惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
P
Palo Alto Networks Blog
S
Securelist
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
NISL@THU
NISL@THU
L
Lohrmann on Cybersecurity
有赞技术团队
有赞技术团队
The GitHub Blog
The GitHub Blog
C
Cisco Blogs
B
Blog
Microsoft Azure Blog
Microsoft Azure Blog
Recent Announcements
Recent Announcements
Simon Willison's Weblog
Simon Willison's Weblog
T
Tenable Blog
Know Your Adversary
Know Your Adversary
Spread Privacy
Spread Privacy
WordPress大学
WordPress大学
月光博客
月光博客
Latest news
Latest news
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Threat Research - Cisco Blogs
Cisco Talos Blog
Cisco Talos Blog
I
InfoQ
D
Darknet – Hacking Tools, Hacker News & Cyber Security
W
WeLiveSecurity
Hacker News - Newest:
Hacker News - Newest: "LLM"
酷 壳 – CoolShell
酷 壳 – CoolShell
U
Unit 42
C
Cybersecurity and Infrastructure Security Agency CISA
博客园 - 聂微东
人人都是产品经理
人人都是产品经理
Google DeepMind News
Google DeepMind News
Apple Machine Learning Research
Apple Machine Learning Research
Attack and Defense Labs
Attack and Defense Labs
罗磊的独立博客
T
The Exploit Database - CXSecurity.com
I
Intezer
GbyAI
GbyAI
Jina AI
Jina AI
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Blog — PlanetScale
Blog — PlanetScale
博客园 - 司徒正美
Google Online Security Blog
Google Online Security Blog
Engineering at Meta
Engineering at Meta
D
Docker
Recent Commits to openclaw:main
Recent Commits to openclaw:main
小众软件
小众软件
云风的 BLOG
云风的 BLOG
爱范儿
爱范儿
Project Zero
Project Zero

OpenID Foundation

How we got here: what six decades of identity history tell us about the agent age AuthZEN at Identiverse 2026: authorization in the agent era Public Review Period for Proposed Implementer’s Draft of OpenID Connect Key Binding - OpenID Foundation As AltID launches, Danish media seek OIDF view Errata to OpenID Identity Assurance Specifications Approved - OpenID Foundation Public Review Period for Proposed Implementer’s Drafts of Two OpenID Federation Extensions - OpenID Foundation OIDF proud to support BIS Innovation Hub’s Aperta Report Announcing the new Digital Credentials Harmonized Presentation Working Group OpenID Foundation advances authorization for the agent era with new AuthZEN Working Group Drafts Australian Digital Trust Community Group’s 2nd Innovation Day – 24th June 2026 - OpenID Foundation OIDF conformance tests deliver results in La Ciotat Four OpenID Foundation voices at ID4Africa 2026 in Abidjan CrowdStrike joins the OIDF as a Sustaining Corporate Member OpenID AuthZEN wins EIC 2026 Outstanding Project Recognition Insights from the OIDF’s Australia Innovation Day OIDF presents at ITU-T workshop on digital ID and agentic AI Implementer’s Draft of International Government Assurance (iGov) Profile for OAuth 2.0 Approved - OpenID Foundation Notice of Vote to Approve Proposed Errata to OpenID Identity Assurance Specifications - OpenID Foundation OpenID Connect Advanced Syntax for Claims (ASC) 1.0 Implementer’s Draft Approved - OpenID Foundation OIDF has implemented a new Liaison Policy effective immediately - OpenID Foundation The OIDF Groups, Activities, & Events Code of Conduct Policy has been updated – here’s what you need to know - OpenID Foundation Notice of Vote to Approve Proposed Errata to OpenID Connect for Identity Assurance 1.0 - OpenID Foundation OpenID Federation 1.1 Final Specifications Approved - OpenID Foundation **Save the Date** OpenID Foundation Global Conference 2027 - OpenID Foundation Calling all members – register for the GDC Conference now Notice of Vote to Approve the Proposed Implementer’s Draft of OpenID Connect Advanced Syntax for Claims (ASC) 1.0 - OpenID Foundation Notice of Vote to Approve Proposed OpenID Federation 1.1 Final Specifications - OpenID Foundation
Call for Participation: Demonstrate MCP-based AI agent security with open identity standards
Serj Hallam · 2026-07-15 · via OpenID Foundation

Prove that MCP clients, gateways, and servers from different vendors can secure AI agents together — within and across enterprises.

The OpenID Foundation's Artificial Intelligence Identity Management Community Group (AIIM CG) is running an interoperability event to show that Model Context Protocol (MCP) flows can be secured with open identity standards. Taking place at the Gartner Identity & Access Management Summit 2026 in Las Vegas, the AIIM CG is inviting implementers to take part.

MCP is being adopted quickly to connect AI agents to enterprise tools, services and data. As agents begin to act on behalf of people and organizations, there are three key questions that matter most - which agent is this, what is it allowed to do, and does that still apply when it crosses into another organization?

Open identity standards already answer versions of these questions for humans and workloads. The interoperability event at Gartner will show they can be applied to MCP, and that implementations from different vendors work together when they do.

What it will prove

The event will demonstrate how customers can apply identity based controls to secure MCP flows within an enterprise and across enterprises, using standards drawn from the core MCP specification, MCP extensions, or elsewhere.

The point is interoperability. When these standards are implemented correctly, an organization can choose its own MCP clients, gateways and servers and expect the security properties to hold, regardless of which products it picks.

The uses cases and standards in scope

The testing focuses on two scenarios:

  • Agent governance - ensuring that only authorized agents can reach enterprise resources.
  • Cross-organizational identity assurance - ensuring that an agent in one organization can access MCP servers in another.

Participants will test interoperability across the following:

How the flow works

Once MCP clients, authorization servers and MCP servers are in place: 

  1. The MCP Client uses CIMD to obtain an OAuth 2.1 access token.
  2. The MCP Client uses the access token to access an internal MCP server
  3. The MCP Client performs an EMA token exchange to obtain an ID-JAG
  4. The MCP Client exchanges the ID-JAG with the OAuth AS in a third-party enterprise to obtain an OAuth 2.1 access token that works for the MCP server in that enterprise.
  5. The MCP Client communicates using the obtained OAuth token with the MCP server either in the same enterprise or in the third-party enterprise.

See the detailed test plan here.

Taking part in testing

Participants take at least one role, either MCP client, OpenID Provider, OAuth authorization server, MCP gateway, or MCP server. They must test at least one interaction with another participant in a complementary role. For example, a client testing CIMD against an authorization server.

Each participant keeps their own interoperability matrix, recording which standards they tested and with how many partners. Both sides agree the result before it's submitted, and the AIIM CG consolidates these into the published results - a clear, evidenced record of what interoperated with what.

Get involved

  • Interested parties are encouraged to join the AIIM CG's weekly information calls to learn more before committing. Add this meeting to your calendar to participate.
  • Participants must commit  by end of the day, Pacific Time, on 10 August 2026. Participation is open to all, and free. Participants may commit by emailing the OpenID AIIM CG co-chair, Atul Tulshibagwale, at atul.tulshibagwale@crowdstrike.com.
  • The AIIM CG will then host weekly calls designed to support the participants, enable them to ask questions, and schedule mutual interoperability tests with other participants.
  • By 16 October, participants must be able to show at least one successful test with a partner, for at least one use case. They are encouraged to keep adding interoperability use cases to their matrix right up until the Gartner IAM Summit in December

The results will be presented by Atul Tulshibagwale of the OpenID Foundation and Erik Wahlström from Gartner during Gartner IAM Summit. A limited number of successful participants will also be given the opportunity to demonstrate their implementations. The AIIM CG will publish guidance on how demonstration slots are prioritized ahead of the commitment date.

Paul Carleton, Core Maintainer of MCP, said: “Anyone deploying agents at enterprise scale hits the challenges this event is testing: agent governance, and identity that survives crossing organizational boundaries. I look forward to seeing implementations from across the ecosystem prove standards like CIMD and ID-JAG work together.”

Atul Tulshibagwale, co-chair of the OpenID AIIM CG, and Senior Director, Continuous Identity Strategy at CrowdStrike, said: ”Agent governance, and cross-organizational identity assurance and seamless access are important problems that enterprises are grappling with as they deploy MCP based AI agents. This interoperability event provides an amazing venue where Gartner IAM Summit attendees can see this in action from multiple implementers.”

Erik Wahlström, VP Analyst, IAM at Gartner, said: “The industry has made significant progress in defining IAM standards for AI agents. Now it's time to prove they work. This initiative validates interoperability across implementations and helps accelerate deployment across the IAM ecosystem. We're pleased to provide a venue for the community to engage with this important work and see these standards put to the test.”

About the OpenID Foundation

The OpenID Foundation (OIDF) is a global open standards body committed to building trusted identity ecosystems. Our mission is to lead the global community in identity standards that are secure, interoperable, and privacy respecting. Founded in 2007, we are a community of technical experts. The Foundation's OpenID Connect standard is now used by billions of people across millions of applications. More recently, the FAPI security profile - built on OAuth 2.0 - has become the standard of choice for interoperable Open Banking and Open Data implementations, while OpenID for Verifiable Credentials specifications are underpinning a new generation of digital wallets. Today, the OpenID Foundation's standards are the connective tissue that enable people to assert their identity and access their data at scale, the scale of the internet, enabling "networks of networks" to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at openid.net.