Episode 150 - GluuFederation/identerati-office-hours GitHub Wiki

Title: Agentic Access: OAuth Gets You In, Zero Trust Keeps You Safe

• Host: Mike Schwartz, Founder/CEO Gluu
• Guest: Nick Taylor, Developer Advocate Pomerium

Channels

• Linkedin Event
• Youtube Video

Description

AI agents are no longer speculative—they’re querying APIs, rewriting records, and chaining tools via protocols like MCP (Model Context Protocol). The latest MCP spec requires OAuth 2.1 and Resource Indicators (RFC 8707), strengthening identity security while leaving authorization up to the implementer. But OAuth alone can’t enforce what an agent does after login—or whether it should act at all.

Homework

• https://github.com/pomerium/pomerium
• https://www.pomerium.com/docs/capabilities/native-ssh-access
• https://www.pomerium.com/docs/capabilities/mcp

Takeaways

TBD

Livestream Audio Archive

Will be Here

basically we can talk about zero trust in general, and I can talk about how we're securing mcp, and we can also touch on native ssh access with zero trust baked in (no client)