Making MCP Production Ready – Building MCP for Enterprise
AI agents are incredible, but there's a massive security gap holding them back from production use. When your agent needs to access Gmail, Slack, or Dropbox on your behalf, how do you keep it secure without giving away the keys to your entire digital kingdom? Join Nate Barbettini (Arcade.dev), Aaron Parecki (Okta), Den Delimarsky (Microsoft), and Wils Dawson (Arcade.dev) as they break down why Model Context Protocol needs proper OAuth authentication and how the latest spec changes solve critical security problems that could make or break enterprise AI deployments. What You'll Learn: Why local MCP servers work fine but cloud deployment creates security nightmares The difference between authenticating TO your MCP server vs. your server authenticating to downstream APIs How OAuth roles map to MCP architecture (and why this matters for production) Why passing raw API tokens around is a security vulnerability waiting to happen Enterprise SSO integration patterns that will blow your mind Timestamps: 00:00 - Introductions and why we're here 02:57 - Why does MCP need authentication? 06:35 - The OAuth advantage: solving 20-year-old problems 10:32 - Why OAuth 2.1 is the right choice for MCP 12:48 - What needed fixing in the original MCP auth spec 18:09 - OAuth roles and separation of concerns 22:25 - The critical distinction: client-to-server vs downstream auth 26:47 - How MCP servers play multiple OAuth roles 30:05 - Why you can't just pass through API tokens 33:17 - Security vulnerabilities of collapsing OAuth roles 36:14 - Best practices that prevent future breakage 41:18 - Enterprise SSO: the Identity Assertion Authorization Grant Speakers: Nate Barbettini - Founding Engineer, Arcade.dev Aaron Parecki - Director of Identity Standards, Okta Den Delimarsky - Principal Product Manager, CoreAI, Microsoft Wils Dawson - Founding Engineer, Arcade.dev This isn't just theory—this is the foundation that will determine whether AI agents remain demo toys or become production workhorses. If you're building with MCP or thinking about enterprise AI deployments, this conversation will save you months of security headaches. Links & Resources: MCP Overview: https://docs.arcade.dev/home/mcp-over... Aaron's Blog on Enterprise Ready MCP: https://aaronparecki.com/2025/05/12/2... Den's Blog on new MCP Authz Spec: https://den.dev/blog/new-mcp-authoriz...
InformationWeek Podcast: Building up new IT leaders in the AI era
NestJS Full Course for Beginners in 2026 | Build a Production-Ready API
248 DIOS TE DICE HOY: NADA ES IMPOSIBLE PARA MÍ | CONFÍA EN DIOS
ASMR Addictive Fast Tapping Collection For Deep Sleep & Anxiety Relief (No Talking) — 2.5 Hours
Moving at the Speed of AI: Agentic AI, Security, and Risks
Why MCP really is a big deal | Model Context Protocol with Tim Berglund
Model Context Protocol (MCP), clearly explained (why it matters)
OAuth 2.0 and OpenID Connect (in plain English)
Model Context Protocol (MCP) Explained for Beginners: AI Flight Booking Demo!
MCP Auth Deep Dive with Ex-Okta Engineer
Advanced Context Engineering for Agents
Tutorial: Auth for Remote MCP Servers (Step by Step) | OAuth 2.1 with ScaleKit
Inside Anthropic, the $965 Billion AI Juggernaut | The Circuit
MCP In Production: Building Secure and Agent-Ready Model Context Protocol Servers
How to Get and Evaluate Startup Ideas | Startup School
MCP Gets OAuth: Understanding the New Authorization Specification
Andrew Ng: Building Faster with AI
Why Most B2B Influencer Reports Don't Survive a CFO Meeting (with Will and Chris from Moon at Dawn)
Amazon Bedrock AgentCore Deep dive series: Gateway | AWS Show and Tell
