Archive - Phil Windley's Technometria

Beyond Denial: Using Policy Constraints to Guide OpenClaw Planning

Summary: OpenClaw agents plan, adapt, and act over time, so authorization that functions merely as a reactive gate isn’t the best architecture.

Feb 18 • Phil Windley

A Policy-Aware Agent Loop with Cedar and OpenClaw

Summary: This article demonstrates how to move authorization inside the agent loop by inserting a Cedar-backed policy decision point into OpenClaw, so…

Feb 11 • Phil Windley

SEDI and Client-Side Identity

Summary Client-side certificates were technically sound in the 1990s, but they failed because individuals weren’t willing to pay for identity proofing.

Feb 4 • Phil Windley

Why Authorization Is the Hard Problem in Agentic AI

Feb 2 • Phil Windley

January 2026

From Architecture to Accountability: How AI Helps Policy Become Practice

Architecture alone does not make authorization trustworthy.

Jan 22 • Phil Windley

Authorization Before Retrieval: Making RAG Safe by Construction

Summary: Retrieval-augmented generation makes language models far more useful by grounding them in real data, But it also raises a hard question: who is…

Jan 7 • Phil Windley

December 2025

What AI Can Tell You About Your Authorization Policies

AI shouldn’t decide who can access what, but it can help you understand what the system already allows.

Dec 29, 2025 • Phil Windley

Policy Authoring and Analysis with AI

In my last post, I argued that policy does not belong in an LLM prompt. Authorization is about authority and scope, not about persuading a language…

Dec 22, 2025 • Phil Windley

AI Is Not Your Policy Engine (And That's a Good Thing)

When building a system that uses an large language models (LLMs) to work with sensitive data, you might be tempted to treat the LLM as a decision-maker.

Dec 18, 2025 • Phil Windley

November 2025

The First Agentic Internet Workshop

Summary: The first Agentic Internet Workshop (AIW1) took place on October 24, 2025, the day after IIW 41, bringing together a global group to explore…

Nov 6, 2025 • Phil Windley

Internet Identity Workshop XLI Report

Summary: IIW XLI brought 287 people together at the Computer History Museum in Mountain View for three days of dynamic sessions on identity, personal…

Nov 5, 2025 • Phil Windley

October 2025

Visa Isn't Centralized and Neither Is First Person Identity

Visa isn’t centralized.

Oct 1, 2025 • Phil Windley

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts