -18,7 +18,7 @@ use std::{collections::BTreeMap, iter::once};
 
 use crate::{
     ast::{Annotation, Annotations, AnyId, Id, InternalName},
-    parser::{AsLocRef, Loc, MaybeLoc, Node},
+    parser::{self, AsLocRef, Loc, MaybeLoc, Node},
 };
 use itertools::{Either, Itertools};
 use nonempty::NonEmpty;
@@ -149,6 +149,19 @@ impl std::fmt::Display for Path {
     }
 }
 
+impl TryFrom<&Node<Option<parser::cst::Name>>> for Path {
+    type Error = parser::err::ParseErrors;
+    fn try_from(node: &Node<Option<parser::cst::Name>>) -> Result<Self, Self::Error> {
+        let value = node.try_as_inner()?;
+        let basename = value.name.to_valid_ident()?;
+
+        let namespace: Result<Vec<_>, _> =
+            value.path.iter().map(|id| id.to_valid_ident()).collect();
+
+        Ok(Self::new(basename, namespace?, None))
+    }
+}
+
 #[derive(Debug, Clone, PartialEq, Eq, Hash)]
 struct PathInternal {
     basename: Id,
@@ -290,7 +303,7 @@ pub struct EnumEntityDecl {
 }
 
 /// Type definitions
-#[derive(Debug, Clone)]
+#[derive(Debug, Clone, PartialEq, Eq)]
 pub enum Type {
     /// A set of types
     Set(Box<Node<Type>>),
@@ -323,7 +336,7 @@ impl<N> From<PrimitiveType> for json_schema::TypeVariant<N> {
 
 /// Attribute declarations, used in records and entity types.
 /// One [`AttrDecl`] is one key-value pair.
-#[derive(Debug, Clone)]
+#[derive(Debug, Clone, PartialEq, Eq)]
 pub struct AttrDecl {
     /// Name of this attribute
     pub name: Node<SmolStr>,
diff --git a/cedar-policy-core/src/validator/diagnostics.rs b/cedar-policy-core/src/validator/diagnostics.rs
index beace695d2..384492bcc2 100644
--- a/cedar-policy-core/src/validator/diagnostics.rs
+++ b/cedar-policy-core/src/validator/diagnostics.rs
@@ -24,7 +24,7 @@ use validation_errors::UnrecognizedActionIdHelp;
 
 use std::collections::BTreeSet;
 
-use crate::ast::{EntityType, Expr, PolicyID};
+use crate::ast::{EntityType, Expr, PolicyID, SlotId};
 use crate::parser::MaybeLoc;
 
 use crate::validator::types::{EntityLUB, Type};
@@ -93,6 +93,12 @@ impl ValidationResult {
 // This is NOT a publicly exported error type.
 #[derive(Clone, Debug, Diagnostic, Error, Hash, Eq, PartialEq)]
 pub enum ValidationError {
+    /// The Schema is incompatible with the slots type declaration.
+    #[error(transparent)]
+    #[diagnostic(transparent)]
+    IncompatibleSchemaWithSlotsTypeDeclaration(
+        #[from] validation_errors::IncompatibleSchemaWithSlotsTypeDeclaration,
+    ),
     /// A policy contains an entity type that is not declared in the schema.
     #[error(transparent)]
     #[diagnostic(transparent)]
@@ -171,9 +177,40 @@ pub enum ValidationError {
     #[error(transparent)]
     #[diagnostic(transparent)]
     EntityDerefLevelViolation(#[from] validation_errors::EntityDerefLevelViolation),
+    /// Generalized slot found in the clause of the template
+    /// however there was no corresponding type declaration
+    #[error(transparent)]
+    #[diagnostic(transparent)]
+    GeneralizedSlotInConditionClauseNotInSlotsTypeDeclaration(
+        #[from] validation_errors::GeneralizedSlotInConditionClauseNotInSlotsTypeDeclaration,
+    ),
 }
 
 impl ValidationError {
+    pub(crate) fn incompatible_schema_with_slots_type_declaration(
+        source_loc: MaybeLoc,
+        policy_id: PolicyID,
+    ) -> Self {
+        validation_errors::IncompatibleSchemaWithSlotsTypeDeclaration {
+            source_loc,
+            policy_id,
+        }
+        .into()
+    }
+
+    pub(crate) fn generalized_slot_in_condition_clause_not_in_slots_type_declaration(
+        source_loc: MaybeLoc,
+        policy_id: PolicyID,
+        slot: SlotId,
+    ) -> Self {
+        validation_errors::GeneralizedSlotInConditionClauseNotInSlotsTypeDeclaration {
+            source_loc,
+            policy_id,
+            slot,
+        }
+        .into()
+    }
+
     pub(crate) fn unrecognized_entity_type(
         source_loc: MaybeLoc,
         policy_id: PolicyID,
diff --git a/cedar-policy-core/src/validator/diagnostics/validation_errors.rs b/cedar-policy-core/src/validator/diagnostics/validation_errors.rs
index 9d97bee3c0..43bc693278 100644
--- a/cedar-policy-core/src/validator/diagnostics/validation_errors.rs
+++ b/cedar-policy-core/src/validator/diagnostics/validation_errors.rs
@@ -28,7 +28,7 @@ use crate::parser::MaybeLoc;
 
 use std::collections::BTreeSet;
 
-use crate::ast::{Eid, EntityType, EntityUID, Expr, ExprKind, PolicyID, Var};
+use crate::ast::{Eid, EntityType, EntityUID, Expr, ExprKind, PolicyID, SlotId, Var};
 use crate::parser::join_with_conjunction;
 
 use crate::validator::level_validate::EntityDerefLevel;
@@ -37,6 +37,20 @@ use crate::validator::ValidatorSchema;
 use itertools::Itertools;
 use smol_str::SmolStr;
 
+/// Structure containing details about an incompatible schema error.
+#[derive(Debug, Clone, Error, Hash, Eq, PartialEq)]
+#[error("for template `{policy_id}`, the schema is incompatible with the slots type declaration")]
+pub struct IncompatibleSchemaWithSlotsTypeDeclaration {
+    /// Source location
+    pub source_loc: MaybeLoc,
+    /// Policy ID where the error occurred
+    pub policy_id: PolicyID,
+}
+
+impl Diagnostic for IncompatibleSchemaWithSlotsTypeDeclaration {
+    impl_diagnostic_from_source_loc_opt_field!(source_loc);
+}
+
 /// Structure containing details about an unrecognized entity type error.
 #[derive(Debug, Clone, Error, Hash, Eq, PartialEq)]
 // #[error(error_in_policy!("unrecognized entity type `{actual_entity_type}`"))]
@@ -694,6 +708,32 @@ impl Diagnostic for InvalidEnumEntity {
     }
 }
 
+/// Returned when there is a generalized slot in the condition clause
+/// but it does not have a type declaration associated with it
+#[derive(Debug, Clone, Error, Hash, Eq, PartialEq)]
+#[error(
+    "found generalized slot {} in the condition clause but it does not have a type declaration",
+    slot
+)]
+pub struct GeneralizedSlotInConditionClauseNotInSlotsTypeDeclaration {
+    /// Source location
+    pub source_loc: MaybeLoc,
+    /// Policy ID where the error occured
+    pub policy_id: PolicyID,
+    /// Slot that does not have a type declaration
+    pub slot: SlotId,
+}
+
+impl Diagnostic for GeneralizedSlotInConditionClauseNotInSlotsTypeDeclaration {
+    impl_diagnostic_from_source_loc_opt_field!(source_loc);
+
+    fn help<'a>(&'a self) -> Option<Box<dyn std::fmt::Display + 'a>> {
+        Some(Box::new(
+            "generalized slot that appear in the condition clause require a type declaration",
+        ))
+    }
+}
+
 // These tests all assume that the typechecker found an error while checking the
 // outermost `GetAttr` in the expressions. If the attribute didn't exist at all,
 // only the primary message would included in the final error. If it was an
diff --git a/cedar-policy-core/src/validator/entity_manifest.rs b/cedar-policy-core/src/validator/entity_manifest.rs
index 556ffe048c..d3366054ca 100644
--- a/cedar-policy-core/src/validator/entity_manifest.rs
+++ b/cedar-policy-core/src/validator/entity_manifest.rs
@@ -21,7 +21,8 @@ use std::collections::HashMap;
 use std::fmt::{Display, Formatter};
 
 use crate::ast::{
-    BinaryOp, EntityUID, Expr, ExprKind, Literal, PolicySet, RequestType, UnaryOp, Var,
+    BinaryOp, EntityUID, Expr, ExprKind, Literal, PolicySet, RequestType, SlotsTypeDeclaration,
+    UnaryOp, Var,
 };
 use crate::entities::err::EntitiesError;
 use miette::Diagnostic;
@@ -459,8 +460,17 @@ pub fn compute_entity_manifest(
     let typechecker = Typechecker::new(validator.schema(), ValidationMode::Strict);
     // now, for each policy we add the data it requires to the manifest
     for policy in policies.policies() {
+        #[allow(clippy::expect_used)]
+        let validator_slots_type_declaration = SlotsTypeDeclaration::from_iter(
+            policy
+                .slots_type_declaration()
+                .map(|(k, v)| (k.clone(), v.clone())),
+        )
+        .into_validator_slots_type_declaration(&validator.schema)
+        .expect("validate_policy has already done the check");
         // typecheck the policy and get all the request environments
-        let request_envs = typechecker.typecheck_by_request_env(policy.template());
+        let request_envs = typechecker
+            .typecheck_by_request_env(policy.template(), &validator_slots_type_declaration);
         for (request_env, policy_check) in request_envs {
             let new_primary_slice = match policy_check {
                 PolicyCheck::Success(typechecked_expr) => {
diff --git a/cedar-policy-core/src/validator/json_schema.rs b/cedar-policy-core/src/validator/json_schema.rs
index 5a2c34ab21..2a25e329dc 100644
--- a/cedar-policy-core/src/validator/json_schema.rs
+++ b/cedar-policy-core/src/validator/json_schema.rs
@@ -1207,7 +1207,7 @@ impl From<EntityUID> for ActionEntityUID<Name> {
 /// this [`Type`], including recursively.
 /// See notes on [`Fragment`].
 #[derive(Educe, Debug, Clone, Serialize)]
-#[educe(PartialEq(bound(N: PartialEq)), Eq, PartialOrd, Ord(bound(N: Ord)))]
+#[educe(PartialEq(bound(N: PartialEq)), Eq, PartialOrd, Ord(bound(N: Ord)), Hash(bound(N: Hash)))]
 // This enum is `untagged` with these variants as a workaround to a serde
 // limitation. It is not possible to have the known variants on one enum, and
 // then, have catch-all variant for any unrecognized tag in the same enum that
@@ -1773,7 +1773,7 @@ impl<N> From<TypeVariant<N>> for Type<N> {
 /// this [`RecordType`], including recursively.
 /// See notes on [`Fragment`].
 #[derive(Educe, Debug, Clone, Serialize, Deserialize)]
-#[educe(PartialEq, Eq, PartialOrd, Ord)]
+#[educe(PartialEq, Eq, PartialOrd, Ord, Hash(bound(N: Hash)))]
 #[serde(bound(deserialize = "N: Deserialize<'de> + From<RawName>"))]
 #[serde(rename_all = "camelCase")]
 #[cfg_attr(feature = "wasm", derive(tsify::Tsify))]
@@ -1850,7 +1850,7 @@ impl RecordType<ConditionalName> {
 /// this [`TypeVariant`], including recursively.
 /// See notes on [`Fragment`].
 #[derive(Educe, Debug, Clone, Serialize, Deserialize)]
-#[educe(PartialEq(bound(N: PartialEq)), Eq, PartialOrd, Ord(bound(N: Ord)))]
+#[educe(PartialEq(bound(N: PartialEq)), Eq, PartialOrd, Ord(bound(N: Ord)), Hash(bound(N: Hash)))]
 #[serde(tag = "type")]
 #[serde(bound(deserialize = "N: Deserialize<'de> + From<RawName>"))]
 #[cfg_attr(feature = "wasm", derive(tsify::Tsify))]
@@ -2130,7 +2130,7 @@ impl<'a> arbitrary::Arbitrary<'a> for Type<RawName> {
 /// unknown fields for [`TypeOfAttribute`] should be passed to [`Type`] where
 /// they will be denied (`<https://github.com/serde-rs/serde/issues/1600>`).
 #[derive(Educe, Debug, Clone, Serialize, Deserialize)]
-#[educe(PartialEq, Eq, PartialOrd, Ord)]
+#[educe(PartialEq, Eq, PartialOrd, Ord, Hash(bound(N: Hash)))]
 #[serde(bound(deserialize = "N: Deserialize<'de> + From<RawName>"))]
 pub struct TypeOfAttribute<N> {
     /// Underlying type of the attribute
diff --git a/cedar-policy-core/src/validator/level_validate.rs b/cedar-policy-core/src/validator/level_validate.rs
index 9c03d48055..1b3c0d05f3 100644
--- a/cedar-policy-core/src/validator/level_validate.rs
+++ b/cedar-policy-core/src/validator/level_validate.rs
@@ -19,7 +19,7 @@
 use super::*;
 use crate::validator::types::{EntityRecordKind, RequestEnv, Type};
 use crate::{
-    ast::{BinaryOp, Expr, ExprKind, Literal, PolicyID},
+    ast::{BinaryOp, Expr, ExprKind, Literal, PolicyID, SlotsTypeDeclaration},
     parser::IntoMaybeLoc,
 };
 use smol_str::SmolStr;
@@ -77,7 +77,16 @@ impl Validator {
         // Only perform level validation if validation passed.
         if peekable_errors.peek().is_none() {
             let typechecker = Typechecker::new(&self.schema, mode);
-            let type_annotated_asts = typechecker.typecheck_by_request_env(p);
+            #[allow(clippy::expect_used)]
+            let validator_slots_type_declaration = SlotsTypeDeclaration::from_iter(
+                p.slots_type_declaration()
+                    .map(|(k, v)| (k.clone(), v.clone())),
+            )
+            .into_validator_slots_type_declaration(&self.schema)
+            .expect("validate_policy has already done the check");
+
+            let type_annotated_asts =
+                typechecker.typecheck_by_request_env(p, &validator_slots_type_declaration);
             let mut level_checker = LevelChecker {
                 policy_id: p.id(),
                 max_level: max_deref_level.into(),
diff --git a/cedar-policy-core/src/validator/rbac.rs b/cedar-policy-core/src/validator/rbac.rs
index 15e3405aed..e5d57d8ac1 100644
--- a/cedar-policy-core/src/validator/rbac.rs
+++ b/cedar-policy-core/src/validator/rbac.rs
@@ -18,8 +18,9 @@
 
 use crate::{
     ast::{
-        self, ActionConstraint, Eid, EntityReference, EntityUID, Policy, PolicyID,
-        PrincipalConstraint, PrincipalOrResourceConstraint, ResourceConstraint, SlotEnv, Template,
+        self, ActionConstraint, Eid, EntityReference, EntityUID, GeneralizedSlotEnv, Policy,
+        PolicyID, PrincipalConstraint, PrincipalOrResourceConstraint, ResourceConstraint, SlotEnv,
+        SlotId, Template,
     },
     entities::conformance::is_valid_enumerated_entity,
     fuzzy_match::fuzzy_search,
@@ -98,6 +99,26 @@ impl Validator {
         })
     }
 
+    pub(crate) fn validate_generalized_slots_has_type_binding<'a>(
+        &'a self,
+        template: &'a Template,
+    ) -> impl Iterator<Item = ValidationError> + 'a {
+        let slots_type_declaration: HashSet<SlotId> = template
+            .slots_type_declaration()
+            .map(|(slot, _)| slot.clone())
+            .collect();
+        let slots_without_types = template
+            .generalized_slots()
+            .filter(move |slot| !(slots_type_declaration.contains(&slot.id)));
+        slots_without_types.map(|slot| {
+            ValidationError::generalized_slot_in_condition_clause_not_in_slots_type_declaration(
+                slot.loc.clone(),
+                template.id().clone(),
+                slot.id.clone(),
+            )
+        })
+    }
+
     /// Generate `UnrecognizedActionId` error for every entity id with an action
     /// entity type where the id could not be found in the actions list from the
     /// schema.
@@ -128,6 +149,7 @@ impl Validator {
         &'a self,
         policy_id: &'a PolicyID,
         slots: &'a SlotEnv,
+        generalized_slots: &'a GeneralizedSlotEnv,
     ) -> impl Iterator<Item = ValidationError> + 'a {
         // All valid entity types in the schema. These will be used to generate
         // suggestion when an entity type is not found.
@@ -137,7 +159,13 @@ impl Validator {
             .map(ToString::to_string)
             .collect::<Vec<_>>();
 
-        slots.values().filter_map(move |euid| {
+        let all_entity_values = slots.values().chain(
+            generalized_slots
+                .values()
+                .filter_map(|restricted_expr| restricted_expr.as_euid()),
+        );
+
+        all_entity_values.filter_map(move |euid| {
             let entity_type = euid.entity_type();
             if !self.schema.is_known_entity_type(entity_type) {
                 let actual_entity_type = entity_type.to_string();
@@ -433,7 +461,10 @@ mod test {
     use std::collections::{HashMap, HashSet};
 
     use crate::{
-        ast::{Effect, Eid, EntityUID, Expr, PolicyID, PrincipalConstraint, ResourceConstraint},
+        ast::{
+            Effect, Eid, EntityUID, Expr, Literal, PolicyID, PrincipalConstraint,
+            ResourceConstraint, RestrictedExpr,
+        },
         est::Annotations,
         parser::{parse_policy, parse_policy_or_template},
         test_utils::{expect_err, ExpectedErrorMessageBuilder},
@@ -532,6 +563,7 @@ mod test {
             PolicyID::from_string("policy0"),
             None,
             ast::Annotations::new(),
+            ast::SlotsTypeDeclaration::new(),
             Effect::Permit,
             PrincipalConstraint::any(),
             ActionConstraint::any(),
@@ -625,6 +657,7 @@ mod test {
             PolicyID::from_string("policy0"),
             None,
             ast::Annotations::new(),
+            ast::SlotsTypeDeclaration::new(),
             Effect::Permit,
             PrincipalConstraint::any(),
             ActionConstraint::is_eq(entity),
@@ -713,9 +746,61 @@ mod test {
             .expect("Expected entity UID to parse.");
         let env = HashMap::from([(ast::SlotId::principal(), undefined_euid)]);
 
+        let generalized_env = HashMap::from([]);
+
+        let validator = Validator::new(schema);
+        let notes: Vec<ValidationError> = validator
+            .validate_entity_types_in_slots(&PolicyID::from_string("0"), &env, &generalized_env)
+            .collect();
+
+        assert_eq!(1, notes.len());
+        match notes.first() {
+            Some(ValidationError::UnrecognizedEntityType(UnrecognizedEntityType {
+                actual_entity_type,
+                suggested_entity_type,
+                ..
+            })) => {
+                assert_eq!("Undefined", actual_entity_type);
+                assert_eq!(
+                    "User",
+                    suggested_entity_type
+                        .as_ref()
+                        .expect("Expected a suggested entity type")
+                );
+            }
+            _ => panic!("Unexpected variant of ValidationErrorKind."),
+        };
+    }
+
+    #[test]
+    fn undefined_entity_type_in_generalized_env() {
+        let p_name = "User";
+        let schema_file = json_schema::NamespaceDefinition::new(
+            [(
+                p_name.parse().unwrap(),
+                json_schema::StandardEntityType {
+                    member_of_types: vec![],
+                    shape: json_schema::AttributesOrContext::default(),
+                    tags: None,
+                }
+                .into(),
+            )],
+            [],
+        );
+        let schema = schema_file.try_into().expect("Invalid schema");
+
+        let undefined_euid: EntityUID = "Undefined::\"foo\""
+            .parse()
+            .expect("Expected entity UID to parse.");
+        let env = HashMap::from([]);
+        let generalized_env = HashMap::from([(
+            ast::SlotId::generalized_slot("generalized".parse().unwrap()),
+            RestrictedExpr::val(Literal::from(undefined_euid)),
+        )]);
+
         let validator = Validator::new(schema);
         let notes: Vec<ValidationError> = validator
-            .validate_entity_types_in_slots(&PolicyID::from_string("0"), &env)
+            .validate_entity_types_in_slots(&PolicyID::from_string("0"), &env, &generalized_env)
             .collect();
 
         assert_eq!(1, notes.len());
@@ -862,6 +947,7 @@ mod test {
             PolicyID::from_string("policy0"),
             None,
             ast::Annotations::new(),
+            ast::SlotsTypeDeclaration::new(),
             Effect::Permit,
             PrincipalConstraint::any(),
             ActionConstraint::is_eq(entity),
@@ -923,6 +1009,7 @@ mod test {
             PolicyID::from_string("policy0"),
             None,
             ast::Annotations::new(),
+            ast::SlotsTypeDeclaration::new(),
             Effect::Permit,
             PrincipalConstraint::is_eq(Arc::new(EntityUID::from_components(
                 entity_type,
@@ -1207,6 +1294,7 @@ mod test {
             PolicyID::from_string("policy0"),
             None,
             ast::Annotations::new(),
+            ast::SlotsTypeDeclaration::new(),
             Effect::Permit,
             PrincipalConstraint::is_eq(Arc::new(principal)),
             ActionConstraint::is_eq(action),
@@ -1596,6 +1684,7 @@ mod test {
             PolicyID::from_string("policy0"),
             None,
             ast::Annotations::new(),
+            ast::SlotsTypeDeclaration::new(),
             Effect::Permit,
             PrincipalConstraint::any(),
             ActionConstraint::is_in([action_grandparent_euid]),
diff --git a/cedar-policy-core/src/validator/schema.rs b/cedar-policy-core/src/validator/schema.rs
index a36f706f6f..875e50c990 100644
--- a/cedar-policy-core/src/validator/schema.rs
+++ b/cedar-policy-core/src/validator/schema.rs
@@ -157,7 +157,8 @@ impl ValidatorSchemaFragment<ConditionalName, ConditionalName> {
 #[derive(Clone, Debug, Educe)]
 #[educe(Eq, PartialEq)]
 pub struct ValidatorType {
-    ty: Type,
+    /// Type field
+    pub ty: Type,
     #[cfg(feature = "extended-schema")]
     loc: MaybeLoc,
 }
@@ -235,6 +236,9 @@ pub struct ValidatorSchema {
     /// Map from action id names to the [`ValidatorActionId`] object.
     action_ids: HashMap<EntityUID, ValidatorActionId>,
 
+    /// Map from common types to the [`ValidatorType`] they represent.
+    common_types: HashMap<InternalName, ValidatorType>,
+
     /// For easy lookup, this is a map from action name to `Entity` object
     /// for each action in the schema. This information is contained elsewhere
     /// in the `ValidatorSchema`, but not efficient to extract -- getting the
@@ -243,7 +247,7 @@ pub struct ValidatorSchema {
     pub(crate) actions: HashMap<EntityUID, Arc<Entity>>,
 
     #[cfg(feature = "extended-schema")]
-    common_types: HashSet<ValidatorCommonType>,
+    common_types_extended: HashSet<ValidatorCommonType>,
     #[cfg(feature = "extended-schema")]
     namespaces: HashSet<ValidatorNamespace>,
 }
@@ -282,6 +286,7 @@ impl ValidatorSchema {
     pub fn new(
         entity_types: impl IntoIterator<Item = ValidatorEntityType>,
         action_ids: impl IntoIterator<Item = ValidatorActionId>,
+        common_types: impl IntoIterator<Item = (InternalName, ValidatorType)>,
     ) -> Self {
         let entity_types = entity_types
             .into_iter()
@@ -291,9 +296,11 @@ impl ValidatorSchema {
             .into_iter()
             .map(|id| (id.name().clone(), id))
             .collect();
+        let common_types = common_types.into_iter().collect();
         Self::new_from_maps(
             entity_types,
             action_ids,
+            common_types,
             #[cfg(feature = "extended-schema")]
             HashSet::new(),
             #[cfg(feature = "extended-schema")]
@@ -307,7 +314,8 @@ impl ValidatorSchema {
     fn new_from_maps(
         entity_types: HashMap<EntityType, ValidatorEntityType>,
         action_ids: HashMap<EntityUID, ValidatorActionId>,
-        #[cfg(feature = "extended-schema")] common_types: HashSet<ValidatorCommonType>,
+        common_types: HashMap<InternalName, ValidatorType>,
+        #[cfg(feature = "extended-schema")] common_types_extended: HashSet<ValidatorCommonType>,
         #[cfg(feature = "extended-schema")] namespaces: HashSet<ValidatorNamespace>,
     ) -> Self {
         let actions = Self::action_entities_iter(&action_ids)
@@ -316,9 +324,10 @@ impl ValidatorSchema {
         Self {
             entity_types,
             action_ids,
+            common_types,
             actions,
             #[cfg(feature = "extended-schema")]
-            common_types,
+            common_types_extended,
             #[cfg(feature = "extended-schema")]
             namespaces,
         }
@@ -326,8 +335,8 @@ impl ValidatorSchema {
 
     /// Returns an iter of common types in the schema
     #[cfg(feature = "extended-schema")]
-    pub fn common_types(&self) -> impl Iterator<Item = &ValidatorCommonType> {
-        self.common_types.iter()
+    pub fn common_types_extended(&self) -> impl Iterator<Item = &ValidatorCommonType> {
+        self.common_types_extended.iter()
     }
 
     /// Returns an iter of validator namespaces in the schema
@@ -456,8 +465,9 @@ impl ValidatorSchema {
             entity_types: HashMap::new(),
             action_ids: HashMap::new(),
             actions: HashMap::new(),
+            common_types: HashMap::new(),
             #[cfg(feature = "extended-schema")]
-            common_types: HashSet::new(),
+            common_types_extended: HashSet::new(),
             #[cfg(feature = "extended-schema")]
             namespaces: HashSet::new(),
         }
@@ -537,6 +547,111 @@ impl ValidatorSchema {
         )
     }
 
+    /// Construct a [`Type`] from [`json_schema::Type<RawName>`]
+    pub fn json_schema_type_to_validator_type(
+        &self,
+        ty: json_schema::Type<RawName>,
+        extensions: &Extensions<'_>,
+    ) -> Result<Type> {
+        let ext_fragments = std::iter::once(cedar_fragment(extensions)).collect::<Vec<_>>();
+
+        let mut all_defs = AllDefs::new(|| ext_fragments.iter());
+
+        for entity_type in self.entity_type_names() {
+            all_defs.mark_as_defined_as_entity_type(entity_type.name().qualify_with(None));
+        }
+
+        for common_type in self.common_type_internal_names() {
+            all_defs.mark_as_defined_as_common_type(common_type.clone());
+        }
+
+        let common_types = self
+            .common_types
+            .iter()
+            .map(|(name, ty)| (name, ty.clone()))
+            .collect();
+
+        let conditional_ty = ty.conditionally_qualify_type_references(None);
+        let internal_ty = conditional_ty.fully_qualify_type_references(&all_defs)?;
+        let unresolved = try_jsonschema_type_into_validator_type(internal_ty, extensions, None)?;
+
+        unresolved
+            .resolve_common_type_refs(&common_types)
+            .map(|t| t.ty)
+    }
+
+    /// Construct a [`Type`] from [`json_schema::Type<RawName>`]
+    /// without a schema. Defaults to interpreting primitive types
+    /// as an entity type, unless prefixed by __cedar.
+    pub fn json_schema_type_to_validator_type_without_schema(
+        ty: json_schema::Type<RawName>,
+        extensions: &Extensions<'_>,
+    ) -> Result<Type> {
+        let mut fragments = std::iter::once(cedar_fragment(extensions)).collect::<Vec<_>>();
+
+        let mut all_defs = AllDefs::new(|| fragments.iter());
+
+        for name in ty.common_type_references() {
+            {
+                all_defs.mark_as_defined_as_entity_type(name.clone().qualify_with(None))
+            }
+        }
+
+        for tyname in primitive_types::<Name>()
+            .map(|(id, _)| Name::unqualified_name(id))
+            .chain(extensions.ext_types().cloned())
+        {
+            if !all_defs.is_defined_as_entity(tyname.as_ref())
+                && !all_defs.is_defined_as_common(tyname.as_ref())
+            {
+                assert!(
+                    tyname.is_unqualified(),
+                    "expected all primitive and extension type names to be unqualified"
+                );
+                fragments.push(single_alias_in_empty_namespace(
+                    tyname.basename().clone(),
+                    tyname.as_ref().qualify_with(Some(&InternalName::__cedar())),
+                    None, // there is no source loc associated with the builtin definitions of primitive and extension types
+                ));
+                all_defs.mark_as_defined_as_common_type(tyname.into());
+            }
+        }
+
+        let fragments: Vec<_> = fragments
+            .into_iter()
+            .map(|frag| frag.fully_qualify_type_references(&all_defs))
+            .partition_nonempty()?;
+
+        let mut common_types: HashMap<InternalName, json_schema::Type<InternalName>> =
+            HashMap::new();
+
+        for ns_def in fragments.into_iter().flat_map(|f| f.0.into_iter()) {
+            for (name, ty) in ns_def.common_types.defs {
+                match common_types.entry(name) {
+                    Entry::Vacant(v) => v.insert(ty),
+                    Entry::Occupied(o) => {
+                        return Err(DuplicateCommonTypeError {
+                            ty: o.key().clone(),
+                        }
+                        .into());
+                    }
+                };
+            }
+        }
+
+        let resolver = CommonTypeResolver::new(&common_types);
+        let common_types: HashMap<&InternalName, ValidatorType> = resolver.resolve(extensions)?;
+
+        let conditional_ty = ty.conditionally_qualify_type_references(None);
+
+        let internal_ty = conditional_ty.fully_qualify_type_references(&all_defs)?;
+        let unresolved = try_jsonschema_type_into_validator_type(internal_ty, extensions, None)?;
+
+        unresolved
+            .resolve_common_type_refs(&common_types)
+            .map(|t| t.ty)
+    }
+
     /// Construct a [`ValidatorSchema`] from some number of [`ValidatorSchemaFragment`]s.
     pub fn from_schema_fragments(
         fragments: impl IntoIterator<Item = ValidatorSchemaFragment<ConditionalName, ConditionalName>>,
@@ -820,6 +935,11 @@ impl ValidatorSchema {
             .map(|ct| ValidatorCommonType::new(ct.0, ct.1))
             .collect();
 
+        let common_types: HashMap<InternalName, ValidatorType> = common_types
+            .into_iter()
+            .map(|ct| (ct.0.clone(), ct.1))
+            .collect();
+
         // Return with an error if there is an undeclared entity or action
         // referenced in any fragment. `{entity,action}_children` are provided
         // for the `undeclared_parent_{entities,actions}` arguments because we
@@ -832,11 +952,12 @@ impl ValidatorSchema {
             entity_children.into_keys(),
             &action_ids,
             action_children.into_keys(),
-            common_types.into_values(),
+            common_types.clone().into_values(),
         )?;
         Ok(ValidatorSchema::new_from_maps(
             entity_types,
             action_ids,
+            common_types,
             #[cfg(feature = "extended-schema")]
             common_type_validators,
             #[cfg(feature = "extended-schema")]
@@ -985,6 +1106,16 @@ impl ValidatorSchema {
         self.action_ids.values()
     }
 
+    /// An iterator over the common type internal names in the schema.
+    pub fn common_type_internal_names(&self) -> impl Iterator<Item = &InternalName> {
+        self.common_types.keys()
+    }
+
+    /// An iterator over the common types in the schema.
+    pub fn common_types(&self) -> impl Iterator<Item = (&InternalName, &ValidatorType)> {
+        self.common_types.iter()
+    }
+
     /// An iterator over the entity type names in the schema.
     pub fn entity_type_names(&self) -> impl Iterator<Item = &EntityType> {
         self.entity_types.keys()
diff --git a/cedar-policy-core/src/validator/typecheck.rs b/cedar-policy-core/src/validator/typecheck.rs
index b7bf989fe5..7eeeb67878 100644
--- a/cedar-policy-core/src/validator/typecheck.rs
+++ b/cedar-policy-core/src/validator/typecheck.rs
@@ -41,7 +41,8 @@ use crate::validator::{
 use crate::{
     ast::{
         BinaryOp, EntityType, EntityUID, Expr, ExprBuilder, ExprKind, Literal, Name, PolicyID,
-        PrincipalOrResourceConstraint, SlotId, Template, UnaryOp, Var,
+        PrincipalOrResourceConstraint, SlotId, SlotsTypeDeclaration, Template, UnaryOp,
+        ValidatorSlotsTypeDeclaration, Var,
     },
     expr_builder::ExprBuilder as _,
 };
@@ -99,35 +100,53 @@ impl<'a> Typechecker<'a> {
         type_errors: &mut HashSet<ValidationError>,
         warnings: &mut HashSet<ValidationWarning>,
     ) -> bool {
-        let typecheck_answers = self.typecheck_by_request_env(t);
-
-        // consolidate the results from each query environment
-        let (all_false, all_succ) = typecheck_answers.into_iter().fold(
-            (true, true),
-            |(all_false, all_succ), (_, check)| match check {
-                PolicyCheck::Success(_) => (false, all_succ),
-                PolicyCheck::Irrelevant(err, _) => {
-                    let no_err = err.is_empty();
-                    type_errors.extend(err);
-                    (all_false, all_succ && no_err)
-                }
-                PolicyCheck::Fail(err) => {
-                    type_errors.extend(err);
-                    (false, false)
+        let maybe_validator_slots_type_declaration = SlotsTypeDeclaration::from_iter(
+            t.slots_type_declaration()
+                .map(|(k, v)| (k.clone(), v.clone())),
+        )
+        .into_validator_slots_type_declaration(self.schema)
+        .map_err(|_| {
+            ValidationError::incompatible_schema_with_slots_type_declaration(None, t.id().clone())
+        });
+
+        match maybe_validator_slots_type_declaration {
+            Ok(validator_slots_type_declaration) => {
+                let typecheck_answers =
+                    self.typecheck_by_request_env(t, &validator_slots_type_declaration);
+
+                // consolidate the results from each query environment
+                let (all_false, all_succ) = typecheck_answers.into_iter().fold(
+                    (true, true),
+                    |(all_false, all_succ), (_, check)| match check {
+                        PolicyCheck::Success(_) => (false, all_succ),
+                        PolicyCheck::Irrelevant(err, _) => {
+                            let no_err = err.is_empty();
+                            type_errors.extend(err);
+                            (all_false, all_succ && no_err)
+                        }
+                        PolicyCheck::Fail(err) => {
+                            type_errors.extend(err);
+                            (false, false)
+                        }
+                    },
+                );
+
+                // If every policy typechecked with type false, then the policy cannot
+                // possibly apply to any request.
+                if all_false {
+                    warnings.insert(ValidationWarning::impossible_policy(
+                        t.loc().into_maybe_loc(),
+                        t.id().clone(),
+                    ));
                 }
-            },
-        );
 
-        // If every policy typechecked with type false, then the policy cannot
-        // possibly apply to any request.
-        if all_false {
-            warnings.insert(ValidationWarning::impossible_policy(
-                t.loc().into_maybe_loc(),
-                t.id().clone(),
-            ));
+                all_succ
+            }
+            Err(err) => {
+                type_errors.extend(vec![err]);
+                false
+            }
         }
-
-        all_succ
     }
 
     /// Secondary entry point for typechecking requests. This method takes a policy and
@@ -141,10 +160,20 @@ impl<'a> Typechecker<'a> {
     pub fn typecheck_by_request_env<'b>(
         &'b self,
         t: &'b Template,
+        validator_slots_type_declaration: &ValidatorSlotsTypeDeclaration,
     ) -> Vec<(RequestEnv<'b>, PolicyCheck)> {
-        self.apply_typecheck_fn_by_request_env(t, |request_env, policy_id, expr| {
-            self.single_env_typechecking(request_env, policy_id, expr)
-        })
+        self.apply_typecheck_fn_by_request_env(
+            t,
+            |request_env, policy_id, expr, validator_slots_type_declaration| {
+                self.single_env_typechecking(
+                    request_env,
+                    policy_id,
+                    expr,
+                    validator_slots_type_declaration,
+                )
+            },
+            validator_slots_type_declaration,
+        )
     }
 
     fn single_env_typechecking(
@@ -152,6 +181,7 @@ impl<'a> Typechecker<'a> {
         request_env: &RequestEnv<'_>,
         policy_id: &PolicyID,
         expr: &Expr,
+        validator_slots_type_declaration: &ValidatorSlotsTypeDeclaration,
     ) -> PolicyCheck {
         let mut type_errors = Vec::new();
         let single_env_typechecker = SingleEnvTypechecker {
@@ -160,6 +190,7 @@ impl<'a> Typechecker<'a> {
             mode: self.mode,
             policy_id,
             request_env,
+            validator_slots_type_declaration,
         };
         let empty_prior_capability = CapabilitySet::new();
         let ans = single_env_typechecker.expect_type(
@@ -187,8 +218,14 @@ impl<'a> Typechecker<'a> {
         &'b self,
         t: &'b Template,
         request_env: &RequestEnv<'b>,
+        validator_slots_type_declaration: &ValidatorSlotsTypeDeclaration,
     ) -> PolicyCheck {
-        self.single_env_typechecking(request_env, t.id(), &t.condition())
+        self.single_env_typechecking(
+            request_env,
+            t.id(),
+            &t.condition(),
+            validator_slots_type_declaration,
+        )
     }
 
     /// Apply `typecheck_fn` to the given policy in every schema-defined request
@@ -199,9 +236,10 @@ impl<'a> Typechecker<'a> {
         &'b self,
         t: &'b Template,
         typecheck_fn: F,
+        validator_slots_type_declaration: &ValidatorSlotsTypeDeclaration,
     ) -> Vec<(RequestEnv<'b>, C)>
     where
-        F: Fn(&RequestEnv<'b>, &PolicyID, &Expr) -> C,
+        F: Fn(&RequestEnv<'b>, &PolicyID, &Expr, &ValidatorSlotsTypeDeclaration) -> C,
     {
         // compute `.condition()` just once, and cache it here
         let cond = t.condition();
@@ -212,7 +250,8 @@ impl<'a> Typechecker<'a> {
             .iter()
             .flat_map(|unlinked_e| {
                 self.link_request_env(unlinked_e, t).map(|linked_e| {
-                    let check = typecheck_fn(&linked_e, t.id(), &cond);
+                    let check =
+                        typecheck_fn(&linked_e, t.id(), &cond, validator_slots_type_declaration);
                     (linked_e, check)
                 })
             })
@@ -319,6 +358,7 @@ struct SingleEnvTypechecker<'a> {
     policy_id: &'a PolicyID,
     /// The single env which we're performing typechecking for
     request_env: &'a RequestEnv<'a>,
+    validator_slots_type_declaration: &'a ValidatorSlotsTypeDeclaration,
 }
 
 impl<'a> SingleEnvTypechecker<'a> {
@@ -382,23 +422,27 @@ impl<'a> SingleEnvTypechecker<'a> {
             }
             // Template Slots, always has to be an entity.
             ExprKind::Slot(slotid) => TypecheckAnswer::success(
-                ExprBuilder::with_data(Some(if slotid.is_principal() {
-                    self.request_env
-                        .principal_slot()
-                        .clone()
-                        .map(Type::named_entity_reference)
-                        .unwrap_or_else(Type::any_entity_reference)
-                } else if slotid.is_resource() {
-                    self.request_env
-                        .resource_slot()
-                        .clone()
-                        .map(Type::named_entity_reference)
-                        .unwrap_or_else(Type::any_entity_reference)
-                } else {
-                    Type::any_entity_reference()
-                }))
+                ExprBuilder::with_data(Some(
+                    if let Some(validator_ty) = self.validator_slots_type_declaration.get(slotid) {
+                        validator_ty.clone()
+                    } else if slotid.is_principal() {
+                        self.request_env
+                            .principal_slot()
+                            .clone()
+                            .map(Type::named_entity_reference)
+                            .unwrap_or_else(Type::any_entity_reference)
+                    } else if slotid.is_resource() {
+                        self.request_env
+                            .resource_slot()
+                            .clone()
+                            .map(Type::named_entity_reference)
+                            .unwrap_or_else(Type::any_entity_reference)
+                    } else {
+                        Type::any_entity_reference()
+                    },
+                ))
                 .with_same_source_loc(e)
-                .slot(*slotid),
+                .slot(slotid.clone()),
             ),
 
             // Literal booleans get singleton type according to their value.
diff --git a/cedar-policy-core/src/validator/typecheck/test/policy.rs b/cedar-policy-core/src/validator/typecheck/test/policy.rs
index 8e95ea2a63..3f32011d13 100644
--- a/cedar-policy-core/src/validator/typecheck/test/policy.rs
+++ b/cedar-policy-core/src/validator/typecheck/test/policy.rs
@@ -20,7 +20,7 @@
 use std::sync::Arc;
 
 use crate::{
-    ast::{EntityUID, Expr, PolicyID, Template},
+    ast::{EntityUID, Expr, PolicyID, SlotsTypeDeclaration, Template},
     extensions::Extensions,
     parser::{parse_policy, parse_policy_or_template, IntoMaybeLoc},
 };
@@ -107,6 +107,226 @@ fn simple_schema_file() -> json_schema::NamespaceDefinition<RawName> {
     .expect("Expected valid schema")
 }
 
+fn simple_schema_file_1() -> json_schema::NamespaceDefinition<RawName> {
+    serde_json::from_value(serde_json::json!(
+            {
+            "entityTypes": {
+                "Disk": {
+                    "shape": {
+                        "type": "Record",
+                        "attributes": {
+                            "name": {
+                                "type": "EntityOrCommon",
+                                "name": "String"
+                            },
+                            "storage": {
+                                "type": "EntityOrCommon",
+                                "name": "Long"
+                            }
+                        }
+                    }
+                },
+                "Document": {
+                    "memberOfTypes": [
+                        "Folder"
+                    ],
+                    "shape": {
+                        "type": "Record",
+                        "attributes": {
+                            "lastEdited": {
+                                "type": "EntityOrCommon",
+                                "name": "datetime"
+                            }
+                        }
+                    }
+                },
+                "File": {
+                    "memberOfTypes": [
+                        "Document"
+                    ]
+                },
+                "Folder": {
+                    "memberOfTypes": [
+                        "Disk"
+                    ],
+                    "shape": {
+                        "type": "Record",
+                        "attributes": {
+                            "lastEdited": {
+                                "type": "EntityOrCommon",
+                                "name": "datetime"
+                            }
+                        }
+                    }
+                },
+                "Person": {
+                    "shape": {
+                        "type": "Record",
+                        "attributes": {
+                            "age": {
+                                "type": "EntityOrCommon",
+                                "name": "Long"
+                            }
+                        }
+                    }
+                }
+            },
+            "actions": {
+                "Access": {
+                    "appliesTo": {
+                        "principalTypes": [
+                            "Person"
+                        ],
+                        "resourceTypes": [
+                            "Disk"
+                        ]
+                    }
+                },
+                "Navigate": {
+                    "appliesTo": {
+                        "principalTypes": [
+                            "Person"
+                        ],
+                        "resourceTypes": [
+                            "Disk",
+                            "Folder",
+                            "Document"
+                        ]
+                    }
+                },
+                "Write": {
+                    "appliesTo": {
+                        "principalTypes": [
+                            "Person"
+                        ],
+                        "resourceTypes": [
+                            "Folder",
+                            "Document"
+                        ],
+                        "context": {
+                            "type": "Record",
+                            "attributes": {
+                                "date": {
+                                    "type": "EntityOrCommon",
+                                    "name": "datetime"
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+    }))
+    .expect("Expected valid schema")
+}
+
+fn simple_schema_file_2() -> json_schema::NamespaceDefinition<RawName> {
+    serde_json::from_value(serde_json::json!(
+        {
+            "entityTypes": {
+                "Disk": {
+                    "memberOfTypes": [],
+                    "shape": {
+                        "type": "Record",
+                        "additionalAttributes": false,
+                        "attributes": {
+                            "owner": { "type": "String", "required": true}
+                        }
+                    }
+                },
+                "Folder": {
+                    "memberOfTypes": [],
+                    "shape": {
+                        "type": "Record",
+                        "additionalAttributes": false,
+                        "attributes": {
+                            "owner": { "type": "String", "required": true}
+                        }
+                    }
+                },
+                "Document": {
+                    "memberOfTypes": [ "Folder" ],
+                    "shape": {
+                        "type": "Record",
+                        "additionalAttributes": false,
+                        "attributes": {
+                            "owner": { "type": "String", "required": true}
+                        }
+                    }
+                },
+                "Person": {
+                    "memberOfTypes": [],
+                    "shape": {
+                        "type": "Record",
+                        "additionalAttributes": false,
+                        "attributes": {
+                            "age": { "type": "String", "required": false}
+                        }
+                    }
+                },
+                "Long": {
+                    "memberOfTypes": [],
+                    "shape": {
+                        "type": "Record",
+                        "additionalAttributes": false,
+                        "attributes": {
+                            "age": { "type": "String", "required": true}
+                        }
+                    }
+                }
+            },
+            "commonTypes": {
+                "PersonInfo": {
+                    "type": "Record",
+                    "attributes": {
+                        "name": { "type": "String", "required": false},
+                        "age": { "type": "Long", "required": true},
+                    }
+                }
+            },
+            "actions": {
+                "Navigate": {
+                    "memberOf": [],
+                    "appliesTo": {
+                        "principalTypes": ["Person"],
+                        "resourceTypes": ["Disk", "Folder", "Document"]
+                    }
+                }
+            }
+        }
+    ))
+    .expect("Expected valid schema")
+}
+
+fn simple_schema_file_3() -> json_schema::Fragment<RawName> {
+    json_schema::Fragment::from_json_str(
+        r#"
+            { "N::S": {
+                "entityTypes": {
+                    "Foo": {
+                        "shape": {
+                            "type": "Record",
+                            "attributes": {
+                                "name": { "type": "String" }
+                            }
+                        }
+                    },
+                    "Bar": {},
+                    "Other": {}
+                },
+                "actions": {
+                  "baz": {
+                    "appliesTo": {
+                      "principalTypes": [ "Bar" ],
+                      "resourceTypes": [ "Foo", "Other" ]
+                    }
+                  }
+                }
+            }}
+            "#,
+    )
+    .expect("Expected valid schema")
+}
+
 #[track_caller] // report the caller's location as the location of the panic, not the location in this function
 fn assert_policy_typechecks_permissive_simple_schema(p: impl Into<Arc<Template>>) {
     assert_policy_typechecks_for_mode(simple_schema_file(), p, ValidationMode::Permissive)
@@ -134,8 +354,14 @@ fn policy_checked_in_multiple_envs() {
     let schema = simple_schema_file()
         .try_into()
         .expect("Failed to construct schema.");
+    let validator_slots_type_declaration = SlotsTypeDeclaration::from_iter(
+        t.slots_type_declaration()
+            .map(|(k, v)| (k.clone(), v.clone())),
+    )
+    .into_validator_slots_type_declaration(&schema)
+    .unwrap();
     let typechecker = Typechecker::new(&schema, ValidationMode::default());
-    let env_checks = typechecker.typecheck_by_request_env(&t);
+    let env_checks = typechecker.typecheck_by_request_env(&t, &validator_slots_type_declaration);
     // There are 3 possible envs in schema:
     // - User, "view_photo", Photo
     // - Group, "view_photo", Photo
@@ -158,7 +384,13 @@ fn policy_checked_in_multiple_envs() {
         .try_into()
         .expect("Failed to construct schema.");
     let typechecker = Typechecker::new(&schema, ValidationMode::default());
-    let env_checks = typechecker.typecheck_by_request_env(&t);
+    let validator_slots_type_declaration = SlotsTypeDeclaration::from_iter(
+        t.slots_type_declaration()
+            .map(|(k, v)| (k.clone(), v.clone())),
+    )
+    .into_validator_slots_type_declaration(&schema)
+    .unwrap();
+    let env_checks = typechecker.typecheck_by_request_env(&t, &validator_slots_type_declaration);
     // With the new action, policy is always false for the other two
     assert!(
         env_checks
@@ -1326,4 +1558,197 @@ mod templates {
             )
         );
     }
+
+    #[test]
+    fn slot_in_condition_should_typecheck() {
+        let s = simple_schema_file_1();
+
+        let templates = [
+            r#"permit(principal == ?principal, action == Action::"Navigate", resource in ?resource) when { ?resource has storage && ?resource.storage == 5 };"#,
+            r#"permit(principal == ?principal, action == Action::"Navigate", resource in ?resource) when { ?principal.age == 25 };"#,
+            r#"permit(principal == ?principal, action == Action::"Write", resource == ?resource) when { ?resource.lastEdited > context.date };"#,
+            r#"permit(principal == ?principal, action == Action::"Access", resource in ?resource) when { ?resource.name == "SSD" };"#,
+        ];
+
+        for template in templates {
+            let t = parse_policy_or_template(None, template).unwrap();
+            assert_policy_typechecks(s.clone(), t);
+        }
+    }
+
+    #[test]
+    fn slot_in_condition_should_not_typecheck() {
+        let s = simple_schema_file_1();
+
+        let templates = [
+            r#"permit(principal == ?principal, action == Action::"Navigate", resource in ?resource) when { ?resource.storage == 5 };"#,
+            r#"permit(principal == ?principal, action == Action::"Write", resource in ?resource) when { ?resource.random == true };"#,
+        ];
+
+        for template in templates {
+            let t = parse_policy_or_template(None, template).unwrap();
+            assert_policy_typecheck_fails(s.clone(), t);
+        }
+    }
+}
+
+mod generalized_templates {
+    use super::*;
+
+    #[test]
+    fn generalized_slot_in_condition_with_type_annotation() {
+        assert_policy_typechecks(
+            simple_schema_file_2(),
+            parse_policy_or_template(
+                None,
+                r#"
+              template(?folder: Folder) => 
+              permit(
+              principal == ?principal, 
+              action, 
+              resource in ?resource) when 
+              { resource in ?folder || 
+               (action == Action::"Navigate" && 
+               ?folder in resource) };"#,
+            )
+            .unwrap(),
+        );
+    }
+
+    #[test]
+    fn generalized_slot_in_condition_with_record_type() {
+        assert_policy_typechecks(
+            simple_schema_file_2(),
+            parse_policy_or_template(
+                None,
+                r#"
+              template(?person: { name: String, age: Bool }) => 
+              permit(
+              principal,
+              action == Action::"Navigate", 
+              resource) when 
+              { ?person.name == resource.owner && 
+                ?person.age == true
+                };"#,
+            )
+            .unwrap(),
+        );
+    }
+
+    #[test]
+    fn generalized_slot_with_common_type_as_type_annotation() {
+        assert_policy_typechecks(
+            simple_schema_file_2(),
+            parse_policy_or_template(
+                None,
+                r#"
+              template(?person: PersonInfo) => 
+              permit(
+              principal,
+              action == Action::"Navigate", 
+              resource) when 
+              { ?person has name && ?person.name == "Alice" ||
+                ?person.age == 8
+                };"#,
+            )
+            .unwrap(),
+        );
+    }
+
+    #[test]
+    fn generalized_slot_with_shadowing_of_primitive_type() {
+        assert_policy_typechecks(
+            simple_schema_file_2(),
+            parse_policy_or_template(
+                None,
+                r#"
+              template(?person: Long) => 
+              permit(
+              principal,
+              action == Action::"Navigate", 
+              resource) when 
+              { ?person.age == "8" };"#,
+            )
+            .unwrap(),
+        );
+
+        assert_policy_typechecks(
+            simple_schema_file_2(),
+            parse_policy_or_template(
+                None,
+                r#"
+              template(?person: __cedar::Long) => 
+              permit(
+              principal,
+              action == Action::"Navigate", 
+              resource) when 
+              { ?person == 8 };"#,
+            )
+            .unwrap(),
+        );
+    }
+
+    #[test]
+    fn type_annotation_for_slot_in_scope() {
+        assert_policy_typechecks(
+            simple_schema_file_2(),
+            parse_policy_or_template(
+                None,
+                r#"
+              template(?resource: Folder) => 
+              permit(
+              principal,
+              action == Action::"Navigate", 
+              resource == ?resource);"#,
+            )
+            .unwrap(),
+        );
+    }
+
+    #[test]
+    fn generalized_slot_with_namespace_type_annotations() {
+        assert_policy_typechecks(
+            simple_schema_file_3(),
+            parse_policy_or_template(
+                None,
+                r#"
+              template(?foo: N::S::Foo) => 
+              permit(
+              principal,
+              action, 
+              resource) when { ?foo.name == "FOO" };"#,
+            )
+            .unwrap(),
+        );
+    }
+
+    #[test]
+    fn type_annotations_on_principal_slot() {
+        assert_policy_typecheck_fails(
+            simple_schema_file_3(),
+            parse_policy_or_template(
+                None,
+                r#"
+              permit(
+              principal,
+              action, 
+              resource == ?resource) when { ?resource.name == "FOO" };"#,
+            )
+            .unwrap(),
+        );
+
+        assert_policy_typechecks(
+            simple_schema_file_3(),
+            parse_policy_or_template(
+                None,
+                r#"
+              template(?resource: N::S::Foo) => 
+              permit(
+              principal,
+              action, 
+              resource == ?resource) when { ?resource.name == "FOO" };"#,
+            )
+            .unwrap(),
+        );
+    }
 }
diff --git a/cedar-policy-core/src/validator/typecheck/test/strict.rs b/cedar-policy-core/src/validator/typecheck/test/strict.rs
index c3f28f7a16..e3bc155298 100644
--- a/cedar-policy-core/src/validator/typecheck/test/strict.rs
+++ b/cedar-policy-core/src/validator/typecheck/test/strict.rs
@@ -22,7 +22,7 @@ use std::str::FromStr;
 use std::sync::Arc;
 
 use crate::{
-    ast::{EntityUID, Expr, PolicyID},
+    ast::{EntityUID, Expr, PolicyID, ValidatorSlotsTypeDeclaration},
     extensions::Extensions,
     parser::{parse_policy_or_template, IntoMaybeLoc, Loc},
 };
@@ -40,6 +40,7 @@ use super::test_utils::{
     assert_exactly_one_diagnostic, assert_policy_typecheck_fails, expr_id_placeholder, get_loc,
 };
 
+// This function should only be used for type checking templates without generalized slots
 #[track_caller] // report the caller's location as the location of the panic, not the location in this function
 fn assert_typechecks_strict(
     schema: json_schema::Fragment<RawName>,
@@ -54,6 +55,7 @@ fn assert_typechecks_strict(
         mode: ValidationMode::Strict,
         policy_id: &expr_id_placeholder(),
         request_env,
+        validator_slots_type_declaration: &ValidatorSlotsTypeDeclaration::default(),
     };
     let mut errs = Vec::new();
     let answer =
@@ -66,6 +68,7 @@ fn assert_typechecks_strict(
     );
 }
 
+// This function should only be used for type checking templates without generalized slots
 #[track_caller] // report the caller's location as the location of the panic, not the location in this function
 fn assert_strict_type_error(
     schema: json_schema::Fragment<RawName>,
@@ -81,6 +84,7 @@ fn assert_strict_type_error(
         mode: ValidationMode::Strict,
         policy_id: &expr_id_placeholder(),
         request_env,
+        validator_slots_type_declaration: &ValidatorSlotsTypeDeclaration::default(),
     };
     let mut errs = Vec::new();
     let answer =
@@ -174,6 +178,7 @@ fn strict_typecheck_catches_regular_type_error() {
             mode: ValidationMode::Strict,
             policy_id: &expr_id_placeholder(),
             request_env: &q,
+            validator_slots_type_declaration: &ValidatorSlotsTypeDeclaration::default(),
         };
         let mut errs = Vec::new();
         typechecker.expect_type(
diff --git a/cedar-policy-core/src/validator/typecheck/test/test_utils.rs b/cedar-policy-core/src/validator/typecheck/test/test_utils.rs
index d9f2a6cf38..33576c6cc6 100644
--- a/cedar-policy-core/src/validator/typecheck/test/test_utils.rs
+++ b/cedar-policy-core/src/validator/typecheck/test/test_utils.rs
@@ -21,7 +21,10 @@ use cool_asserts::assert_matches;
 use itertools::Itertools;
 use std::{collections::HashSet, hash::Hash, sync::Arc};
 
-use crate::ast::{Context, EntityUID, Expr, PolicyID, Request, Template, ACTION_ENTITY_TYPE};
+use crate::ast::{
+    Context, EntityUID, Expr, PolicyID, Request, Template, ValidatorSlotsTypeDeclaration,
+    ACTION_ENTITY_TYPE,
+};
 use crate::entities::{err::EntitiesError, Entities, EntityJsonParser, TCComputation};
 use crate::extensions::Extensions;
 use crate::parser::{IntoMaybeLoc, Loc, MaybeLoc};
@@ -83,7 +86,8 @@ impl Type {
 
 impl Typechecker<'_> {
     /// Typecheck an expression outside the context of a policy. This is
-    /// currently only used for testing.
+    /// currently only used for testing. This should only be used with expressions
+    /// that do not have generalized slots.
     ///
     /// `policy_id`: Policy ID to associate with this `Expr`, for the purposes
     /// of reporting the policy ID in validation errors
@@ -108,12 +112,14 @@ impl Typechecker<'_> {
             principal_slot: None,
             resource_slot: None,
         };
+
         let typechecker = SingleEnvTypechecker {
             schema: self.schema,
             extensions: self.extensions,
             mode: self.mode,
             policy_id,
             request_env: &request_env,
+            validator_slots_type_declaration: &ValidatorSlotsTypeDeclaration::default(),
         };
         let mut type_errors = Vec::new();
         let ans = typechecker.typecheck(&CapabilitySet::new(), e, &mut type_errors);
diff --git a/cedar-policy/Cargo.toml b/cedar-policy/Cargo.toml
index 241a66d0a1..0e9e6dc258 100644
--- a/cedar-policy/Cargo.toml
+++ b/cedar-policy/Cargo.toml
@@ -65,6 +65,7 @@ extended-schema = ["cedar-policy-core/extended-schema"]
 # release.
 deprecated-schema-compat = []
 tpe = ["cedar-policy-core/tpe"]
+generalized-templates = ["cedar-policy-core/generalized-templates"]
 
 # Feature for raw parsing
 raw-parsing = ["cedar-policy-core/raw-parsing"]
diff --git a/cedar-policy/protobuf_schema/core.proto b/cedar-policy/protobuf_schema/core.proto
index eca2d807f5..96002b9d39 100644
--- a/cedar-policy/protobuf_schema/core.proto
+++ b/cedar-policy/protobuf_schema/core.proto
@@ -17,6 +17,23 @@
 syntax = "proto3";
 package cedar_policy_core;
 
+message TemplateType {
+    oneof data {
+        Name other = 1; 
+        TemplateType set_elem = 2;
+        Record record = 3;
+    }
+
+    message Record {
+        map<string, AttributeTemplateType> attrs = 1;
+    }
+}
+
+message AttributeTemplateType {
+    TemplateType attr_type = 1;
+    bool is_required = 2;
+}
+
 message Request {
     EntityUid principal = 1;
     EntityUid action = 2;
@@ -67,6 +84,8 @@ message Policy {
     // Value of the `?resource` slot.
     // Omitted/ignored for templates without the `?resource` slot.
     EntityUid resource_euid = 5;
+    // Values for generalized slots 
+    map<string, Expr> generalized_values = 6;
 }
 
 enum Effect {
@@ -82,6 +101,7 @@ message TemplateBody {
     ActionConstraint action_constraint = 6;
     PrincipalOrResourceConstraint resource_constraint = 7;
     Expr non_scope_constraints = 8;
+    map<string, TemplateType> slots_type_declaration = 9;
 }
 
 // an EntityReference may either be an EntityUid or a Slot.
@@ -129,9 +149,16 @@ message PrincipalOrResourceConstraint {
     }
 }
 
-enum SlotId {
-    Principal = 0;
-    Resource = 1;
+message SlotId {
+    oneof data {
+        Any principal = 1;
+        Any resource = 2;
+        string GeneralizedSlot = 3;
+    }
+
+    enum Any {
+        unit = 0;
+    }
 }
 
 message ActionConstraint {
diff --git a/cedar-policy/protobuf_schema/validator.proto b/cedar-policy/protobuf_schema/validator.proto
index c2dd460101..671bfed40b 100644
--- a/cedar-policy/protobuf_schema/validator.proto
+++ b/cedar-policy/protobuf_schema/validator.proto
@@ -23,6 +23,7 @@ import "core.proto";
 message Schema {
     repeated EntityDecl entity_decls = 1;
     repeated ActionDecl action_decls = 2;
+    repeated CommonDecl common_decls = 3; 
 }
 
 // the protobuf EntityDecl message contains all of the schema's
@@ -45,6 +46,11 @@ message ActionDecl {
     repeated cedar_policy_core.Name resource_types = 6;
 }
 
+message CommonDecl {
+    cedar_policy_core.Name name = 1;
+    Type validator_type = 2; 
+}
+
 message Type {
     oneof data {
         // Primitive types
diff --git a/cedar-policy/src/api.rs b/cedar-policy/src/api.rs
index bdc561686e..f3628881c4 100644
--- a/cedar-policy/src/api.rs
+++ b/cedar-policy/src/api.rs
@@ -2809,6 +2809,8 @@ impl PolicySet {
             template_id.into(),
             new_id.clone().into(),
             unwrapped_vals.clone(),
+            HashMap::new(),
+            None,
         )?;
 
         // PANIC SAFETY: `lossless.link()` will not fail after `ast.link()` succeeds
@@ -2816,7 +2818,95 @@ impl PolicySet {
         let linked_lossless = template
             .lossless
             .clone()
-            .link(unwrapped_vals.iter().map(|(k, v)| (*k, v)))
+            .link(
+                unwrapped_vals.iter().map(|(k, v)| (k.clone(), v)),
+                HashMap::new(),
+            )
+            // The only error case for `lossless.link()` is a template with
+            // slots which are not filled by the provided values. `ast.link()`
+            // will have already errored if there are any unfilled slots in the
+            // template.
+            .expect("ast.link() didn't fail above, so this shouldn't fail");
+        self.policies.insert(
+            new_id,
+            Policy {
+                ast: linked_ast.clone(),
+                lossless: linked_lossless,
+            },
+        );
+        Ok(())
+    }
+
+    #[cfg(feature = "generalized-templates")]
+    /// Link function for generalized templates
+    pub fn generalized_link(
+        &mut self,
+        template_id: PolicyId,
+        new_id: PolicyId,
+        generalized_vals: HashMap<SlotId, RestrictedExpression>,
+        schema: Option<Schema>,
+    ) -> Result<(), PolicySetError> {
+        let (unwrapped_vals, unwrapped_generalized_vals): (
+            HashMap<ast::SlotId, ast::RestrictedExpr>,
+            HashMap<ast::SlotId, ast::RestrictedExpr>,
+        ) = generalized_vals.into_iter().partition_map(|(key, value)| {
+            let key: ast::SlotId = key.into();
+            if key.is_principal() || key.is_resource() {
+                Either::Left((key.into(), value.as_ref().clone()))
+            } else {
+                Either::Right((key.into(), value.as_ref().clone()))
+            }
+        });
+
+        // Convert unwrapped_vals into a form that is usable by our internal API's
+        // ensure that `?principal` and `?resource` have slots that are of entity type
+        let unwrapped_vals = unwrapped_vals
+            .into_iter()
+            .map(|(slot, restricted_expr)| match restricted_expr.as_euid() {
+                Some(euid) => Ok((slot, euid.clone())),
+                None => Err(ast::LinkingError::ValueProvidedForSlotInScopeNotEntityUID {
+                    slot,
+                    value: restricted_expr,
+                })?,
+            })
+            .collect::<Result<HashMap<ast::SlotId, ast::EntityUID>, PolicySetError>>()?;
+
+        // Try to get the template with the id we're linking from.  We do this
+        // _before_ calling `self.ast.link` because `link` mutates the policy
+        // set by creating a new link entry in a hashmap. This happens even when
+        // trying to link a static policy, which we want to error on here.
+        let Some(template) = self.templates.get(&template_id) else {
+            return Err(if self.policies.contains_key(&template_id) {
+                policy_set_errors::ExpectedTemplate::new().into()
+            } else {
+                policy_set_errors::LinkingError {
+                    inner: ast::LinkingError::NoSuchTemplate {
+                        id: template_id.into(),
+                    },
+                }
+                .into()
+            });
+        };
+
+        let linked_ast = self.ast.link(
+            template_id.into(),
+            new_id.clone().into(),
+            unwrapped_vals.clone(),
+            unwrapped_generalized_vals.clone(),
+            schema.map(|schema| schema.0).as_ref(),
+        )?;
+
+        // PANIC SAFETY: `lossless.link()` will not fail after `ast.link()` succeeds
+        #[allow(clippy::expect_used)]
+        let linked_lossless = template
+            .lossless
+            .clone()
+            .link(
+                unwrapped_vals.iter().map(|(k, v)| (k.clone(), v)),
+                unwrapped_generalized_vals
+                    .iter()
+                    .map(|(k, v)| (k.clone(), v)),
+            )
             // The only error case for `lossless.link()` is a template with
             // slots which are not filled by the provided values. `ast.link()`
             // will have already errored if there are any unfilled slots in the
@@ -2941,12 +3031,19 @@ fn is_static_or_link(
                 .ast
                 .env()
                 .iter()
-                .map(|(id, euid)| (*id, euid.clone()))
+                .map(|(id, euid)| (id.clone(), euid.clone()))
+                .collect();
+            let generalized_values = policy
+                .ast
+                .generalized_env()
+                .iter()
+                .map(|(id, expr)| (id.clone(), expr.clone()))
                 .collect();
             Ok(Either::Right(TemplateLink {
                 new_id: id.into(),
                 template_id: template_id.clone().into(),
                 values,
+                generalized_values,
             }))
         }
         None => policy
@@ -3042,17 +3139,27 @@ fn get_valid_request_envs(ast: &ast::Template, s: &Schema) -> impl Iterator<Item
         &s.0,
         cedar_policy_core::validator::ValidationMode::default(),
     );
-    tc.typecheck_by_request_env(ast)
-        .into_iter()
-        .filter_map(|(env, pc)| {
-            if matches!(pc, PolicyCheck::Success(_)) {
-                Some(env.into())
-            } else {
-                None
-            }
-        })
-        .collect::<BTreeSet<_>>()
-        .into_iter()
+    let maybe_validator_slots_type_declaration = ast::SlotsTypeDeclaration::from_iter(
+        ast.slots_type_declaration()
+            .map(|(k, v)| (k.clone(), v.clone())),
+    )
+    .into_validator_slots_type_declaration(&s.0);
+
+    match maybe_validator_slots_type_declaration {
+        Ok(validator_slots_type_declaration) => tc
+            .typecheck_by_request_env(ast, &validator_slots_type_declaration)
+            .into_iter()
+            .filter_map(|(env, pc)| {
+                if matches!(pc, PolicyCheck::Success(_)) {
+                    Some(env.into())
+                } else {
+                    None
+                }
+            })
+            .collect::<BTreeSet<_>>()
+            .into_iter(),
+        Err(_) => BTreeSet::new().into_iter(),
+    }
 }
 
 /// Policy template datatype
@@ -3173,7 +3280,7 @@ impl Template {
             .map(|(k, v)| (k.as_ref(), v.as_ref()))
     }
 
-    /// Iterate over the open slots in this `Template`
+    /// Iterate over the open slots (principal, resource, and generalized) in this `Template`
     pub fn slots(&self) -> impl Iterator<Item = &SlotId> {
         self.ast.slots().map(|slot| SlotId::ref_cast(&slot.id))
     }
@@ -3498,12 +3605,28 @@ impl Policy {
                 .ast
                 .env()
                 .iter()
-                .map(|(key, value)| ((*key).into(), value.clone().into()))
+                .map(|(key, value)| ((key.clone()).into(), value.clone().into()))
                 .collect();
             Some(wrapped_vals)
         }
     }
 
+    /// Get the generalized values this `Template` is linked to, expressed as a map from `SlotId` to `RestrictedExpression`.
+    /// If this is a static policy, this will return `None`.
+    pub fn generalized_template_links(&self) -> Option<HashMap<SlotId, RestrictedExpression>> {
+        if self.is_static() {
+            None
+        } else {
+            let wrapped_generalized_vals: HashMap<SlotId, RestrictedExpression> = self
+                .ast
+                .generalized_env()
+                .iter()
+                .map(|(key, value)| ((key.clone()).into(), RestrictedExpression(value.clone())))
+                .collect();
+            Some(wrapped_generalized_vals)
+        }
+    }
+
     /// Get the `Effect` (`Permit` or `Forbid`) for this instance
     pub fn effect(&self) -> Effect {
         self.ast.effect()
@@ -3830,8 +3953,12 @@ impl Policy {
     pub fn to_cedar(&self) -> Option<String> {
         match &self.lossless {
             LosslessPolicy::Empty | LosslessPolicy::Est(_) => Some(self.ast.to_string()),
-            LosslessPolicy::Text { text, slots } => {
-                if slots.is_empty() {
+            LosslessPolicy::Text {
+                text,
+                slots,
+                generalized_slots,
+            } => {
+                if slots.is_empty() && generalized_slots.is_empty() {
                     Some(text.clone())
                 } else {
                     None
@@ -3931,6 +4058,7 @@ pub(crate) enum LosslessPolicy {
         /// this; static policies and (unlinked) templates have an empty map
         /// here
         slots: HashMap<ast::SlotId, ast::EntityUID>,
+        generalized_slots: HashMap<ast::SlotId, ast::RestrictedExpr>,
     },
 }
 
@@ -3940,6 +4068,7 @@ impl LosslessPolicy {
         text.map_or(Self::Empty, |text| Self::Text {
             text: text.into(),
             slots: HashMap::new(),
+            generalized_slots: HashMap::new(),
         })
     }
 
@@ -3952,14 +4081,35 @@ impl LosslessPolicy {
             // Fall back to the `policy` AST if the lossless representation is empty
             Self::Empty => Ok(fallback_est()),
             Self::Est(est) => Ok(est.clone()),
-            Self::Text { text, slots } => {
+            Self::Text {
+                text,
+                slots,
+                generalized_slots,
+            } => {
                 let est =
                     parser::parse_policy_or_template_to_est(text).map_err(ParseErrors::from)?;
-                if slots.is_empty() {
+                if slots.is_empty() && generalized_slots.is_empty() {
                     Ok(est)
                 } else {
-                    let unwrapped_vals = slots.iter().map(|(k, v)| (*k, v.into())).collect();
-                    Ok(est.link(&unwrapped_vals)?)
+                    let unwrapped_vals = slots.iter().map(|(k, v)| (k.clone(), v.into())).collect();
+                    let unwrapped_generalized_vals: Result<
+                        HashMap<ast::SlotId, cedar_policy_core::entities::CedarValueJson>,
+                        _,
+                    > = generalized_slots
+                        .iter()
+                        .map(|(k, v)| -> Result<_, PolicyToJsonError> {
+                            Ok((
+                                k.clone(),
+                                cedar_policy_core::entities::CedarValueJson::from_expr(
+                                    v.as_borrowed(),
+                                )
+                                .map_err(|e| {
+                                    est::LinkingError::UnableToSerializeJSONValueProvided(e)
+                                })?,
+                            ))
+                        })
+                        .collect();
+                    Ok(est.link(&unwrapped_vals, &unwrapped_generalized_vals?)?)
                 }
             }
         }
@@ -3968,6 +4118,7 @@ impl LosslessPolicy {
     fn link<'a>(
         self,
         vals: impl IntoIterator<Item = (ast::SlotId, &'a ast::EntityUID)>,
+        generalized_vals: impl IntoIterator<Item = (ast::SlotId, &'a ast::RestrictedExpr)>,
     ) -> Result<Self, est::LinkingError> {
         match self {
             Self::Empty => Ok(Self::Empty),
@@ -3976,15 +4127,45 @@ impl LosslessPolicy {
                     ast::SlotId,
                     cedar_policy_core::entities::EntityUidJson,
                 > = vals.into_iter().map(|(k, v)| (k, v.into())).collect();
-                Ok(Self::Est(est.link(&unwrapped_est_vals)?))
+                let unwrapped_est_generalized_vals: Result<
+                    HashMap<ast::SlotId, cedar_policy_core::entities::CedarValueJson>,
+                    _,
+                > = generalized_vals
+                    .into_iter()
+                    .map(|(k, v)| -> Result<_, est::LinkingError> {
+                        Ok((
+                            k,
+                            cedar_policy_core::entities::CedarValueJson::from_expr(v.as_borrowed())
+                                .map_err(|e| {
+                                    est::LinkingError::UnableToSerializeJSONValueProvided(e)
+                                })?,
+                        ))
+                    })
+                    .collect();
+                Ok(Self::Est(est.link(
+                    &unwrapped_est_vals,
+                    &unwrapped_est_generalized_vals?,
+                )?))
             }
-            Self::Text { text, slots } => {
+            Self::Text {
+                text,
+                slots,
+                generalized_slots,
+            } => {
                 debug_assert!(
-                    slots.is_empty(),
+                    slots.is_empty() && generalized_slots.is_empty(),
                     "shouldn't call link() on an already-linked policy"
                 );
                 let slots = vals.into_iter().map(|(k, v)| (k, v.clone())).collect();
-                Ok(Self::Text { text, slots })
+                let generalized_slots = generalized_vals
+                    .into_iter()
+                    .map(|(k, v)| (k, v.clone()))
+                    .collect();
+                Ok(Self::Text {
+                    text,
+                    slots,
+                    generalized_slots,
+                })
             }
         }
     }
@@ -4000,8 +4181,12 @@ impl LosslessPolicy {
                 Err(e) => write!(f, "<invalid policy: {e}>"),
             },
             Self::Est(est) => write!(f, "{est}"),
-            Self::Text { text, slots } => {
-                if slots.is_empty() {
+            Self::Text {
+                text,
+                slots,
+                generalized_slots,
+            } => {
+                if slots.is_empty() && generalized_slots.is_empty() {
                     write!(f, "{text}")
                 } else {
                     // need to replace placeholders according to `slots`.
@@ -5046,7 +5231,11 @@ pub fn eval_expression(
     let eval = Evaluator::new(request.0.clone(), &entities.0, all_ext);
     Ok(EvalResult::from(
         // Evaluate under the empty slot map, as an expression should not have slots
-        eval.interpret(&expr.0, &ast::SlotEnv::new())?,
+        eval.interpret(
+            &expr.0,
+            &ast::SlotEnv::new(),
+            &ast::GeneralizedSlotEnv::new(),
+        )?,
     ))
 }
 
@@ -5343,29 +5532,42 @@ action CreateList in Create appliesTo {
         };
 
         let schema = schema();
-        assert_eq!(schema.0.common_types().collect::<HashSet<_>>().len(), 3);
+        assert_eq!(
+            schema
+                .0
+                .common_types_extended()
+                .collect::<HashSet<_>>()
+                .len(),
+            3
+        );
         let task_type = ValidatorCommonType {
             name: "Task".into(),
             name_loc: None,
             type_loc: None,
         };
-        assert!(schema.0.common_types().contains(&task_type));
+        assert!(schema.0.common_types_extended().contains(&task_type));
 
         let tasks_type = ValidatorCommonType {
             name: "Tasks".into(),
             name_loc: None,
             type_loc: None,
         };
-        assert!(schema.0.common_types().contains(&tasks_type));
-        assert!(schema.0.common_types().all(|ct| ct.name_loc.is_some()));
-        assert!(schema.0.common_types().all(|ct| ct.type_loc.is_some()));
+        assert!(schema.0.common_types_extended().contains(&tasks_type));
+        assert!(schema
+            .0
+            .common_types_extended()
+            .all(|ct| ct.name_loc.is_some()));
+        assert!(schema
+            .0
+            .common_types_extended()
+            .all(|ct| ct.type_loc.is_some()));
 
         let tasks_type = ValidatorCommonType {
             name: "T".into(),
             name_loc: None,
             type_loc: None,
         };
-        assert!(schema.0.common_types().contains(&tasks_type));
+        assert!(schema.0.common_types_extended().contains(&tasks_type));
 
         let et = ast::EntityType::EntityType(ast::Name::from_normalized_str("List").unwrap());
         let et = schema.0.get_entity_type(&et).unwrap();
diff --git a/cedar-policy/src/api/err.rs b/cedar-policy/src/api/err.rs
index 4920d39590..a86062899d 100644
--- a/cedar-policy/src/api/err.rs
+++ b/cedar-policy/src/api/err.rs
@@ -368,6 +368,12 @@ pub mod validation_errors;
 #[derive(Debug, Clone, Error, Diagnostic)]
 #[non_exhaustive]
 pub enum ValidationError {
+    /// The Schema is incompatible with the slots type declaration.
+    #[error(transparent)]
+    #[diagnostic(transparent)]
+    IncompatibleSchemaWithSlotsTypeDeclaration(
+        #[from] validation_errors::IncompatibleSchemaWithSlotsTypeDeclaration,
+    ),
     /// A policy contains an entity type that is not declared in the schema.
     #[error(transparent)]
     #[diagnostic(transparent)]
@@ -448,12 +454,20 @@ pub enum ValidationError {
     #[error(transparent)]
     #[diagnostic(transparent)]
     InvalidEnumEntity(#[from] validation_errors::InvalidEnumEntity),
+    /// Generalized slot found in the clause of the template
+    /// however there was no corresponding type declaration
+    #[error(transparent)]
+    #[diagnostic(transparent)]
+    GeneralizedSlotInConditionClauseNotInSlotsTypeDeclaration(
+        #[from] validation_errors::GeneralizedSlotInConditionClauseNotInSlotsTypeDeclaration,
+    ),
 }
 
 impl ValidationError {
     /// Extract the policy id of the policy where the validator found the issue.
     pub fn policy_id(&self) -> &crate::PolicyId {
         match self {
+            Self::IncompatibleSchemaWithSlotsTypeDeclaration(e) => e.policy_id(),
             Self::UnrecognizedEntityType(e) => e.policy_id(),
             Self::UnrecognizedActionId(e) => e.policy_id(),
             Self::InvalidActionApplication(e) => e.policy_id(),
@@ -472,6 +486,7 @@ impl ValidationError {
             Self::InternalInvariantViolation(e) => e.policy_id(),
             Self::EntityDerefLevelViolation(e) => e.policy_id(),
             Self::InvalidEnumEntity(e) => e.policy_id(),
+            Self::GeneralizedSlotInConditionClauseNotInSlotsTypeDeclaration(e) => e.policy_id(),
         }
     }
 }
@@ -480,6 +495,9 @@ impl ValidationError {
 impl From<cedar_policy_core::validator::ValidationError> for ValidationError {
     fn from(error: cedar_policy_core::validator::ValidationError) -> Self {
         match error {
+            cedar_policy_core::validator::ValidationError::IncompatibleSchemaWithSlotsTypeDeclaration(e) => {
+                Self::IncompatibleSchemaWithSlotsTypeDeclaration(e.into())
+            }
             cedar_policy_core::validator::ValidationError::UnrecognizedEntityType(e) => {
                 Self::UnrecognizedEntityType(e.into())
             }
@@ -531,6 +549,9 @@ impl From<cedar_policy_core::validator::ValidationError> for ValidationError {
             cedar_policy_core::validator::ValidationError::EntityDerefLevelViolation(e) => {
                 Self::EntityDerefLevelViolation(e.into())
             }
+            cedar_policy_core::validator::ValidationError::GeneralizedSlotInConditionClauseNotInSlotsTypeDeclaration(e) => {
+                Self::GeneralizedSlotInConditionClauseNotInSlotsTypeDeclaration(e.into())
+            }
         }
     }
 }
diff --git a/cedar-policy/src/api/err/validation_errors.rs b/cedar-policy/src/api/err/validation_errors.rs
index cb984061b9..4485a36c59 100644
--- a/cedar-policy/src/api/err/validation_errors.rs
+++ b/cedar-policy/src/api/err/validation_errors.rs
@@ -56,6 +56,7 @@ macro_rules! wrap_core_error {
     };
 }
 
+wrap_core_error!(IncompatibleSchemaWithSlotsTypeDeclaration);
 wrap_core_error!(UnrecognizedEntityType);
 wrap_core_error!(UnrecognizedActionId);
 wrap_core_error!(InvalidActionApplication);
@@ -74,3 +75,4 @@ wrap_core_error!(EmptySetForbidden);
 wrap_core_error!(NonLitExtConstructor);
 wrap_core_error!(InternalInvariantViolation);
 wrap_core_error!(InvalidEnumEntity);
+wrap_core_error!(GeneralizedSlotInConditionClauseNotInSlotsTypeDeclaration);
diff --git a/cedar-policy/src/api/id.rs b/cedar-policy/src/api/id.rs
index b2b058875c..973d975b60 100644
--- a/cedar-policy/src/api/id.rs
+++ b/cedar-policy/src/api/id.rs
@@ -413,6 +413,12 @@ impl SlotId {
     pub fn resource() -> Self {
         Self(ast::SlotId::resource())
     }
+
+    /// Create a `generalized slot`
+    pub fn generalized_slot(s: impl AsRef<str>) -> Result<Self, ParseErrors> {
+        let id = s.as_ref().parse()?;
+        Ok(Self(ast::SlotId::generalized_slot(id)))
+    }
 }
 
 impl std::fmt::Display for SlotId {
diff --git a/cedar-policy/src/proto/ast.rs b/cedar-policy/src/proto/ast.rs
index e91a27ff9f..f1444f8331 100644
--- a/cedar-policy/src/proto/ast.rs
+++ b/cedar-policy/src/proto/ast.rs
@@ -18,11 +18,17 @@
 
 use super::models;
 use cedar_policy_core::{
-    ast, evaluator::RestrictedEvaluator, extensions::Extensions, FromNormalizedStr,
+    ast, evaluator::RestrictedEvaluator, extensions::Extensions, validator, FromNormalizedStr,
 };
 use smol_str::ToSmolStr;
 use std::{collections::HashSet, sync::Arc};
 
+impl From<&models::Name> for validator::RawName {
+    fn from(v: &models::Name) -> Self {
+        validator::RawName::from_name(ast::InternalName::from(v))
+    }
+}
+
 // PANIC SAFETY: experimental feature
 #[allow(clippy::fallible_impl_from)]
 impl From<&models::Name> for ast::InternalName {
@@ -54,6 +60,12 @@ impl From<&models::Name> for ast::EntityType {
     }
 }
 
+impl From<&validator::RawName> for models::Name {
+    fn from(v: &validator::RawName) -> Self {
+        Self::from(&(v.clone().qualify_with(None)))
+    }
+}
+
 impl From<&ast::InternalName> for models::Name {
     fn from(v: &ast::InternalName) -> Self {
         Self {
@@ -501,27 +513,38 @@ impl From<&ast::Literal> for models::expr::Literal {
     }
 }
 
+// PANIC SAFETY: experimental feature
+#[allow(clippy::fallible_impl_from)]
 impl From<&models::SlotId> for ast::SlotId {
+    // PANIC SAFETY: experimental feature
+    #[allow(clippy::expect_used, clippy::unwrap_used)]
     fn from(v: &models::SlotId) -> Self {
-        match v {
-            models::SlotId::Principal => ast::SlotId::principal(),
-            models::SlotId::Resource => ast::SlotId::resource(),
+        match v.data.as_ref().expect("data field should exist") {
+            models::slot_id::Data::Principal(_) => ast::SlotId::principal(),
+            models::slot_id::Data::Resource(_) => ast::SlotId::resource(),
+            models::slot_id::Data::GeneralizedSlot(s) => s.parse().unwrap(),
         }
     }
 }
 
-// PANIC SAFETY: experimental feature
-#[allow(clippy::fallible_impl_from)]
 impl From<&ast::SlotId> for models::SlotId {
-    // PANIC SAFETY: experimental feature
-    #[allow(clippy::panic)]
     fn from(v: &ast::SlotId) -> Self {
         if v.is_principal() {
-            models::SlotId::Principal
+            Self {
+                data: Some(models::slot_id::Data::Principal(
+                    models::slot_id::Any::Unit.into(),
+                )),
+            }
         } else if v.is_resource() {
-            models::SlotId::Resource
+            Self {
+                data: Some(models::slot_id::Data::Resource(
+                    models::slot_id::Any::Unit.into(),
+                )),
+            }
         } else {
-            panic!("Slot other than principal or resource")
+            Self {
+                data: Some(models::slot_id::Data::GeneralizedSlot(v.to_string())),
+            }
         }
     }
 }
diff --git a/cedar-policy/src/proto/policy.rs b/cedar-policy/src/proto/policy.rs
index 7fc008a1d2..e0ddb7d753 100644
--- a/cedar-policy/src/proto/policy.rs
+++ b/cedar-policy/src/proto/policy.rs
@@ -20,11 +20,124 @@ use super::models;
 use cedar_policy_core::{ast, FromNormalizedStr};
 use std::collections::HashMap;
 
+use cedar_policy_core::{
+    est,
+    validator::{json_schema, RawName},
+};
+use smol_str::ToSmolStr;
+
+impl From<&models::TemplateType> for json_schema::Type<RawName> {
+    // PANIC SAFETY: experimental feature
+    #[allow(clippy::expect_used)]
+    fn from(v: &models::TemplateType) -> Self {
+        let ty_variant = match &v.data.as_ref().expect("data field should exist") {
+            models::template_type::Data::Other(ty) => json_schema::TypeVariant::EntityOrCommon {
+                type_name: RawName::from(ty),
+            },
+            models::template_type::Data::SetElem(ty) => json_schema::TypeVariant::Set {
+                element: Box::new(json_schema::Type::from(ty.as_ref())),
+            },
+            models::template_type::Data::Record(r) => {
+                json_schema::TypeVariant::Record(template_model_to_attributes(&r.attrs))
+            }
+        };
+        json_schema::Type::Type {
+            ty: ty_variant,
+            loc: None,
+        }
+    }
+}
+
+// PANIC SAFETY: experimental feature
+#[allow(clippy::fallible_impl_from)]
+impl From<&json_schema::Type<RawName>> for models::TemplateType {
+    // PANIC SAFETY: experimental feature
+    #[allow(clippy::unreachable)]
+    fn from(v: &json_schema::Type<RawName>) -> Self {
+        match v {
+            json_schema::Type::Type { ty, loc: _ } => match &ty {
+                json_schema::TypeVariant::EntityOrCommon { type_name } => Self {
+                    data: Some(models::template_type::Data::Other(models::Name::from(
+                        type_name,
+                    ))),
+                },
+                json_schema::TypeVariant::Set { element } => Self {
+                    data: Some(models::template_type::Data::SetElem(Box::new(
+                        models::TemplateType::from(element.as_ref()),
+                    ))),
+                },
+                json_schema::TypeVariant::Record(r) => {
+                    let record: models::template_type::Record = models::template_type::Record {
+                        attrs: template_attributes_to_model(r),
+                    };
+                    Self {
+                        data: Some(models::template_type::Data::Record(record)),
+                    }
+                }
+                _ => unreachable!(),
+            },
+            json_schema::Type::CommonTypeRef { .. } => unreachable!(),
+        }
+    }
+}
+
+fn template_model_to_attributes(
+    attr: &HashMap<String, models::AttributeTemplateType>,
+) -> json_schema::RecordType<RawName> {
+    json_schema::RecordType {
+        attributes: attr
+            .iter()
+            .map(|(key, value)| (key.to_smolstr(), json_schema::TypeOfAttribute::from(value)))
+            .collect(),
+        additional_attributes: false,
+    }
+}
+
+fn template_attributes_to_model(
+    v: &json_schema::RecordType<RawName>,
+) -> HashMap<String, models::AttributeTemplateType> {
+    v.attributes
+        .iter()
+        .map(|(key, value)| (key.to_string(), models::AttributeTemplateType::from(value)))
+        .collect()
+}
+
+// PANIC SAFETY: experimental feature
+#[allow(clippy::fallible_impl_from)]
+impl From<&models::AttributeTemplateType> for json_schema::TypeOfAttribute<RawName> {
+    // PANIC SAFETY: experimental feature
+    #[allow(clippy::unwrap_used)]
+    fn from(v: &models::AttributeTemplateType) -> Self {
+        let ty = json_schema::Type::<RawName>::from(v.attr_type.as_ref().unwrap());
+        let annotations = est::Annotations::default();
+        let required = v.is_required;
+
+        Self {
+            ty,
+            annotations,
+            required,
+            #[cfg(feature = "extended-schema")]
+            loc: None,
+        }
+    }
+}
+
+impl From<&json_schema::TypeOfAttribute<RawName>> for models::AttributeTemplateType {
+    fn from(v: &json_schema::TypeOfAttribute<RawName>) -> Self {
+        Self {
+            attr_type: Some(models::TemplateType::from(&v.ty)),
+            is_required: v.required,
+        }
+    }
+}
+
 impl From<&models::Policy> for ast::LiteralPolicy {
     // PANIC SAFETY: experimental feature
     #[allow(clippy::expect_used)]
     fn from(v: &models::Policy) -> Self {
         let mut values: ast::SlotEnv = HashMap::new();
+        let mut generalized_values: ast::GeneralizedSlotEnv = HashMap::new();
+
         if v.principal_euid.is_some() {
             values.insert(
                 ast::SlotId::principal(),
@@ -46,6 +159,13 @@ impl From<&models::Policy> for ast::LiteralPolicy {
             );
         }
 
+        for (key, value) in &v.generalized_values {
+            generalized_values.insert(
+                key.parse().expect("invalid slot name"),
+                ast::RestrictedExpr::new(ast::Expr::from(value)).expect("invalid value"),
+            );
+        }
+
         let template_id = ast::PolicyID::from_string(v.template_id.clone());
 
         if v.is_template_link {
@@ -53,6 +173,7 @@ impl From<&models::Policy> for ast::LiteralPolicy {
                 template_id,
                 ast::PolicyID::from_string(v.link_id.as_ref().expect("link_id field should exist")),
                 values,
+                generalized_values,
             )
         } else {
             Self::static_policy(template_id)
@@ -70,6 +191,16 @@ impl TryFrom<&models::Policy> for ast::Policy {
 
 impl From<&ast::LiteralPolicy> for models::Policy {
     fn from(v: &ast::LiteralPolicy) -> Self {
+        let generalized_values = v
+            .generalized_values()
+            .iter()
+            .map(|(key, value)| {
+                let expr = ast::Expr::from(value.clone());
+                let models_expr = models::Expr::from(&expr);
+                (key.to_string(), models_expr)
+            })
+            .collect();
+
         Self {
             template_id: v.template_id().as_ref().to_string(),
             link_id: if v.is_static() {
@@ -84,12 +215,23 @@ impl From<&ast::LiteralPolicy> for models::Policy {
             resource_euid: v
                 .value(&ast::SlotId::resource())
                 .map(models::EntityUid::from),
+            generalized_values,
         }
     }
 }
 
 impl From<&ast::Policy> for models::Policy {
     fn from(v: &ast::Policy) -> Self {
+        let generalized_values = v
+            .generalized_env()
+            .iter()
+            .map(|(key, value)| {
+                let expr = ast::Expr::from(value.clone());
+                let models_expr = models::Expr::from(&expr);
+                (key.to_string(), models_expr)
+            })
+            .collect();
+
         Self {
             template_id: v.template().id().as_ref().to_string(),
             link_id: if v.is_static() {
@@ -106,6 +248,7 @@ impl From<&ast::Policy> for models::Policy {
                 .env()
                 .get(&ast::SlotId::resource())
                 .map(models::EntityUid::from),
+            generalized_values,
         }
     }
 }
@@ -120,6 +263,17 @@ impl From<&models::TemplateBody> for ast::TemplateBody {
     // PANIC SAFETY: experimental feature
     #[allow(clippy::expect_used, clippy::unwrap_used)]
     fn from(v: &models::TemplateBody) -> Self {
+        let slots_type_declaration: ast::SlotsTypeDeclaration = v
+            .slots_type_declaration
+            .iter()
+            .map(|(key, value)| {
+                (
+                    key.parse().unwrap(),
+                    json_schema::Type::<RawName>::from(value),
+                )
+            })
+            .collect();
+
         ast::TemplateBody::new(
             ast::PolicyID::from_string(v.id.clone()),
             None,
@@ -135,6 +289,7 @@ impl From<&models::TemplateBody> for ast::TemplateBody {
                     )
                 })
                 .collect(),
+            slots_type_declaration,
             ast::Effect::from(&models::Effect::try_from(v.effect).expect("decode should succeed")),
             ast::PrincipalConstraint::from(
                 v.principal_constraint
@@ -167,6 +322,11 @@ impl From<&ast::TemplateBody> for models::TemplateBody {
             .map(|(key, value)| (key.as_ref().into(), value.as_ref().into()))
             .collect();
 
+        let slots_type_declaration: HashMap<String, models::TemplateType> = v
+            .slots_type_declaration()
+            .map(|(k, v)| (k.to_string(), models::TemplateType::from(v)))
+            .collect();
+
         Self {
             id: v.id().as_ref().to_string(),
             annotations,
@@ -179,6 +339,7 @@ impl From<&ast::TemplateBody> for models::TemplateBody {
                 v.resource_constraint(),
             )),
             non_scope_constraints: Some(models::Expr::from(v.non_scope_constraints())),
+            slots_type_declaration,
         }
     }
 }
@@ -500,6 +661,7 @@ mod test {
                 .then_with(|| self.template_id.cmp(&other.template_id))
         }
     }
+    impl Eq for models::Policy {}
     impl Eq for models::TemplateBody {}
     impl PartialOrd for models::TemplateBody {
         fn partial_cmp(&self, other: &Self) -> Option<std::cmp::Ordering> {
@@ -642,6 +804,7 @@ mod test {
                     annotation2,
                 ),
             ]),
+            ast::SlotsTypeDeclaration::default(),
             ast::Effect::Permit,
             pc.clone(),
             ac1.clone(),
@@ -660,6 +823,7 @@ mod test {
                 ast::SlotId::principal(),
                 ast::EntityUID::with_eid_and_type("A", "eid").unwrap(),
             )]),
+            HashMap::new(),
         );
         assert_eq!(
             policy,
@@ -670,6 +834,7 @@ mod test {
             ast::PolicyID::from_string("\0\n \' \"+-$^!"),
             None,
             ast::Annotations::from_iter([]),
+            ast::SlotsTypeDeclaration::default(),
             ast::Effect::Permit,
             pc,
             ac1,
@@ -688,6 +853,7 @@ mod test {
                 ast::SlotId::principal(),
                 ast::EntityUID::with_eid_and_type("A", "eid").unwrap(),
             )]),
+            HashMap::new(),
         );
         assert_eq!(
             policy,
@@ -707,6 +873,7 @@ mod test {
                     loc: None,
                 },
             )]),
+            ast::SlotsTypeDeclaration::default(),
             ast::Effect::Permit,
             ast::PrincipalConstraint::is_eq_slot(),
             ast::ActionConstraint::Eq(
@@ -748,6 +915,8 @@ mod test {
                 ast::SlotId::principal(),
                 ast::EntityUID::with_eid_and_type("A", "friend").unwrap(),
             )]),
+            HashMap::new(),
+            None,
         )
         .unwrap();
         let mut mps = models::PolicySet::from(&ps);
@@ -777,6 +946,7 @@ mod test {
                     loc: None,
                 },
             )]),
+            ast::SlotsTypeDeclaration::default(),
             ast::Effect::Permit,
             ast::PrincipalConstraint::is_eq_slot(),
             ast::ActionConstraint::Eq(
@@ -818,6 +988,8 @@ mod test {
                 ast::SlotId::principal(),
                 ast::EntityUID::with_eid_and_type("A", "friend").unwrap(),
             )]),
+            HashMap::new(),
+            None,
         )
         .unwrap();
         let mut mps = models::PolicySet::from(&ps);
@@ -834,4 +1006,150 @@ mod test {
         assert_eq!(mps.templates, mps_roundtrip.templates);
         assert_eq!(mps.links, mps_roundtrip.links);
     }
+
+    mod generalized_template {
+        use super::*;
+        use cedar_policy_core::est::Annotations;
+        use std::collections::BTreeMap;
+
+        #[test]
+        fn template_types_roundtrip() {
+            let bool_ty = json_schema::Type::Type {
+                ty: json_schema::TypeVariant::EntityOrCommon {
+                    type_name: RawName::new("Bool".parse().unwrap(), None),
+                },
+                loc: None,
+            };
+
+            assert_eq!(
+                bool_ty,
+                json_schema::Type::<RawName>::from(&models::TemplateType::from(&bool_ty))
+            );
+
+            let long_ty = json_schema::Type::Type {
+                ty: json_schema::TypeVariant::EntityOrCommon {
+                    type_name: RawName::new("Long".parse().unwrap(), None),
+                },
+                loc: None,
+            };
+
+            assert_eq!(
+                long_ty,
+                json_schema::Type::<RawName>::from(&models::TemplateType::from(&long_ty))
+            );
+
+            let set_ty = json_schema::Type::Type {
+                ty: json_schema::TypeVariant::Set {
+                    element: Box::new(bool_ty.clone()),
+                },
+                loc: None,
+            };
+
+            assert_eq!(
+                set_ty,
+                json_schema::Type::<RawName>::from(&models::TemplateType::from(&set_ty))
+            );
+
+            let record_ty = json_schema::Type::Type {
+                ty: json_schema::TypeVariant::Record(json_schema::RecordType {
+                    attributes: BTreeMap::from_iter([(
+                        "date".parse().unwrap(),
+                        json_schema::TypeOfAttribute {
+                            ty: long_ty,
+                            required: false,
+                            annotations: Annotations::default(),
+                            loc: None,
+                        },
+                    )]),
+                    additional_attributes: false,
+                }),
+                loc: None,
+            };
+
+            assert_eq!(
+                record_ty,
+                json_schema::Type::<RawName>::from(&models::TemplateType::from(&record_ty))
+            );
+        }
+
+        #[test]
+        fn template_body_roundtrip() {
+            let bool_ty = json_schema::Type::Type {
+                ty: json_schema::TypeVariant::EntityOrCommon {
+                    type_name: RawName::new("Bool".parse().unwrap(), None),
+                },
+                loc: None,
+            };
+
+            let set_ty = json_schema::Type::Type {
+                ty: json_schema::TypeVariant::Set {
+                    element: Box::new(bool_ty.clone()),
+                },
+                loc: None,
+            };
+
+            let entity_ty = json_schema::Type::Type {
+                ty: json_schema::TypeVariant::EntityOrCommon {
+                    type_name: RawName::new("User".parse().unwrap(), None),
+                },
+                loc: None,
+            };
+
+            let slot0 = ast::SlotId::generalized_slot("slot0".parse().unwrap());
+            let slot1 = ast::SlotId::generalized_slot("slot1".parse().unwrap());
+
+            let tb = ast::TemplateBody::new(
+                ast::PolicyID::from_string("template"),
+                None,
+                ast::Annotations::from_iter(vec![(
+                    ast::AnyId::from_normalized_str("read").unwrap(),
+                    ast::Annotation {
+                        val: "".into(),
+                        loc: None,
+                    },
+                )]),
+                ast::SlotsTypeDeclaration::from_iter([
+                    (slot0.clone(), bool_ty),
+                    (slot1.clone(), set_ty),
+                    (ast::SlotId::principal(), entity_ty),
+                ]),
+                ast::Effect::Permit,
+                ast::PrincipalConstraint::is_eq_slot(),
+                ast::ActionConstraint::Eq(
+                    ast::EntityUID::with_eid_and_type("Action", "read")
+                        .unwrap()
+                        .into(),
+                ),
+                ast::ResourceConstraint::is_entity_type(
+                    ast::EntityType::from(ast::Name::from_normalized_str("photo").unwrap()).into(),
+                ),
+                ast::Expr::contains(ast::Expr::slot(slot1), ast::Expr::slot(slot0)),
+            );
+
+            assert_eq!(
+                tb,
+                ast::TemplateBody::from(&models::TemplateBody::from(&tb))
+            );
+        }
+
+        #[test]
+        fn linked_literal_policy_roundtrip() {
+            let policy = ast::LiteralPolicy::template_linked_policy(
+                ast::PolicyID::from_string("policy0"),
+                ast::PolicyID::from_string("link"),
+                HashMap::new(),
+                HashMap::from_iter([(
+                    ast::SlotId::generalized_slot("folder".parse().unwrap()),
+                    ast::RestrictedExpr::val(
+                        ast::EntityUID::with_eid_and_type("Folder", "A").unwrap(),
+                    ),
+                )]),
+            );
+
+            assert_eq!(
+                policy,
+                ast::LiteralPolicy::from(&models::Policy::from(&policy))
+            );
+        }
+    }
 }
diff --git a/cedar-policy/src/proto/validator.rs b/cedar-policy/src/proto/validator.rs
index 6a11693856..c3a8ae73d6 100644
--- a/cedar-policy/src/proto/validator.rs
+++ b/cedar-policy/src/proto/validator.rs
@@ -17,7 +17,7 @@
 #![allow(clippy::use_self)]
 
 use super::models;
-use cedar_policy_core::validator::types;
+use cedar_policy_core::validator::{types, ValidatorType};
 use cedar_policy_core::{ast, parser::IntoMaybeLoc};
 use nonempty::NonEmpty;
 use smol_str::SmolStr;
@@ -28,6 +28,13 @@ impl From<&cedar_policy_core::validator::ValidatorSchema> for models::Schema {
         Self {
             entity_decls: v.entity_types().map(models::EntityDecl::from).collect(),
             action_decls: v.action_ids().map(models::ActionDecl::from).collect(),
+            common_decls: v
+                .common_types()
+                .map(|(k, v)| models::CommonDecl {
+                    name: Some(models::Name::from(k)),
+                    validator_type: Some(models::Type::from(&v.ty)),
+                })
+                .collect(),
         }
     }
 }
@@ -43,6 +50,19 @@ impl From<&models::Schema> for cedar_policy_core::validator::ValidatorSchema {
             v.action_decls
                 .iter()
                 .map(cedar_policy_core::validator::ValidatorActionId::from),
+            v.common_decls.iter().map(|common_decl| {
+                (
+                    ast::InternalName::from(
+                        common_decl.name.as_ref().expect("name field should exist"),
+                    ),
+                    ValidatorType::new(types::Type::from(
+                        common_decl
+                            .validator_type
+                            .as_ref()
+                            .expect("type field should exist"),
+                    )),
+                )
+            }),
         )
     }
 }
diff --git a/cedar-policy/src/test/test.rs b/cedar-policy/src/test/test.rs
index 7f88c55f20..c79a07307b 100644
--- a/cedar-policy/src/test/test.rs
+++ b/cedar-policy/src/test/test.rs
@@ -5422,7 +5422,7 @@ mod issue_606 {
                 &miette::Report::new(e),
                 &ExpectedErrorMessageBuilder::error("error deserializing a policy/template from JSON")
                     .source("found template slot ?principal in a `when` clause")
-                    .help("slots are currently unsupported in `when` clauses")
+                    .help("?principal needs to appear in the scope to appear in the condition of the template")
                     .build(),
             );
         });
@@ -8276,3 +8276,78 @@ mod raw_parsing {
             .expect("Failed to parse");
     }
 }
+
+#[cfg(feature = "generalized-templates")]
+mod generalized_template {
+    use crate::{PolicyId, PolicySet, RestrictedExpression, SlotId, Template};
+    use std::collections::HashMap;
+
+    #[test]
+    fn generalized_link_without_schema() {
+        let mut pset = PolicySet::new();
+        let template: Template =
+            r"template(?is_true: __cedar::Bool) => permit(principal,action,resource) when { ?is_true };"
+                .parse()
+                .unwrap();
+        pset.add_template(template.new_id(PolicyId::new("template")))
+            .unwrap();
+
+        let result = pset.generalized_link(
+            PolicyId::new("template"),
+            PolicyId::new("Link1"),
+            HashMap::from_iter([(
+                SlotId::generalized_slot("is_true").unwrap(),
+                RestrictedExpression::new_bool(true),
+            )]),
+            None,
+        );
+
+        assert!(result.is_ok());
+
+        let mut pset = PolicySet::new();
+        let template: Template =
+            r"template(?is_true: __cedar::Bool) => permit(principal,action,resource) when { ?is_true && ?random };"
+                .parse()
+                .unwrap();
+        pset.add_template(template.new_id(PolicyId::new("template")))
+            .unwrap();
+
+        let result = pset.generalized_link(
+            PolicyId::new("template"),
+            PolicyId::new("Link1"),
+            HashMap::from_iter([
+                (
+                    SlotId::generalized_slot("is_true").unwrap(),
+                    RestrictedExpression::new_bool(true),
+                ),
+                (
+                    SlotId::generalized_slot("random").unwrap(),
+                    RestrictedExpression::new_bool(false),
+                ),
+            ]),
+            None,
+        );
+
+        assert!(result.is_ok());
+
+        let mut pset = PolicySet::new();
+        let template: Template =
+            r"template(?entity: Test) => permit(principal,action,resource) when { ?entity };"
+                .parse()
+                .unwrap();
+        pset.add_template(template.new_id(PolicyId::new("template")))
+            .unwrap();
+
+        let result = pset.generalized_link(
+            PolicyId::new("template"),
+            PolicyId::new("Link1"),
+            HashMap::from_iter([(
+                SlotId::generalized_slot("entity").unwrap(),
+                RestrictedExpression::new_entity_uid(r#"Test::"A""#.parse().unwrap()),
+            )]),
+            None,
+        );
+
+        assert!(result.is_ok());
+    }
+}