Who Let the Agent In? Securing MCP Servers in Production
Breakout Session
The Model Context Protocol (MCP) is reshaping how agents interact with tools and APIs, but building MCP servers that are secure, governed, and production-ready is still a challenge. Many teams want to expose powerful capabilities through MCP, yet struggle to implement authentication and authorization that follow the MCP specification while staying flexible for real-world use cases.
This talk focuses on how to implement MCP-spec-compliant authentication and rich authorization models for your MCP servers without unnecessary complexity. We will start with a clear overview of how MCP handles identity and access. After that, we will walk through a minimal MCP server implementation. Once the basics are in place, we will add standards-aligned authentication and explore techniques for fine-grained and contextual authorization using OpenFGA.
The session will also connect these patterns to real-world data streaming and API governance scenarios, where multiple services, tools, and agents require controlled access to event streams, schemas, or domain-specific operations. As enterprises adopt agent-driven architectures, securing access to streaming systems becomes increasingly important.
To wrap up, we will look at solutions that can provide the same authentication and authorization capabilities, including FGA-style access control, through a fully managed and no-code approach. This lets you focus on building MCP servers instead of maintaining multiple security layers.
Audience Takeaways:
A practical understanding of MCP authentication and how to implement it correctly
A reference design for fine-grained authorization for MCP using OpenFGA
Patterns for governing access to streaming systems and APIs exposed through MCP
How to offload the entire security layer to Gravitee without writing any additional code in your MCP server
Actionable guidance you can apply immediately when building your own MCP servers
By attending this session, your contact information may be shared with the sponsor for relevant follow up for this event only.
Prachi Jamadade
Gravitee