[dend]

Coordinator of the authorization RFC linked in this post[1].

The protocol is in very, very early stages and there are a lot of things that still need to be figured out. That being said, I can commend Anthropic on being very open to listening to the community and acting on the feedback. The authorization spec RFC, for example, is a coordinated effort between security experts at Microsoft (my employer), Arcade, Hellō, Auth0/Okta, Stytch, Descope, and quite a few others. The folks at Anthropic set the foundation and welcomed others to help build on it. It will mature and get better.

[1]: https://github.com/modelcontextprotocol/modelcontextprotocol...

[magicalhippo]

A nice, comprehensive yet accessible blog post about it can be found here[1], got submitted earlier[2] but didn't gain traction.

[1]: https://aaronparecki.com/2025/04/03/15/oauth-for-model-conte...

[2]: https://news.ycombinator.com/item?id=43620496

[dend]

Great news - Aaron has been a core reviewer and contributor to the aforementioned RFC.

[magicalhippo]

Yeah figured he had to be involved and saw his name on the pull request after I posted.

Really enjoyed the article he wrote, just wanted to promote it some more. I learned of several things that will be useful to me beyond MCP.

[martypitt]

Impressive to see this level of cross-org coordination on something that appears to be maturing at pace (compared to other consortium-style specs/protocol I've seen attempted)

Congrats to everyone.

[sshh12]

Awesome! Thanks for your work on this.

[dend]

Can't take any credit - it's a massive effort across many folks much smarter than me.

[Y_Y]

This reminds me of something Adam Smith said in The Wealth of Nations:

"People of the same trade seldom meet together, even for merriment and diversion, but the conversation ends in a conspiracy against the public, or in some contrivance to raise prices."

Ymmv, but I cannot image that this "innovation" will result in a better outcome for the general public.