新的授权规范将模型上下文协议扩展到代理AI系统

作为代理AI系统（大型语言模型（LLMS）功率自主，目标驱动的代理）从实验原型迅速过渡

Agentic AI systems, where large language models (LLMs) power autonomous, goal-driven agents, are rapidly transitioning from experimental prototypes to production-ready services. These agents read databases, trigger API calls, write to software-as-a-service (SaaS) platforms, and stitch together workflows across systems that weren't necessarily designed to coordinate. A fundamental question arises as these systems evolve: how should identity and access be handled when no human is in the loop?

代理AI系统，大型语言模型（LLMS）功率自主，目标驱动的代理正在迅速从实验原型过渡到生产准备就绪的服务。这些代理商读取数据库，触发API调用，写入软件即服务（SaaS）平台，以及跨系统跨系统设计的工作流程，这些工作流程不一定是为了坐标而设计的。随着这些系统的发展，就会出现一个基本问题：当没有人进入循环时，应该如何处理身份和访问？

Initially introduced by Anthropic, the Model Context Protocol (MCP) aims to be the lingua franca for agentic interoperability, providing a standardized interface for agents to interact with external tools, prompts, and resources. However, as agent actions become more powerful, and potentially dangerous, robust, flexible, and secure access control becomes essential.

最初是由拟人化引入的，模型上下文协议（MCP）旨在成为代理互操作性的通用语言，为代理提供与外部工具，提示和资源进行交互的标准化接口。但是，随着代理行动变得越来越强大，可能是危险，健壮，灵活和安全的访问控制变得至关重要。

The recently released MCP Authorization Specification proposes an essential first step: standardizing how clients obtain authorization to access protected MCP resources using OAuth 2.1 and PKCE (Proof Key for Code Exchange).

最近发布的MCP授权规范提出了一个重要的第一步：标准化客户如何获得使用OAUTH 2.1和PKCE访问受保护的MCP资源的授权（代码交换的证明密钥）。

This post unpacks what the spec introduces, why PKCE was chosen, how the flow works, and why authentication remains a critical missing piece, especially in non-human entity interactions.

这篇文章解开了规格介绍的内容，为什么选择PKCE，流动方式的工作原理以及为什么身份验证仍然是关键的缺失部分，尤其是在非人类实体交互中。

Why Agentic AI Needs a New Authorization Model

为什么代理AI需要新的授权模型

In traditional web architectures, authorization typically involves browser-based login flows, session cookies, or OAuth tokens issued after a human clicks "Authorize." Agentic AI systems present unique authorization challenges because they make autonomous API calls driven by LLMs, without direct user involvement.

在传统的Web体系结构中，授权通常涉及基于浏览器的登录流，会话cookie或在人类点击“授权”后发出的OAuth代币。代理AI系统提出了独特的授权挑战，因为它们在没有直接用户参与的情况下驱动了由LLMS驱动的自动API调用。

These agents interpret prompts and programmatically plan tasks, necessitating strong API security measures. Typically long-lived, stateless, and dynamic, these agents operate without user oversight for access approval or execution guidance.

这些代理商解释了提示和编程计划的任务，需要采取强大的API安全措施。通常，这些代理商通常长寿，无状态和动态，无需用户监督以访问批准或执行指导。

This change creates some challenges:

这种变化带来了一些挑战：

The MCP authorization specification attempts to impose structure on one part of this problem: how should an MCP client discover and obtain authorization to access protected resources?

MCP授权规范试图将结构强加于此问题的一个部分：MCP客户端应如何发现并获得授权以访问受保护的资源？

Goals of the MCP Authorization Specification

MCP授权规范的目标

The spec introduces a consistent, standards-based authorization workflow for MCP clients. Its goals are to:

该规格为MCP客户端介绍了一致的基于标准的授权工作流程。它的目标是：

What's in a PRM Document?

PRM文档中有什么？

A PRM document is a JSON-based resource returned by an MCP server when access is denied. It typically includes:

PRM文档是拒绝访问时由MCP服务器返回的基于JSON的资源。它通常包括：