MCP Auth is just Oauth, its designed for humans to authenticate their sessions for connections.
TBH I know nothing about A2A.
Agent Identity and Authz is a different problem, allowing agents to operate independently from humans with granular permissions is coming/whether from these protocols or others, and when it does I think CLIs/CLI Device Auth which is used as a rough proxy for this where the agent just takes your identity will finally go away.
>Defaults are bad. Agents can be expected to read the documentation, register what good starting values are, and fill them all in, in place.
This is not what defaults are for.
If, for example, you are writing a replacement CLI for git, *for the love of God and all that is holy* do not force agents to read the entire documentation and pass a value for every possible parameter
First time I'm hearing about https://agentauthprotocol.com/ and https://workos.com/auth-md
MCP and A2A weren't enough?
MCP Auth is just Oauth, its designed for humans to authenticate their sessions for connections.
TBH I know nothing about A2A.
Agent Identity and Authz is a different problem, allowing agents to operate independently from humans with granular permissions is coming/whether from these protocols or others, and when it does I think CLIs/CLI Device Auth which is used as a rough proxy for this where the agent just takes your identity will finally go away.
>Defaults are bad. Agents can be expected to read the documentation, register what good starting values are, and fill them all in, in place.
This is not what defaults are for.
If, for example, you are writing a replacement CLI for git, *for the love of God and all that is holy* do not force agents to read the entire documentation and pass a value for every possible parameter
Why not?
The docs for git clone at https://git-scm.com/docs/git-clone are less than 4000 tokens, I don't think this is unreasonable.