Christian Posta (@christianposta) 's Twitter Profile
Christian Posta

@christianposta

VP, Global Field CTO @soloio_inc, author #Istio in Action, contributor & steering committee @IstioMesh, architect, speaker, #API #ServiceMesh #Microservices

ID: 244131858

linkhttp://blog.christianposta.com calendar_today28-01-2011 15:52:42

12,12K Tweet

11,11K Followers

410 Following

Christian Posta (@christianposta) 's Twitter Profile Photo

🚨 Authorization and policy are such a mess in existing enterprises which make 𝐀𝐈 𝐀𝐠𝐞𝐧𝐭 delegation tricky. Who is Alice? Who is allowed to give Alice access? Why does Alice have their current access? And can an AI Agent properly represent Alice? When building AI agents,

🚨  Authorization and policy are such a mess in existing enterprises which make 𝐀𝐈 𝐀𝐠𝐞𝐧𝐭 delegation tricky. Who is Alice? Who is allowed to give Alice access?  Why does Alice have their current access? And can an AI Agent properly represent Alice?

When building AI agents,
Christian Posta (@christianposta) 's Twitter Profile Photo

😱 Are identity and authorization the same for AI agents as for microservices? AI agents introduce two properties that fundamentally break those assumptions. We can no longer be as sloppy as we’ve been with microservices when deploying AI agents. ⁉️ Maybe this Will Force Us to

😱 Are identity and authorization the same for AI agents as for microservices? AI agents introduce two properties that fundamentally break those assumptions. We can no longer be as sloppy as we’ve been with microservices when deploying AI agents.

⁉️  Maybe this Will Force Us to
Farooq | zo.me (@farooqsheik) 's Twitter Profile Photo

Christian Posta AI agents demand stricter identity and auth, what key principles from microservices can we keep, and where must we rethink security?

llm-d (@_llm_d_) 's Twitter Profile Photo

Two new ways to get involved with the llm-d project! ✅ Help shape our roadmap by taking our 5-min survey on your LLM use cases. ✅ Subscribe to our new YouTube channel for tutorials & SIG meetings! Details in our latest community update: llm-d.ai/blog/llm-d-com…

Two new ways to get involved with the llm-d project!

✅  Help shape our roadmap by taking our 5-min survey on your LLM use cases.
✅  Subscribe to our new YouTube channel for tutorials & SIG meetings!

Details in our latest community update: llm-d.ai/blog/llm-d-com…
solo.io (@soloio_inc) 's Twitter Profile Photo

🎙️Gloo’d In Ep. 1 is live! Anuj Singh chats with Christian Posta about Solo.io’s open source work in AI—covering MCP, Kagent, and Kgateway. 🎧 Tune in:youtu.be/UprfqOi5LdU #AI #OpenSource #Kagent #Kgateway #MCP #CloudNative #Soloio

Christian Posta (@christianposta) 's Twitter Profile Photo

🚨 All AI agents need a unique identity. 🚨 Can SPIFFE help here? No matter how big, small, long-lived/short-lived, one replica, many replicas, etc. Well, in SPIFFE implementations built on Kubernetes, like Istio, there is a fundamental mismatch with agents' non-deterministic,

solo.io (@soloio_inc) 's Twitter Profile Photo

Agent identity is critical for authorization. In his latest blog, Christian Posta explores how SPIFFE fits in today’s AI-driven infra like Kubernetes & Istio—and what may need to change. 🧠 Read it here: bit.ly/44CbJfI #AI #SPIFFE #AgenticAI #Kubernetes #Identity

Agent identity is critical for authorization.  In his latest blog, <a href="/christianposta/">Christian Posta</a> explores how SPIFFE fits in today’s AI-driven infra like Kubernetes &amp; Istio—and what may need to change.

🧠 Read it here: bit.ly/44CbJfI
#AI #SPIFFE #AgenticAI #Kubernetes #Identity
Christian Posta (@christianposta) 's Twitter Profile Photo

🎉 🎉 I've built a step-by-step guides to build MCP servers secured by the 𝐌𝐂𝐏 𝐀𝐮𝐭𝐡𝐨𝐫𝐢𝐳𝐚𝐭𝐢𝐨𝐧 𝐬𝐩𝐞𝐜 (June). The steps walk you through building an MCP server with the HTTP transport, introducing JWT verification, exposing protected resource metadata, and

Christian Posta (@christianposta) 's Twitter Profile Photo

🚀 The final part of my “𝐔𝐧𝐝𝐞𝐫𝐬𝐭𝐚𝐧𝐝𝐢𝐧𝐠 𝐌𝐂𝐏 𝐀𝐮𝐭𝐡𝐨𝐫𝐢𝐳𝐚𝐭𝐢𝐨𝐧” series is now live! The response to the first two posts was incredible — thanks to everyone who shared, commented, connected, and especially Marjan Sterjev for feedback! Now in 𝐏𝐚𝐫𝐭

Christian Posta (@christianposta) 's Twitter Profile Photo

We do need to evolve #OAuth for agentic workloads, but let’s not overlook how far today’s standards can already take us. OAuth for user authorization delegation is great. OAuth for agent identity, authorization, and delegation can use some work. Let's see what's available today:

Andrew Block (@sabre1041) 's Twitter Profile Photo

After 3 years, I am thrilled to be able to announce that the Argo CD book that Christian Hernandez and I have written is now available! Learn how to leverage the full set of features included within Argo CD which implement GitOps principles based on years of industry experience with

After 3 years, I am thrilled to be able to announce that the Argo CD book that <a href="/christianh814/">Christian Hernandez</a>  and I have written is now available! Learn how to leverage the full set of features included within Argo CD which implement GitOps principles based on years of industry experience with
Christian Posta (@christianposta) 's Twitter Profile Photo

🤖 Agents can’t collaborate if they can’t find each other. The hashtag#A2A protocol is becoming the standard for autonomous agent communication but it’s missing a critical layer: Discovery, Naming, and Resolution. In fast-moving environments, hardcoding endpoints and static

Christian Posta (@christianposta) 's Twitter Profile Photo

🔐 In the latest update to the MCP Authorization spec (June 25), MCP clients are encouraged (SHOULD) to use OAuth 2.0 Dynamic Client Registration , enabling clients to automatically register with an IdP like Keycloak, Auth0, or Okta. When combined with: ✅ Resource Indicators

Christian Posta (@christianposta) 's Twitter Profile Photo

🚨 The latest MCP Authorization spec uses newer OAuth 2.x RFCs. I did some research on what popular identity providers actually support. Here's what I found: MCP Authorization Required (MUST) 👉 OAuth 2.1 / PKCE support 👉 RFC 8414 - OAuth 2.0 Authorization Server Metadata 👉

🚨 The latest MCP Authorization spec uses newer OAuth 2.x RFCs. I did some research on what popular identity providers actually support. Here's what I found:

MCP Authorization Required (MUST) 
👉 OAuth 2.1 / PKCE support
👉 RFC 8414 - OAuth 2.0 Authorization Server Metadata
👉
vCluster (@vcluster) 's Twitter Profile Photo

Join us for this week’s #vClusterFriday as we take a closer look at kgateway, a CNCF sandbox project for Kubernetes-native API gateways. Saiyam Pathak & kramm are joined by Lin Sun and Christian Posta to walk through how it works. 🎥 youtube.com/watch?v=J4YSbn…