Aaron Parecki

#ai

Cross-Domain API Access: Beyond the "Obvious" Shortcuts

Cross-domain access is everywhere in today's software landscape. Whether you look at enterprise SaaS applications, AI agents interacting with user data across multiple platforms, or "integrated experiences" pulling information from a calendar, a chat tool, and a wiki—everything eventually needs to talk across boundaries.
continue reading...

1 like

Wed, May 27, 2026 4:35pm -07:00 #oauth #okta #xaa #id-jag #ai
The "Agent Verified" signup flow from WorkOS is exactly what I've been telling the agent platforms they should be doing with Cross App Access! Very cool to see this launch! 👏

https://workos.com/auth-md/docs/flows/verified

"The agent's provider — OpenAI, Anthropic, Cursor, or any trusted agent platform — attests to the user's identity at registration time. Your service verifies the attestation and issues credentials synchronously, no human interaction required."

In Cross App Access terms:

• The "agent platform/provider" is the ID-JAG issuer, because users are already signed in to those platforms when they use agents
• The "service" is the ID-JAG consumer (the Resource AS), and issues an access token if the ID-JAG is trusted and valid

You can test this out in the Cross App Access sandbox today! https://xaa.dev/

Portland, Oregon, USA • 79°F

Thu, May 21, 2026 7:12pm -07:00 #oauth #xaa #ai #okta
The AI Great Leap Forward (leehanchung.github.io)

Thu, Apr 9, 2026 10:32am -07:00 #ai
The machines are fine. I'm worried about us. (ergosphere.blog)

Sun, Apr 5, 2026 6:39am -07:00 #ai #llm #academia
Governing the "Shadow AI" Mesh with Open Standards

Mar

4

March 4, 2026 1:35pm - 2:05pm (-0800)

Victoria Conference Centre

Victoria, British Columbia, CA

permalink #okta #xaa #ai
second-thoughts/posts/projects/forecats/ (secondthoughts.my)

Sat, Feb 21, 2026 5:13pm -08:00 #weather #homeassistant #homeautomation #eink #ai #epaper
Agent Psychosis: Are We Going Insane? | Armin Ronacher's Thoughts and Writings (lucumr.pocoo.org)

Tue, Jan 20, 2026 6:17am -08:00 #ai
The Colonization of Confidence., Sightless Scribbles (sightlessscribbles.com)

Thu, Dec 18, 2025 9:55am -08:00 #llm #writing #ai
Sam Altman’s Dirty DRAM Deal (www.mooreslawisdead.com)

Fri, Dec 5, 2025 5:23pm -08:00 #ai #ram #business #ddr5
Client Registration and Enterprise Management in the November 2025 MCP Authorization Spec

The new MCP authorization spec is here! Today marks the one-year anniversary of the Model Context Protocol, and with it, the launch of the new 2025-11-25 specification.
continue reading...

1 like 1 mention

Tue, Nov 25, 2025 1:25pm -08:00 #cimd #oauth #mcp #ai
Camp AI

Sep

18

September 18, 2025 5:30pm - 8:30pm (-0700)

AWS Builder Loft

San Francisco, California, US

permalink #okta #campai #auth0 #ai #365
San Francisco Billboards - August 2025

Every time I take a Lyft from the San Francisco airport to downtown going up 101, I notice the billboards. The billboards on 101 are always such a good snapshot in time of the current peak of the Silicon Valley hype cycle. I've decided to capture photos of the billboards every time I am there, to see how this changes over time.
continue reading...

2 likes

Wed, Aug 6, 2025 5:00pm -07:00 #sf #billboards #ai
The latest version of the MCP spec is now officially 2025-06-18! Congrats to everyone in the MCP community involved in making this happen!

Key updates to the authorization section:

⚙️ MCP Servers are no longer responsible for issuing access tokens or handling user authentication
🛡️ A dedicated Authorization Server separate from the MCP Server handles user authentication and issuing access tokens
🔍 RFC9728 Protected Resource Metadata enables the MCP client to dynamically discover the MCP Server's authorization server
👉 RFC8707 Resource Indicators are required as a security measure

Thanks to everyone who contributed to the many discussions to update the authorization part of the spec to be more compatible with existing OAuth systems!

David Soria Parra, Paul Carleton, Den Delimarsky, Nate Barbettini, William Dawson, Jared Hanson, Karl McGuinness, Darin McAdams, Jean-François LOMBARDO and apologies if I forgot to mention you, those threads were extremely long!

#modelcontextprotocol #mcp #oauth #ai

Portland, Oregon, USA • 70°F

4 likes 4 reposts 3 replies

Wed, Jun 18, 2025 7:07pm -07:00 #modelcontextprotocol #mcp #oauth #ai
In two weeks I'll be speaking at the MCP Dev Summit in San Francisco! It's going to be a great day packed with back to back sessions.

In less than a year, the MCP project has quickly reshaped how developers are building AI agents. My talk, "Intro to OAuth for MCP Servers", will cover the basics of the new MCP authorization protocol and set the stage for building secure MCP servers.

https://mcpdevsummit.ai/#agenda

Portland, Oregon, USA • 70°F

6 likes 2 reposts 1 reply

Fri, May 9, 2025 12:33pm -07:00 #mcp #oauth #okta #ai
Botnet Part 2: The Web is Broken - Jan Wildeboer’s Blog (jan.wildeboer.net)

Sun, May 4, 2025 5:12am -07:00 #ai #web #scraping
Let's fix OAuth in MCP

Update: The changes described in this blog post have been incorporated into the 2025-06-18 version of the MCP spec!
continue reading...

1 mention

Thu, Apr 3, 2025 4:39pm -07:00 #oauth #mcp #modelcontextprotocol #ai #llm
Is it just me or does this current Model Context Protocol wave remind anyone of the early Web 2.0 days of everyone launching open APIs?

Portland, Oregon, USA • 47°F

8 likes 2 reposts 3 replies

Wed, Apr 2, 2025 10:09am -07:00 #mcp #ai
Transit | No GPS required: our app can now locate underground trains (blog.transitapp.com)

Thu, Nov 14, 2024 6:04am -08:00 #ai #ml #gps
OAuth Oh Yeah!

The first law of OAuth states that
continue reading...

1 like

Thu, Aug 29, 2024 12:59pm -07:00 #oauth #ai #music
AI Seinfeld was the peak of AI-generated content. It will never happen again. | Max Woolf's Blog (minimaxir.com)

Wed, Aug 14, 2024 5:39am -07:00 #ai #llm