In the previous blog, we dug into dynamically registering OAuth clients leveraging SPIFFE and SPIRE. We used SPIRE to issue software statements in the SPIFFE JWT SVID that Keycloak can trust as part of Dynamic Client Registration (RFC 7591). Once we have an OAuth client, we will want to continue to use SPIFFE to authenticate to our Authorization Server. This eliminates the need for a long-lived “client secret” which is common for Confidential OAuth. This means we can use the Agent or MCP ...| ceposta Technology Blog
The MCP Authorization spec recommends using OAuth Dynamic Client Registration (DCR) for registering MCP clients with MCP servers. More specifically, it suggests using anonymous DCR: meaning any client should be able to discover how to register itself and dynamically obtain an OAuth client without any prior credentials. In a recent blog post, I explored why this model can be problematic in enterprise environments where anonymous registration is often restricted or outright disabled. In this bl...| ceposta Technology Blog
In this blog post, we’ll walk through an OAuth 2.0 token exchange and delegation to an A2A Agent. We will focus on configuring the A2A Agent Card, implementing the agent in Python, and validating the OAuth credentials. At the end of this walk through, we’ll have an A2A enabled agent that has a user’s delegated/downscoped intended for specific skills of the agent. This token can be further exchanged to operate as the user including calling out to MCP tools. Source code for this demo is o...| ceposta Technology Blog
We know building MCP servers are where everyone’s mind is when it comes to AI agents. That is, if you’re going to build useful AI agents, they will need access to enterprise data, tools, and context. Enterprise companies are scrambling to figure out what this means. Does this mean they build MCP servers instead of APIs? Which vendors’ MCP servers do they use? How do they secure these flows? How do they govern any of this?| ceposta Technology Blog
Seems like every 5 to 10 years our industry, especially in the Enterprise Integration, or enterprise application space, we get introduced to some new methodology or architectural style that's the best since sliced bread and will make you 10x more productive and make your enterprise more agile, flexible, able to respond to change, and whatever else that CIOs are willing to spend gobs of money on. We've seen Enterprise Application Integration, Web Services, SOA, Component based architectures, E...| ceposta Technology Blog
Quick interlude to my last blog. As part of my last blog on low-risk monolith to microservice architecture, I made this statement about microservices and not doing them:| ceposta Technology Blog
You’re probably saying “Wait. You already wrote a blog telling me the hardest part of microservices was my data. So what is the hardest part? That? or Calling your services?”| ceposta Technology Blog
Continuing on with my series about microservices implementations (see “Why Microservices Should Be Event Driven”, “Three things to make your microservices more resilient”, “Carving the Java EE Monolith: Prefer Verticals, not Layers” for background) we’re going to explore probably the hardest problem when creating and developing microservices. Your data. Using Spring Boot/Dropwizard/Docker doesn’t mean you’re doing microservices. Taking a hard look at your domain and your dat...| ceposta Technology Blog
This is a bonus post following on from my Understanding MCP Authorization three part series covering building (and understanding) an MCP HTTP based server and implementing the MCP Authorization spec (2025-06-18). In the previous series, we built the server side of the spec, leaving the client side up to the reader since obtaining OAuth clients is usually fairly opinionated in enterprise environments.| ceposta Technology Blog
The Agent-to-Agent (A2A) protocol is emerging as the de-facto standard for how autonomous AI agents talk to each other. While most of the interest around A2A has been around stateful messaging, one of its most powerful ideas remains largely unexplored: discovery, naming, and resolution. While the A2A specification provides the critical first steps toward discovery with Agent Cards, the infrastructure for truly dynamic, scalable agent ecosystems requires additional components that the spec int...| ceposta Technology Blog
This is the final post in a three-part series on MCP Authorization following the June 2025 revisions. In the first two posts, we built an MCP server with the HTTP transport and implemented the right OAuth token handling and verification. Up until now, we used a local identity provider (IdP) and in this post, we’ll make the right updates to use a production IdP. For this post, we’ll use the Keycloak project, but the same can be done with any other OAuth capable IdP.| ceposta Technology Blog
In this post (part two of three), we’ll dig into the June 2025 MCP Authorization specification more closely. See Part One for setting up the MCP Server using HTTP Transport.| ceposta Technology Blog
Creating MCP Servers to connect functionality to LLM applications / AI agents is fairly straight forward. Most of the examples you see, however, are the simple stdio-transport MCP servers. If you wish to build MCP shared services that are exposed to applications in the enterprise, they MUST be secured. The MCP community has been iterating on a specification for Authorization, and in its recent release (ie, June 18, 2025) we have an updated Authorization spec that fixes a lot of the challenges...| ceposta Technology Blog
I’ve been writing a lot recently about Agent identity, how crucial it is in Agentic systems for not only security but monitoring, auditing and causality/attribution as well. But we cannot talk about Agent identity without also talking about user identity and delegation. For the user side, we can probably continue to leveage OAuth 2.x (and future enhancements), but what about for Agent identity? The OAuth and OIDC communities are looking to advance the spec and have some very interesting pro...| ceposta Technology Blog
At first glance, AI agents seem very similar to microservices when it comes to security and identity. You need to secure the channel and authorize who is calling whom. Communication happens over the network through some HTTP transport. When a user is involved, you can potentially leverage the user’s identity. The same is true for AI agents, but with one big caveat: we can no longer be as sloppy as we’ve been with microservices when deploying AI agents.| ceposta Technology Blog
I’ve been digging into Agent Identity, authentication/authorization patterns, and how it fits in with existing technology patterns (OAuth 2.0, OIDC, SPIFFE, etc) and where it may need new solutions. Someone made a point around identity and delegation to me recently that shines a bit of reality on this area:| ceposta Technology Blog
In earlier posts exploring AI agent and agent identity, Do We Even Need Agent Identity? and Agent Identity: Impersonation or Delegation?, I dug into the identity tradeoffs surrounding AI agents in the enterprise. The TL;DR: AI agents acting as first-class, autonomous participants in secure systems can’t just borrow human identities. They need their own.| ceposta Technology Blog
In a recent blog post, I discussed whether AI agents need their own identity. I ended with “yes, they do”, but how do we end up doing that? In this blog, we’ll look at a very important concept when it comes to agent identity: impersonation or delegation. Should your marketing agent simply “become” the end user when calling the GDPR compliance agent? Or should it clearly identify itself as acting on the user’s behalf?| ceposta Technology Blog
As API adoption matured in enterprise organizations, a natural pattern emerged and we are seeing something similar in AI agent architectures: using layers to contain complexity. Dealing with team boundaries, business flows, communication patterns, etc can get complex very fast. Starting with basic building blocks and then layering in concepts around reusability, encapsulation and separation of responsibilities help to reduce cognitive overload.| ceposta Technology Blog
In our recent engineering face-to-face, one of our engineers raised what seemed like a simple question: “Why can’t we just pass the user’s OIDC token through to the agent? Why complicate things with separate agent identities if we don’t need to?”| ceposta Technology Blog
It’s a little after 5p, and I’m about to wrap up for the day. As I’m starting to shut things down, I get a message from my boss:| ceposta Technology Blog
As organizations start to deploy AI agents in earnest, we are discovering just how easy it is to attack these kind of systems. I went into quite some detail about how “natural language” introduces new attack vectors in one of my recent blogs. These vulnerabilities aren’t merely theoretical. We’ve seen how a malicious Model Context Protocol (MCP) server could trick AI agents into leaking sensitive data like WhatsApp chat histories and SSH keys without user awareness. An Agent Mesh lays...| ceposta Technology Blog
The Model Context Protocol (MCP) and Agent 2 Agent (A2A) specification are similar RPC style protocols that specify interaction between Agents and Tools (MCP) and Agents and other Agents (A2A). They both focus on client/server remote function invocations but do not specify protocol-specific security. MCP started to dip its toes into specifying an Authorization framework, but that has been a bumpy ride so far.| ceposta Technology Blog
I was recently chatting with Matt McLarty and Mike Amundsen on their podcast about a recent blog I wrote about describing APIs in terms of capabilities. One thing that came up was the idea of describing APIs with semantic meaning directly in the OpenAPI spec. I think I made a comment that “ideally, you’d go from your OpenAPI spec to generating an MCP server to expose your capabilities to an Agent or AI model”. This aligns (I think) with a particularly thoughtful observation from Kevin S...| ceposta Technology Blog
Enterprise application architecture is once again on the verge of transformation. We’ve moved from mainframes to client-server, and recently from monoliths to microservices. Each evolution has been driven by the need to enable faster, safer, and more independent changes to an organizations applications and architecture to support competitive innovation.| ceposta Technology Blog
Anthropic introduced the Model Context Protocol (MCP) to standardize the way an LLM communicates with the “outside world” to extend its capabilities through tool/function support. The idea is if we could simplify that integration, then we could focus on powerful tools not on custom integration code. MCP is thriving, new MCP servers are popping up hourly, and even Anthropic’s rival, OpenAI, is adopting MCP.| ceposta Technology Blog
Organizations need to think about what data gets sent to any AI services. They also need to consider the LLM may respond with some unexpected or risky results. This is where guardrails come in. There are a number of opensource projects for building guardrails directly into your application. There are also a number of vendor-specific content moderation services. What about building your own? From working with enterprises, I can say they have a lot of opinions over how content creation should b...| ceposta Technology Blog
NVIDIA NIM is a great way to run AI inference workloads in containers. I deploy primarily to Kubernetes, so I wanted to dig into deploying NIM using the Kubernetes NIM Operator and use GPUs in Google Cloud. I actually started by going to ChatGPT and asked it to give me a step by step guide for doing this on GKE. The results it gave seemed impressive, until I started following the steps. ChatGPT is good at a lot of things, but in this case it gave me complete and utter nonsense. So I thought I...| ceposta Technology Blog
The Model Context Protocol has created quite the buzz in the AI ecosystem at the moment, but as enterprise organizations look to adopt it, they are confronted with a hard truth: it lacks important security functionality. Up until now, as people experiment with Agentic AI and tool support, they’ve mostly adopted the MCP stdio transport, which means you end up with a 1:1 deployment of MCP server and MCP client. What organizations need is a way to deploy MCP servers remotely and leverage autho...| ceposta Technology Blog
The way LLMs run in Kubernetes is quite a bit different than running web apps or APIs. Recently I was digging into the benefits of the Inference Extensions for the Kubernetes Gateway API and I needed to generate some load for the backend LLMs I deployed (Llama, Qwen, etc). I ended up building an LLM load generation tool because I thought my use case needed some specific controls over how the test was run. In the end, I think about 90% of what I built was fairly generic for an LLM load test to...| ceposta Technology Blog
Recently, I’ve been building AI agents to help automate some parts of my workflow such as deep, meaningful technical research to contribute to technical material that I build. I am using the AutoGen framework from Microsoft and I realized if you’re new to agentic systems/workflows (like I was), it might be useful to share some of my learnings. This is not intended to be a “comprehensive overview” of AutoGen, please see the offical docs (or the source code!) for that. What I wanted to ...| ceposta Technology Blog
Things change quickly in the land of technology. AI is the “hot” thing. I feel for the platform engineers out there struggling with technologies like Docker, Kubernetes, Prometheus, Istio, ArgoCD, Zipkin, Backstage.io, and many many others. Those things are already confusing, complex, and require deep attention. These folks don’t have time or attention to dig into AI and what’s going on in that space. But little by little AI will land in their world. Platform engineers will need to un...| ceposta Technology Blog
You probably wouldn’t be surprised if I told you modern networking based on open source projects like Istio, SPIFFE, Cilium and others (See my paper about the CAKES stack) are typically consumed by what we now call “platform engineering” teams. You’ve probably heard the term platform engineering or seen some nice write-ups on it (like the one from my industry colleague Daniel Bryant).| ceposta Technology Blog
Platform engineering has emerged recently in part because organizations recognize the value in improving developer experience and the need to improve app developer delivery speed. And in typical organizational fashion, spinning up a new team to own this effort is their answer. We’ve seen folks talk about how platform engineering is primarily motivated by the complexity of software architectures (think, Microservices, and the underlying infrastructure to support that e.g., Kubernetes, contai...| ceposta Technology Blog
It’s been a while since I’ve blogged, and just like other posts in the past, this one is meant as a way to dig into something and for me to catalog my own thoughts for later. While digging into some issues for some of our Istio customers as well as for a chapter in my upcoming book, Istio in Action, I found myself knee-deep in the Istio telemetry v2 functionality. Let’s see how it works.| Software Blog
Istio is a powerful service mesh built on Envoy Proxy that solves the problem of connecting services deployed in cloud infrastructure (like Kubernetes) and do so in a secure, resilient, and observable way. Istio’s control plane can be used to specify declarative policies like those around circuit breaking, traffic routing, authentication/authorization, et. al.| Software Blog
I’ve been pretty invested in helping organizations with their cloud-native journeys for the last five years. Modernizing and improving a team (and eventually an organization’s) velocity to deliver software-based technology is heavily influenced by its people, process and eventual technology decisions. A microservices approach may be appropriate when the culmination of an application’s architecture has become a bottleneck (as a result of the various people/process/tech factors) for makin...| ceposta Technology Blog
Recently I wrote a piece for DZone and their Migrating to Microservices Report on the challenges of adopting service mesh in an enterprise organization. One of the first things we tackle in that piece is “whether or not you should go down the path of adopting a service mesh” Here’s what I said:| Software Blog
Service mesh is an important set of capabilities that solve some difficult service-to-service communication challenges when operating a services-style architecture. Just as Kubernetes and containers helped to provide a nice set of abstractions to deploying and running workloads on a fleet of computers, so too is service mesh emerging to abstract the network in a way that gives operators and developers control over request routing, observability, and policy enforcement. This provides a lot of ...| Software Blog
This is part 5 of a series that explores building a control plane for Envoy Proxy. Follow along @christianposta and @soloio_inc for more!.| Software Blog
This is part 4 of a series that explores building a control plane for Envoy Proxy. Follow along @christianposta and @soloio_inc for the next part coming out in a week.| Software Blog
This is part 3 of a series that explores building a control plane for Envoy Proxy.| Software Blog
This is part 2 of a series that explores building a control plane for Envoy Proxy.| Software Blog
Envoy has become a popular networking component as of late. Matt Klein wrote a blog a couple years back talking about Envoy’s dynamic configuration API and how it has been part of the reason the adoption curve for Envoy has been up and to the right. He called the blog the “universal data plane API”. With so many other projects adopting Envoy as a central component to their offering, it would not be a stretch to say “Envoy has become the universal data plane in cloud-native architectur...| Software Blog
So you’ve decided to run your Kubernetes workloads in AWS. As we’ve seen before setting up AWS EKS requires a lot of patience and headache. You may be able to get it working. For others, you should check out the eksctl tool from Weaveworks.| Software Blog
API Gateways are going through a bit of an identity crisis these days.| Software Blog
In 2019, I’m joining solo.io as Field CTO to build and grow a company that creates developer tools and infrastructure to help organizations build their software for cloud platforms/public cloud keeping in mind the reality of on-premises, existing technology investment. This problem of connecting and harnessing applications that are built cloud-native with those existing technologies is not an easy problem to solve. Some of the vanguard customers I’ve worked with at my previous job are acu...| ceposta Technology Blog
This week before the Christmas break is my last week at Red Hat, the company I’ve been with for the last 6.5 years. Actually, I joined a small start up close to 7 years ago that was quickly acquired by Red Hat (see FuseSource acquisition), but I tend to count all of that time together.| Software Blog
No doubt, if you’ve been paying attention to technology trends, you’ve seen the rise in interest of “serverless”. In some accounts, “serverless” is billed as the “next application architecture” style. I’ve even heard people say “you don’t need technology X because serverless is the way of the future” or that “technology X is a red herring because serverless”, etc. In this installment, we see why it’s not about “microservices vs serverless”.| Software Blog
I’ve recently started giving a talk about the evolution of integration and the adoption of service mesh, specifically Istio. I’ve been excited about Istio ever since I first heard about it back in January 2017; in fact I’ve been excited about this new wave of technology helping to make microservices and cloud-native architectures a possibility for organizations. Maybe you can tell, as I’ve been writing a lot about it (follow along for the latest @christianposta:| Software Blog