Episode 186 - GluuFederation/identerati-office-hours GitHub Wiki

Title: MCP Dev Summit 2026 Debrief

• Host: Mike Schwartz, Founder/CEO Gluu
• Co-Host: Rohit Khare, Product Manager & Software Architect

Channels

• Linkedin Event
• Youtube Video

Description

The MCP Dev Summit was last week in NYC. The conference grew from 300 to 1200 attendees in the last year, which is an indicator of how much momentum MCP has an important new middleware technology. Identity, authorization and governance was mentioned in practically every talk. Mike was there presenting a session on MCP security, Zero Trust and GovOps. This episode will be a debrief on what we learned at the Summit and what new questions were uncovered.

Homework

• MCP Dev Summit Agenda

• Golem To Murderbot - Youtube video of Mike's talk

• Threat Modeling Authorization in MCP, - Sarah Cecchetti, Semperis

• Mix-Up Attacks in MCP: Multi-Issuer Confusion and Mitigations , - Emily Lauber, Microsoft

• Linkedin Article Open-World OAuth by Karl McGuinness

Open-world OAuth needs better protocol substrate: discovery, resource binding, sender constraints, metadata integrity, and first-contact trust. Agent authorization also needs governance above that substrate: a way to decide whether newly requested authority is still inside the task the user approved. Solving the first layer does not solve the second.

• “Skills” A self-describing capability bundle that exposes a specific function (or set of functions) to an agent, along with the metadata, schemas, and constraints required for safe and correct invocation (summary from ChatGPT)

• This is the only talk with “Governance” in the title, but their concept of governance is clearly wrong

Work through real governance scenarios: integrating remote MCP servers with an enterprise IdP, scoping tool access by user group, and applying controls at the individual tool level

Rohit's notes

• Better software by construction: Vera and goSplash.dev and Rust+Verus (As opposed to Clawdia or Carapace. Clawback)

• Excited for the Unreasonable episode with Varun Pant — there’s something afoot around Automated Reasoning! Early homework: The Agentic Mullet: code in the front, proofs in the back | Amplify Partners

• The Agentic Mullet: code in the front, proofs in the back | Amplify Partners

• AAuth episode coming up too -- Episode 183, Thursday 4/16/2026

• CSA Agentic AI Security Summit 2026 April 29-30

• AI Agent Security Summit - Global Series : Call for Speakers @ Sessionize.com 27 May (SF) and June 17 (NYC)

• Internet Identity Workshop - 20% off link for IIW, or use code IOH_XLII_20

• Agentic Identity Workshop - 10% off link for AIW, or use the code IOH_AIW2_10

Takeaways

• ⚡ MCP is evolving from a simple CGI-like protocol into a foundational middleware layer. The introduction of “skills” shows the ecosystem is moving toward higher level functionality — but also raises new questions about interoperabilility, discovery and federation.

• ⚡ “Governance” was mentioned dozens of times at the MCP Dev Summit, yet most speakers didn't define it, and seemed to be talking about different things.

• ⚡ Governing AI agents will require new patterns that combine continuous authorization and policy reasoning rather than relying on legacy IAM assumptions alone--what Rohit calls "governance" -- small "g".

• ⚡ Feedback on GovOps was positive at the MCP Dev Summit. Lots of MCP Gateways--all handling authorization differently, with no clear plan about how to unify risk management and transparency. Unless we change course, MCP and agentic AI security is going to be a nightmare collection of one-off solutions.

Livestream Audio Archive

here