https://blog.catalyst9.ai/tags/webauthn/Recent content in Webauthn on Catalyst9 EngineeringHugoen-usThu, 11 Jun 2026 00:00:00 -0600https://blog.catalyst9.ai/posts/part-9-airport-recovery/Thu, 21 May 2026 00:00:00 -0600https://blog.catalyst9.ai/posts/part-9-airport-recovery/Lose the laptop at the gate, buy a new one, be back in your secrets in under two minutes. Here is what that actually looks like.https://blog.catalyst9.ai/posts/part-11-shipping-webauthn/Thu, 21 May 2026 00:00:00 -0600https://blog.catalyst9.ai/posts/part-11-shipping-webauthn/Phase 1 piece #4 and Phase 1b-C were both marked complete based on unit tests. Then I drove a real browser ceremony and five bugs cascaded out at once.https://blog.catalyst9.ai/posts/part-13-policy-stacking/Thu, 11 Jun 2026 00:00:00 -0600https://blog.catalyst9.ai/posts/part-13-policy-stacking/We built a real ABAC policy engine on top of the identity and step-up work. You can now express ’everything under LLM/* needs a human in the loop’ as a default, while stacking a more specific rule that says only principals with an openai_admin label can write or delete under LLMS/OPENAI. The client (kpm) consumes the policy signals so get forces step-up, env/run warns about high-value paths, and strict mode makes every decrypt a fresh policy-checked round-trip.