Making OAuth Scale Securely for MCPs - Aaron Parecki - ASW #360
Security Weekly
2025-12-09 18:00:00
收藏
The MCP standard gave rise to dreams of interconnected agents and nightmares of what those interconnected agents would do with unfettered access to APIs, data, and local systems. Aaron Parecki explains how OAuth's new Client ID Metadata Documents spec provides more security for MCPs and the reasons why the behavior and design of MCPs required a new spec like this.
Segment resources:
- https://aaronparecki.com/2025/11/25/1/mcp-authorization-spec-update
- https://www.ietf.org/archive/id/draft-ietf-oauth-client-id-metadata-document-00.html
- https://oauth.net/cross-app-access/
- https://oauth.net/2/oauth-best-practice/
Show Notes: https://securityweekly.com/asw-360
目录
最新
- The Future Of Proactive Security Before Building an AI Enabled Enterprise - Erik Nost - BSW #430
- Are you dead?, AI Hellscape, Copilot, Blue Delta, Quishing, Confer, Aaran Leyland... - SWN #546
- Secure By Design Is Better Than Secure By Myth - Bob Lord - ASW #365
- The State of Cybersecurity Hiring, 2026 content plans, and the weekly news - ESW #441
- Nudification, Spying, Ni8mare, Cisco, Chat-GPT, Chrome, SaaS, CES, Josh Marpet & More - SWN #545
- No FlipperZeros Allowed - PSW #908
- CISO Lessons from a Children's Novel as Cybersecurity Outgrows IT and Building Talent - Tom Arnold - BSW #429
- Pornhub Redux, Enki, Grok, BSODs, NORDVPN, Kimwolf, Privacy , Aaran Leyland, and More - SWN #544