-
Story
-
Resolution: Done
-
Undefined
-
None
-
None
-
None
-
False
-
-
False
-
-
As a platform admin, I want the MCP Gateway to authorize access to tools based on the identity of the requesting user, so that I can restrict tool usage to only those users or services that are permitted.
considerations
- Support for identity extraction from headers (e.g. Authorization, X-User-ID, X-Forwarded-User)
- should we allow an AuthPolicy to target an MCP resource so a MCP developer can register an MCP server and also create a policy for that server
- Define and enforce tool-level access policies (e.g., user X can use tools A and B, but not C)
- Deny unauthorized requests with a standard JSON-RPC error
- Log authorization decisions (successful and failed) for auditing
- Default-deny mode?
- is depended on by
-
OCPSTRAT-2297 Model Context Protocol (MCP) Gateway
-
- Refinement
-
- is related to
-
CONNLINK-510 Identity based filtering of MCP tool list response
-
- In Progress
-
- relates to
-
CONNLINK-513 Configuring Authentication for Registered MCP Servers
-
- In Progress
-