Making OAuth Scale Securely for MCPs - Aaron Parecki - ASW #360
9 December 2025 - 1 hour 7 minsThe MCP standard gave rise to dreams of interconnected agents and nightmares of what those interconnected agents would do with unfettered access to APIs, data, and local systems. Aaron Parecki explains how OAuth's new Client ID Metadata Documents spec provides more security for MCPs and the reasons why the behavior and design of MCPs required a new spec like this.
Segment resources:
https://aaronparecki.com/2025/11/25/1/mcp-authorization-spec-update https://www.ietf.org/archive/id/draft-ietf-oauth-client-id-metadata-document-00.html https://oauth.net/cross-app-access/ https://oauth.net/2/oauth-best-practice/ Visit https://www.securityweekly.com/asw for all the latest episodes!
Show...
Series Episodes
Cams, Gelbwurst, Chrome, SCCM, CVES, SSHStalker, RAM, TikTok, Josh Marpet... - SWN #555
35 mins
13 February Finished
Preparing For Q-Day as CISOs Face Quantum Disruption and Cyber Resilience Pressures - Sandy Carielli - BSW #434
52 mins
11 February Finished
Idoru, Singapore, Gambling, Smartertools, Ivanti, ZeroDayRat, Twiki, Aaran Leyland... - SWN #554
37 mins
10 February Finished
Bringing Strong Authentication and Granular Authorization for GenAI - Dan Moore - ASW #369
1 hour 9 mins
10 February Finished
Clickfixed, Zero Trust World, and OpenClaw is out of control - but that's the point - Rob Allen - ESW #445
1 hour 41 mins
9 February Finished
