Christian Posta (@christianposta) 's Twitter Profile
Christian Posta

@christianposta

VP, Global Field CTO @soloio_inc, author #Istio in Action, contributor & steering committee @IstioMesh, architect, speaker, #API #ServiceMesh #Microservices

ID: 244131858

linkhttp://blog.christianposta.com calendar_today28-01-2011 15:52:42

12,12K Tweet

11,11K Followers

410 Following

Christian Posta (@christianposta) 's Twitter Profile Photo

๐Ÿšจ Authorization and policy are such a mess in existing enterprises which make ๐€๐ˆ ๐€๐ ๐ž๐ง๐ญ delegation tricky. Who is Alice? Who is allowed to give Alice access? Why does Alice have their current access? And can an AI Agent properly represent Alice? When building AI agents,

๐Ÿšจ  Authorization and policy are such a mess in existing enterprises which make ๐€๐ˆ ๐€๐ ๐ž๐ง๐ญ delegation tricky. Who is Alice? Who is allowed to give Alice access?  Why does Alice have their current access? And can an AI Agent properly represent Alice?

When building AI agents,
Christian Posta (@christianposta) 's Twitter Profile Photo

๐Ÿ˜ฑ Are identity and authorization the same for AI agents as for microservices? AI agents introduce two properties that fundamentally break those assumptions. We can no longer be as sloppy as weโ€™ve been with microservices when deploying AI agents. โ‰๏ธ Maybe this Will Force Us to

๐Ÿ˜ฑ Are identity and authorization the same for AI agents as for microservices? AI agents introduce two properties that fundamentally break those assumptions. We can no longer be as sloppy as weโ€™ve been with microservices when deploying AI agents.

โ‰๏ธ  Maybe this Will Force Us to
Farooq | zo.me (@farooqsheik) 's Twitter Profile Photo

Christian Posta AI agents demand stricter identity and auth, what key principles from microservices can we keep, and where must we rethink security?

llm-d (@_llm_d_) 's Twitter Profile Photo

Two new ways to get involved with the llm-d project! โœ… Help shape our roadmap by taking our 5-min survey on your LLM use cases. โœ… Subscribe to our new YouTube channel for tutorials & SIG meetings! Details in our latest community update: llm-d.ai/blog/llm-d-comโ€ฆ

Two new ways to get involved with the llm-d project!

โœ…  Help shape our roadmap by taking our 5-min survey on your LLM use cases.
โœ…  Subscribe to our new YouTube channel for tutorials & SIG meetings!

Details in our latest community update: llm-d.ai/blog/llm-d-comโ€ฆ
solo.io (@soloio_inc) 's Twitter Profile Photo

๐ŸŽ™๏ธGlooโ€™d In Ep. 1 is live! Anuj Singh chats with Christian Posta about Solo.ioโ€™s open source work in AIโ€”covering MCP, Kagent, and Kgateway. ๐ŸŽง Tune in:youtu.be/UprfqOi5LdU #AI #OpenSource #Kagent #Kgateway #MCP #CloudNative #Soloio

Christian Posta (@christianposta) 's Twitter Profile Photo

๐Ÿšจ All AI agents need a unique identity. ๐Ÿšจ Can SPIFFE help here? No matter how big, small, long-lived/short-lived, one replica, many replicas, etc. Well, in SPIFFE implementations built on Kubernetes, like Istio, there is a fundamental mismatch with agents' non-deterministic,

solo.io (@soloio_inc) 's Twitter Profile Photo

Agent identity is critical for authorization. In his latest blog, Christian Posta explores how SPIFFE fits in todayโ€™s AI-driven infra like Kubernetes & Istioโ€”and what may need to change. ๐Ÿง  Read it here: bit.ly/44CbJfI #AI #SPIFFE #AgenticAI #Kubernetes #Identity

Agent identity is critical for authorization.  In his latest blog, <a href="/christianposta/">Christian Posta</a> explores how SPIFFE fits in todayโ€™s AI-driven infra like Kubernetes &amp; Istioโ€”and what may need to change.

๐Ÿง  Read it here: bit.ly/44CbJfI
#AI #SPIFFE #AgenticAI #Kubernetes #Identity
Christian Posta (@christianposta) 's Twitter Profile Photo

๐ŸŽ‰ ๐ŸŽ‰ I've built a step-by-step guides to build MCP servers secured by the ๐Œ๐‚๐ ๐€๐ฎ๐ญ๐ก๐จ๐ซ๐ข๐ณ๐š๐ญ๐ข๐จ๐ง ๐ฌ๐ฉ๐ž๐œ (June). The steps walk you through building an MCP server with the HTTP transport, introducing JWT verification, exposing protected resource metadata, and

Christian Posta (@christianposta) 's Twitter Profile Photo

๐Ÿš€ The final part of my โ€œ๐”๐ง๐๐ž๐ซ๐ฌ๐ญ๐š๐ง๐๐ข๐ง๐  ๐Œ๐‚๐ ๐€๐ฎ๐ญ๐ก๐จ๐ซ๐ข๐ณ๐š๐ญ๐ข๐จ๐งโ€ series is now live! The response to the first two posts was incredible โ€” thanks to everyone who shared, commented, connected, and especially Marjan Sterjev for feedback! Now inย ๐๐š๐ซ๐ญ

Christian Posta (@christianposta) 's Twitter Profile Photo

Weย doย need to evolve #OAuth for agentic workloads, but letโ€™s not overlook how far todayโ€™s standards can already take us. OAuth for user authorization delegation is great. OAuth for agent identity, authorization, and delegation can use some work. Let's see what's available today:

Andrew Block (@sabre1041) 's Twitter Profile Photo

After 3 years, I am thrilled to be able to announce that the Argo CD book that Christian Hernandez and I have written is now available! Learn how to leverage the full set of features included within Argo CD which implement GitOps principles based on years of industry experience with

After 3 years, I am thrilled to be able to announce that the Argo CD book that <a href="/christianh814/">Christian Hernandez</a>  and I have written is now available! Learn how to leverage the full set of features included within Argo CD which implement GitOps principles based on years of industry experience with
Christian Posta (@christianposta) 's Twitter Profile Photo

๐Ÿค–ย Agents canโ€™t collaborate if they canโ€™tย findย each other. The hashtag#A2A protocol is becoming the standard for autonomous agent communication but itโ€™s missing a critical layer: Discovery, Naming, and Resolution. In fast-moving environments,ย hardcoding endpoints and static

Christian Posta (@christianposta) 's Twitter Profile Photo

๐Ÿ” In the latest update to theย MCP Authorization spec (June 25), MCP clients are encouraged (SHOULD) to useย OAuth 2.0 Dynamic Client Registrationย , enabling clients to automatically register with an IdP like Keycloak, Auth0, or Okta. When combined with: โœ…ย Resource Indicators

Christian Posta (@christianposta) 's Twitter Profile Photo

๐Ÿšจ The latest MCP Authorization spec uses newer OAuth 2.x RFCs. I did some research on what popular identity providers actually support. Here's what I found: MCP Authorization Required (MUST) ๐Ÿ‘‰ OAuth 2.1 / PKCE support ๐Ÿ‘‰ RFC 8414 - OAuth 2.0 Authorization Server Metadata ๐Ÿ‘‰

๐Ÿšจ The latest MCP Authorization spec uses newer OAuth 2.x RFCs. I did some research on what popular identity providers actually support. Here's what I found:

MCP Authorization Required (MUST) 
๐Ÿ‘‰ OAuth 2.1 / PKCE support
๐Ÿ‘‰ RFC 8414 - OAuth 2.0 Authorization Server Metadata
๐Ÿ‘‰
vCluster (@vcluster) 's Twitter Profile Photo

Join us for this weekโ€™s #vClusterFriday as we take a closer look at kgateway, a CNCF sandbox project for Kubernetes-native API gateways. Saiyam Pathak & kramm are joined by Lin Sun and Christian Posta to walk through how it works. ๐ŸŽฅ youtube.com/watch?v=J4YSbnโ€ฆ