[draft] [blog] client registration options #1027
Conversation
where would the comments be???
Co-authored-by: Aaron Parecki <[email protected]>
|
I think it's also important to talk about per-instance registration use cases (https://www.rfc-editor.org/rfc/rfc7591#appendix-A.4) with the matrix of options. Pre-registration by user and DCR enable per-instance client ids. Some authorization servers/enterprise deployments may require each instance to have it's own identity for governance or IAM use cases. Software Statements enable separation of pre-registration of client software but runtime registration of instances for example. This is useful for enterprise scenarios where the enterprise wants to delegate registration to an agent platform that can spin up instances in managed environments for example similar to workload identity patterns with public clouds. |
| 3. Server developers: | ||
| 1. have a way to trust the metadata they associate with a client (e.g. name and redirect URL) | ||
| 2. can have a single client ID per client for users to revoke access or the server to revoke access |
There was a problem hiding this comment.
Would be helpful to be specific about which 'server' we're talking about here since there's some ambiguity between AS and MCP Server.
Co-authored-by: Geoff Goodman <[email protected]>
(work in progress)