Archive - Phil Windley's Technometria

A Legal Identity Foundation Isn't Optional

Portable Proof Requires a Legal Identity Foundation

Mar 17 • Phil Windley

Fix Identity First

Or Why the SAVE Act Won't Work

Mar 16 • Phil Windley

Cross-Domain Delegation in a Society of Agents

Summary: Cross-domain delegation requires more than transferring a credential.

Mar 4 • Phil Windley

Delegation as Data: Applying Cedar Policies to OpenClaw Subagents

In earlier posts, I discussed demos I’ve built showing how Cedar can enforce authorization decisions for an OpenClaw agent.

Mar 2 • Phil Windley

February 2026

Childproofing the Control Plane: Using Cedar to Build Frontal Lobes for Agentic Systems

Summary: Connecting an agent like OpenClaw to Home Assistant can make home automation more adaptive and intelligent, but it also introduces real risks…

Feb 25 • Phil Windley

Beyond Denial: Using Policy Constraints to Guide OpenClaw Planning

Summary: OpenClaw agents plan, adapt, and act over time, so authorization that functions merely as a reactive gate isn’t the best architecture.

Feb 18 • Phil Windley

A Policy-Aware Agent Loop with Cedar and OpenClaw

Summary: This article demonstrates how to move authorization inside the agent loop by inserting a Cedar-backed policy decision point into OpenClaw, so…

Feb 11 • Phil Windley

SEDI and Client-Side Identity

Summary Client-side certificates were technically sound in the 1990s, but they failed because individuals weren’t willing to pay for identity proofing.

Feb 4 • Phil Windley

Why Authorization Is the Hard Problem in Agentic AI

Feb 2 • Phil Windley

January 2026

From Architecture to Accountability: How AI Helps Policy Become Practice

Architecture alone does not make authorization trustworthy.

Jan 22 • Phil Windley

Authorization Before Retrieval: Making RAG Safe by Construction

Summary: Retrieval-augmented generation makes language models far more useful by grounding them in real data, But it also raises a hard question: who is…

Jan 7 • Phil Windley

December 2025

What AI Can Tell You About Your Authorization Policies

AI shouldn’t decide who can access what, but it can help you understand what the system already allows.

Dec 29, 2025 • Phil Windley

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts