Uploaded image for project: 'Connectivity Link'
  1. Connectivity Link
  2. CONNLINK-509

Authorisation of MCP tools access

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False

      As a platform admin, I want the MCP Gateway to authorize access to tools based on the identity of the requesting user, so that I can restrict tool usage to only those users or services that are permitted.

      considerations

      • Support for identity extraction from headers (e.g. Authorization, X-User-ID, X-Forwarded-User)
      • should we allow an AuthPolicy to target an MCP resource so a MCP developer can register an MCP server and also create a policy for that server
      • Define and enforce tool-level access policies (e.g., user X can use tools A and B, but not C)
      • Deny unauthorized requests with a standard JSON-RPC error
      • Log authorization decisions (successful and failed) for auditing
      • Default-deny mode?

              Unassigned Unassigned
              cbrookes@redhat.com Craig Brookes
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: