https://blog.christianposta.com/Christian Posta's blog on Istio, Envoy, API gateways, MCP, and the infrastructure that runs production AI agents. 2026-05-20T00:16:06+00:00 Christian Posta https://blog.christianposta.com/ Jekyll © 2026 Christian Posta /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2026-05-04T18:38:15+00:00 2026-05-04T18:38:15+00:00 https://blog.christianposta.com/avoiding-mcp-confused-deputy-with-aauth/ Christian Posta

MCP’s Authorization Spec builds heavily around OAuth 2.1 authorization code grant, but the more dynamic AI agent and MCP systems get, the more we need something that is built to live in this new world. Agent Auth (AAuth) is a protocol built for the needs of modern AI agentic applications: agent identity across services / trust domains dynamic agent registration agent discover permission...

2026-03-04T01:48:35+00:00 2026-03-04T01:48:35+00:00 https://blog.christianposta.com/inbound-auth-for-agentcore-with-agentgateway/ Christian Posta

The best thing about being on the frontline of large enterprises adopting AI agents and MCP tools at scale is we get to see real, practical challenges. AWS Agentcore is a popular platform for deploying custom-built AI agents, but one question crops up frequently: how do callers authenticate to my agent, and how does the agent know who is calling? Getting both right ie, strong caller authenticat...

2026-02-23T16:18:22+00:00 2026-02-23T16:18:22+00:00 https://blog.christianposta.com/connecting-saas-mcp-servers-to-enterprise-with-agentgateway/ Christian Posta

Enterprise adoption of MCP still has problems. How do you govern its usage? Especially when developers are willy-nilly installing stdio MCP servers on their machines. » BTW « we should be restricting any usage of stdio MCP servers. If a stdio MCP server requires API keys or credentials because it makes network calls, it should be a remote MCP server behind an AI/MCP gateway and governance layer...

2026-02-17T01:25:53+00:00 2026-02-17T01:25:53+00:00 https://blog.christianposta.com/exploring-aauth-agent-auth-identity-and-access-management-for-ai-agents/ Christian Posta

OAuth has evolved a lot since 2012 with many “lessons learned”. AAuth (Agent Auth) is an attempt to bring those lessons together for AI agents. AAuth is an exploratory spec from Dick Hardt (Author/Co-Author of OAuth 2.0, 2.1) What started as OAuth 2.0 has grown into dozens of supporting RFCs, drafts, and practical implementations: PKCE, DPoP, Token Exchange, Rich Authorization Requests (RAR), ...

2026-02-02T16:05:31+00:00 2026-02-02T16:05:31+00:00 https://blog.christianposta.com/a-guide-to-microsoft-entra-agent-id-on-kubernetes/ Christian Posta

If you’re building AI agents that need strong identity, proper authorization, and the ability to act on behalf of users, Microsoft’s Entra Agent ID capability is worth your attention. I’ve put together a 5-part series that takes you from “what is this?” to a fully working AI agent deployment on Kubernetes, complete with LLM and MCP server integration. Here’s what you’ll get from each part. ...