The Model Context Protocol (MCP) is moving fast from experimental to enterprise-ready. I am working with a number of customers / prospects / community members who want to go beyond locally deployed stdio transport MCP servers to multi-tenant remote HTTP “MCP services”.| ceposta Technology Blog
In the previous blog, we dug into dynamically registering OAuth clients leveraging SPIFFE and SPIRE. We used SPIRE to issue software statements in the SPIFFE JWT SVID that Keycloak can trust as part of Dynamic Client Registration (RFC 7591). Once we have an OAuth client, we will want to continue to use SPIFFE to authenticate to our Authorization Server. This eliminates the need for a long-lived “client secret” which is common for Confidential OAuth. This means we can use the Agent or MCP ...| ceposta Technology Blog
The MCP Authorization spec recommends using OAuth Dynamic Client Registration (DCR) for registering MCP clients with MCP servers. More specifically, it suggests using anonymous DCR: meaning any client should be able to discover how to register itself and dynamically obtain an OAuth client without any prior credentials. In a recent blog post, I explored why this model can be problematic in enterprise environments where anonymous registration is often restricted or outright disabled. In this bl...| ceposta Technology Blog
In this blog post, we’ll walk through an OAuth 2.0 token exchange and delegation to an A2A Agent. We will focus on configuring the A2A Agent Card, implementing the agent in Python, and validating the OAuth credentials. At the end of this walk through, we’ll have an A2A enabled agent that has a user’s delegated/downscoped intended for specific skills of the agent. This token can be further exchanged to operate as the user including calling out to MCP tools. Source code for this demo is o...| ceposta Technology Blog
We know building MCP servers are where everyone’s mind is when it comes to AI agents. That is, if you’re going to build useful AI agents, they will need access to enterprise data, tools, and context. Enterprise companies are scrambling to figure out what this means. Does this mean they build MCP servers instead of APIs? Which vendors’ MCP servers do they use? How do they secure these flows? How do they govern any of this?| ceposta Technology Blog
Continuing on with my series about microservices implementations (see “Why Microservices Should Be Event Driven”, “Three things to make your microservices more resilient”, “Carving the Java EE Monolith: Prefer Verticals, not Layers” for background) we’re going to explore probably the hardest problem when creating and developing microservices. Your data. Using Spring Boot/Dropwizard/Docker doesn’t mean you’re doing microservices. Taking a hard look at your domain and your dat...| ceposta Technology Blog
This is a bonus post following on from my Understanding MCP Authorization three part series covering building (and understanding) an MCP HTTP based server and implementing the MCP Authorization spec (2025-06-18). In the previous series, we built the server side of the spec, leaving the client side up to the reader since obtaining OAuth clients is usually fairly opinionated in enterprise environments.| ceposta Technology Blog
The Agent-to-Agent (A2A) protocol is emerging as the de-facto standard for how autonomous AI agents talk to each other. While most of the interest around A2A has been around stateful messaging, one of its most powerful ideas remains largely unexplored: discovery, naming, and resolution. While the A2A specification provides the critical first steps toward discovery with Agent Cards, the infrastructure for truly dynamic, scalable agent ecosystems requires additional components that the spec int...| ceposta Technology Blog
This is the final post in a three-part series on MCP Authorization following the June 2025 revisions. In the first two posts, we built an MCP server with the HTTP transport and implemented the right OAuth token handling and verification. Up until now, we used a local identity provider (IdP) and in this post, we’ll make the right updates to use a production IdP. For this post, we’ll use the Keycloak project, but the same can be done with any other OAuth capable IdP.| ceposta Technology Blog
In this post (part two of three), we’ll dig into the June 2025 MCP Authorization specification more closely. See Part One for setting up the MCP Server using HTTP Transport.| ceposta Technology Blog
Creating MCP Servers to connect functionality to LLM applications / AI agents is fairly straight forward. Most of the examples you see, however, are the simple stdio-transport MCP servers. If you wish to build MCP shared services that are exposed to applications in the enterprise, they MUST be secured. The MCP community has been iterating on a specification for Authorization, and in its recent release (ie, June 18, 2025) we have an updated Authorization spec that fixes a lot of the challenges...| ceposta Technology Blog
I’ve been writing a lot recently about Agent identity, how crucial it is in Agentic systems for not only security but monitoring, auditing and causality/attribution as well. But we cannot talk about Agent identity without also talking about user identity and delegation. For the user side, we can probably continue to leveage OAuth 2.x (and future enhancements), but what about for Agent identity? The OAuth and OIDC communities are looking to advance the spec and have some very interesting pro...| ceposta Technology Blog
At first glance, AI agents seem very similar to microservices when it comes to security and identity. You need to secure the channel and authorize who is calling whom. Communication happens over the network through some HTTP transport. When a user is involved, you can potentially leverage the user’s identity. The same is true for AI agents, but with one big caveat: we can no longer be as sloppy as we’ve been with microservices when deploying AI agents.| ceposta Technology Blog
I’ve been digging into Agent Identity, authentication/authorization patterns, and how it fits in with existing technology patterns (OAuth 2.0, OIDC, SPIFFE, etc) and where it may need new solutions. Someone made a point around identity and delegation to me recently that shines a bit of reality on this area:| ceposta Technology Blog
In earlier posts exploring AI agent and agent identity, Do We Even Need Agent Identity? and Agent Identity: Impersonation or Delegation?, I dug into the identity tradeoffs surrounding AI agents in the enterprise. The TL;DR: AI agents acting as first-class, autonomous participants in secure systems can’t just borrow human identities. They need their own.| ceposta Technology Blog
In a recent blog post, I discussed whether AI agents need their own identity. I ended with “yes, they do”, but how do we end up doing that? In this blog, we’ll look at a very important concept when it comes to agent identity: impersonation or delegation. Should your marketing agent simply “become” the end user when calling the GDPR compliance agent? Or should it clearly identify itself as acting on the user’s behalf?| ceposta Technology Blog