| ▲ | troupo 4 hours ago | |||||||
> Among them, chief is security The security is so chief that they had no security at all until several versions later when they hastily bolted on OAuth. MCP is a vibe-codef protocol that rode one of the many AI hype waves where all "design documents" are post-hoc justifications. | ||||||||
| ▲ | brabel 2 hours ago | parent [-] | |||||||
They did the right thing in hindsight: leave security open until clear patterns emerge, then solidify those patterns into a spec. The spec is still in draft and currently, they are trying to find a simpler solution for client registration than DCR, which apparently ephemeral clients seems to solve for now. If they had made the security spec without waiting for user information they would most certainly have chosen a suboptimal solution. | ||||||||
| ||||||||