新的授權規範將模型上下文協議擴展到代理AI系統

作為代理AI系統（大型語言模型（LLMS）功率自主，目標驅動的代理）從實驗原型迅速過渡

Agentic AI systems, where large language models (LLMs) power autonomous, goal-driven agents, are rapidly transitioning from experimental prototypes to production-ready services. These agents read databases, trigger API calls, write to software-as-a-service (SaaS) platforms, and stitch together workflows across systems that weren't necessarily designed to coordinate. A fundamental question arises as these systems evolve: how should identity and access be handled when no human is in the loop?

代理AI系統，大型語言模型（LLMS）功率自主，目標驅動的代理正在迅速從實驗原型過渡到生產準備就緒的服務。這些代理商讀取數據庫，觸發API調用，寫入軟件即服務（SaaS）平台，以及跨系統跨系統設計的工作流程，這些工作流程不一定是為了坐標而設計的。隨著這些系統的發展，就會出現一個基本問題：當沒有人進入循環時，應該如何處理身份和訪問？

Initially introduced by Anthropic, the Model Context Protocol (MCP) aims to be the lingua franca for agentic interoperability, providing a standardized interface for agents to interact with external tools, prompts, and resources. However, as agent actions become more powerful, and potentially dangerous, robust, flexible, and secure access control becomes essential.

最初是由擬人化引入的，模型上下文協議（MCP）旨在成為代理互操作性的通用語言，為代理提供與外部工具，提示和資源進行交互的標準化接口。但是，隨著代理行動變得越來越強大，可能是危險，健壯，靈活和安全的訪問控制變得至關重要。

The recently released MCP Authorization Specification proposes an essential first step: standardizing how clients obtain authorization to access protected MCP resources using OAuth 2.1 and PKCE (Proof Key for Code Exchange).

最近發布的MCP授權規範提出了一個重要的第一步：標準化客戶如何獲得使用OAUTH 2.1和PKCE訪問受保護的MCP資源的授權（代碼交換的證明密鑰）。

This post unpacks what the spec introduces, why PKCE was chosen, how the flow works, and why authentication remains a critical missing piece, especially in non-human entity interactions.

這篇文章解開了規格介紹的內容，為什麼選擇PKCE，流動方式的工作原理以及為什麼身份驗證仍然是關鍵的缺失部分，尤其是在非人類實體交互中。

Why Agentic AI Needs a New Authorization Model

為什麼代理AI需要新的授權模型

In traditional web architectures, authorization typically involves browser-based login flows, session cookies, or OAuth tokens issued after a human clicks "Authorize." Agentic AI systems present unique authorization challenges because they make autonomous API calls driven by LLMs, without direct user involvement.

在傳統的Web體系結構中，授權通常涉及基於瀏覽器的登錄流，會話cookie或在人類點擊“授權”後發出的OAuth代幣。代理AI系統提出了獨特的授權挑戰，因為它們在沒有直接用戶參與的情況下驅動了由LLMS驅動的自動API調用。

These agents interpret prompts and programmatically plan tasks, necessitating strong API security measures. Typically long-lived, stateless, and dynamic, these agents operate without user oversight for access approval or execution guidance.

這些代理商解釋了提示和編程計劃的任務，需要採取強大的API安全措施。通常，這些代理商通常長壽，無狀態和動態，無需用戶監督以訪問批准或執行指導。

This change creates some challenges:

這種變化帶來了一些挑戰：

The MCP authorization specification attempts to impose structure on one part of this problem: how should an MCP client discover and obtain authorization to access protected resources?

MCP授權規範試圖將結構強加於此問題的一個部分：MCP客戶端應如何發現並獲得授權以訪問受保護的資源？

Goals of the MCP Authorization Specification

MCP授權規範的目標

The spec introduces a consistent, standards-based authorization workflow for MCP clients. Its goals are to:

該規格為MCP客戶端介紹了一致的基於標準的授權工作流程。它的目標是：

What's in a PRM Document?

PRM文檔中有什麼？

A PRM document is a JSON-based resource returned by an MCP server when access is denied. It typically includes:

PRM文檔是拒絕訪問時由MCP服務器返回的基於JSON的資源。它通常包括：