Aaron Parecki

About:

Aaron Parecki is an expert in OAuth and online security, co-founder of IndieWebCamp, and a content creator focused on livestreaming and video production.

Website:

aaronparecki.com

Specializations:

Content Creator Educator Author Conference Speaker Director of Identity Standards Online Security Expert

Interests:

OAuth Online security Data ownership Online identity Quantified self Home automation

Incoming Links:

Amit Gawande Ana Benjamin Esham Chris Aldrich Chris Burnell David Shanske gRegor Morrill Jakob L. Kreuze James' Coffee Blog Jeremy Keith kaangiray26 Khürt Williams Lambros Petrou Lloyd Atkinson Manton Reece Marc Thiele Marcus Obst Matthias Ott Noah Snelson Pierre Carrier Rishikesh Sreehari Simone Silvestroni Tom MacWright zerokspot.com Show more (19)

Outgoing Links:

Andy Baio Ben Werdmuller Brian Krebs Chris Aldrich Henrique Dias Jean MacDonald Jeremy Keith Khürt Williams Matt Gemmell Sindre Sorhus Show more (5)
Subscribe to RSS:
Link

7.3Client Registration and Enterprise Management in the November 2025 MCP Authorization Spec

2025-11-25 ai applications and solutions authentication model context protocol (mcp) information security client registration

The blog post discusses the launch of the new Model Context Protocol (MCP) authorization specification, highlighting significant updates that enhance enterprise scalability and security. Key changes include the introduction of Cli...

5.5Client ID Metadata Document Adopted by the OAuth Working Group

2025-10-08 api ietf authentication web standards client id

The IETF OAuth Working Group has adopted the Client ID Metadata Document specification, allowing OAuth clients to identify themselves to authorization servers using their own URL and hosting metadata in a JSON document. This mecha...

5.4Adding Support for BlueSky to IndieLogin.com

2025-10-11 web development bluesky indie authentication

The author announces the launch of BlueSky as a new authentication option for IndieLogin.com, a service that allows users to log in to websites using their own domain. The integration leverages BlueSky's support for the OAuth Clie...

5.1Recurring Events for Meetable

2025-11-25 scheduling software development recurring revenue meeting table

The author discusses the implementation of a new feature for the Meetable software, aimed at improving event scheduling for the MCP Community. Initially, recurring events were not supported due to issues with stale listings. To ad...

5.1Meetable Release Notes - October 2025

2025-10-04 open source discord community event announcement meeting table

The blog post details updates for Meetable, an open-source event listing website. Key features include the ability for users to log in with Discord accounts, linking Meetable instances to Discord servers, and restricting logins ba...

0Enterprise-Ready MCP

2025-05-13 enterprise software authentication model context protocol (mcp) cross-app access ai

The text discusses how the recent updates to the MCP authorization spec have made it easier for enterprises to integrate AI tools into their systems. It explains the importance of single sign-on, connecting to external apps, and t...

0Let's fix OAuth in MCP

2025-04-03 oauth 2.0 model context protocol (mcp) authorization access tokens resource management protected resource metadata enterprise idp integration

The text discusses the need for an MCP server to have its own auth server, explaining the roles of the authorization server and resource server in OAuth. It also addresses the need for separation of concerns, the use of Protected ...

0My IETF 121 Agenda

2024-11-04

...

0Thoughts on the Resiliency of Web Projects

2024-09-01

The author reflects on the resiliency of web projects and the challenges of maintaining old code. He discusses the process of cleaning up his server and the difficulties of maintaining old projects. He also shares his thoughts on ...

0San Francisco Billboards - August 2025

2025-08-07

...

0OAuth Oh Yeah!

2024-08-29

The blog post is a poetic and creative take on the laws of OAuth, emphasizing the importance of security and authorized access tokens in the digital world.

0My IETF 120 Agenda

2024-07-21

...

0FedCM for IndieAuth

2024-05-12

The blog post discusses a new feature for IndieAuth that allows users to log in to websites using their domain with a new browser API. The post explains the ongoing effort at the Federated Identity Community Group at the W3C to bu...

0OAuth for Browser-Based Apps Working Group Last Call!

2024-05-02

The post announces the Working Group Last Call for the draft specification OAuth for Browser-Based Applications, asking for final comments and support. It also provides options for providing feedback and expresses gratitude to Phi...

0OAuth: "grant" vs "flow" vs "grant type"

2024-03-29

The post explains the differences between the terms 'grant', 'flow', and 'grant type' in the context of OAuth, providing definitions and examples of when each term is appropriate. The author also mentions plans to add the summary ...

0I took the High-Speed Brightline Train from Miami to Orlando with only two hours notice

2023-12-02

The author describes his experience taking the High-Speed Brightline Train from Miami to Orlando after his flight was cancelled. He details the process of booking the ticket, the experience at the station, the premium lounge, boar...

0OAuth for Browser-Based Apps Draft 15

2023-10-23

The blog post discusses the revision of the OAuth for Browser-Based Apps Draft 15, providing clearer guidance and discussion of the threats and consequences of various architectural patterns. The author expresses gratitude to Phil...

0OAuth Support in Bluesky and AT Protocol

2023-03-10

The blog post discusses the challenges and limitations of the Bluesky social media platform and AT Protocol, and how OAuth can solve these issues. It explains how OAuth can be used to access data in the user's Personal Data Server...