SEP-XXXX: Server-Side Authorization Management with Client Session Binding
9 months ago
- #Security
- #OAuth
- #MCP
- Proposal to move OAuth authorization flow management from MCP Clients to MCP Servers.
- Introduction of two key mechanisms: proof-of-possession system and server-directed browser redirect capability.
- Motivation based on dynamic discovery model in MCP differing from traditional OAuth patterns.
- Problems identified with current OAuth implementation in MCP including issues with web-based protocols, coarse-grained access, dynamic client registration, untrusted redirect URIs, single authorization mechanism, implementation complexity, and bearer token access.
- Proposed solution involves cryptographic binding between MCP Client and Server using HTTP Message Signatures and interaction requests for user authorization.
- Benefits include non-breaking changes, improved security, simplified client and server implementations, enterprise-friendliness, dynamic authorization, policy enforcement flexibility, and multi-resource support.
- Protocol comparison between current OAuth flow and proposed server-side OAuth flow with SSE interaction request.
- Specification details for HTTP Message Signing Profile, key management, client initialization, signature requirements, and replay protection.
- Rationale for choosing HTTP Message Signatures over mutual TLS or signed JSON-RPC for proof of possession.
- Security implications and improvements addressing dynamic client registration vulnerabilities, bearer token exposure, untrusted redirect URIs, and session binding weaknesses.
- New security considerations for HTTP signature security, interaction request security, and server-side token management.
- Threat model analysis comparing risks before and after implementation of the proposed solution.
- Security recommendations for MCP Client and Server implementations.