Making OAuth Scale Securely for MCPs - Aaron Parecki - ASW #360
9 December 2025 - 1 hour 7 minsThe MCP standard gave rise to dreams of interconnected agents and nightmares of what those interconnected agents would do with unfettered access to APIs, data, and local systems. Aaron Parecki explains how OAuth's new Client ID Metadata Documents spec provides more security for MCPs and the reasons why the behavior and design of MCPs required a new spec like this.
Segment resources:
https://aaronparecki.com/2025/11/25/1/mcp-authorization-spec-update https://www.ietf.org/archive/id/draft-ietf-oauth-client-id-metadata-document-00.html https://oauth.net/cross-app-access/ https://oauth.net/2/oauth-best-practice/ Visit https://www.securityweekly.com/asw for all the latest episodes!
Show...
Series Episodes
Modern AppSec that keeps pace with AI development - James Wickett - ASW #372
47 mins
3 March Finished
OT Security/business resilience, lack of incentives for securing software & the news - Ben Worthy - ESW #448
1 hour 54 mins
2 March Finished
Brainstorm, SonicWall, Junos, Glienicke Brücke, Burger King, Claude, Josh Marpet... - SWN #559
32 mins
27 February Finished
Security as a Business Enabler by Re-envisioning Risk and Leading through Uncertainty - Elyse Gunn - BSW #436
59 mins
25 February Finished
Infinite AI Monkeys, Ploutus, Serv-U, Fortinet, Cyberwar, COBOL, NIST, Aaran Leyland - SWN #558
31 mins
24 February Finished
