Many frameworks for defining authorization policies fail to make a clear distinction between policy and state. We believe this distinction to be a fundamental requirement for the construction of scalable, distributed authoriza-tion services. In this paper, we introduce a formal framework for the definition of authorization policies, which we use to construct the policy authoring lan-guage APOL. This framework makes the required distinction between policy and state, and APOL permits the specification of complex policy orchestration pat-terns even in the presence of policy gaps and conflicts. A novel aspect of the lan-guage is the use of a switch operator for policy orchestration, which can encode the commonly used rule-and policy-combining algorithms of existing authoriza-tion languages. We define denotational and operational semantics for APOL and then extend our framework with statically typed methods for policy orchestra-tion, develop tools for policy analysis, and show how that analysis can improve the precision of static typing rules.