Episode 115 - GluuFederation/identerati-office-hours GitHub Wiki

Title: The Next Big Challenge of AI Agents – Access and Authentication

• Host: Mike Schwartz, Founder/CEO Gluu
• Guest: Paresh Bhaya, Co-Founder at Natoma

Channels

• Linkedin Event
• Youtube Video

Description

The true power of AI agents is realized when they’re connected to your internal data and services. But integrating LLMs and agents into enterprise environments introduces significant challenges—particularly around security risks and weak security postures. In this podcast, we’ll take a deep dive into the MCP (Model Context Protocol) and explore how it can be used to safely and efficiently unleash the capabilities of AI agents within an enterprises.

Homework

• Anthropic MCP announcement
• Why MCP Won
• MCP Authz
• Okta-contributed: Enterprise Authorization Profile for MCP - "extension is designed to facilitate secure and interoperable authorization of MCP clients within corporate environments, leveraging existing enterprise identity infrastructure."

Example Identity Assertion Authorization Grant JWT ("ID-JAG") payload

HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache
{
  "issued_token_type": "urn:ietf:params:oauth:token-type:id-jag",
  "access_token": "eyJhbGciOiJIUzI1NiIsI...",
  "token_type": "N_A",
  "scope": "chat.read chat.history",
  "expires_in": 300
}

Takeaways

• ⚡ AI agents will need (1) a unique identifier (i.e. URI); (2) unique asymmetric credentials; (3) policies that constrain AI agents to perform only authorized capabilities.

• ⚡ By offering a standard interface for AI agents access external resources, MCP servers make the AI business proposition even more potentially valuable to enterprises. But any MCP server an enteprise hosts exposes new capabilities and increases its risk. Companies like Natoma will help enteprises manage that risk by providing turnkey MCP hosting options with enhanced security.

• ⚡ OAuth client metadata pattern matches well with an agentic AI software entity. OAuth Software Statement Assertions (SSA's) may help convey trust from the enterprise to developers writing AI agents. Okta engineers have recently proposed an MCP extension to support a new OAuth token exchange, where a token from Domain A is exchanged for a token from Domain B, to call a Domain B API. So there is a faily complete vision of how OAuth, MCP and Agentic AI could work together--at least initially.

• ⚡ What URI agents should use for identification is not 100% clear. Registration via the SPIFFIE SPIRE server provides one strategy. The IETF WIMSE working group also defines a "Workload Identity Token", which contains a proof-of-possession token that contains a workload identifier used for service to service authentication.

• ⚡ In order to get the delegation people really want, we're going to need more interoperability of policies and audit logs. We're not there yet.

Livestream Audio Archive

here