Skip to content

[notes] Core Maintainer Meeting, July 23rd #1061

New issue
New issue
Closed
Closed
[notes] Core Maintainer Meeting, July 23rd#1061
Labels
notesNotes from meetings and discussions. Used for tracking purposes only, no action is needed.
@dsp-ant

Description

@dsp-ant
dsp-ant
opened on Jul 25, 2025

MCP Core Maintainer Meeting Summary

Date: July 23, 2025

Key Participants

Nick (@000-000-000-000-000)
David Soria Parra (@dsp-ant)
Nick Cooper (@nickcoai)
Che Liu (@pwwpche)
Den Delimarsky (@localden)
Paul Carleton (@pcarleton)
Inna Harper (@ihrpr)
Basil Hosmer (@bhosmer-ant)

Details

  • Meeting Schedule and Location David Soria Parra suggested a pre-London meeting in August or early September in New York. Nick Cooper suggesting a Discord poll for availability. David Soria Parra stated they would create the poll for August New York availability.

  • SEP Review Process and Status David Soria Parra noted that many SEPs are in draft and not moving to "in review" status, making it difficult to assess them. They emphasized the need for individuals assigned to SEPs to ensure they reach a reviewable state.

  • Authorization SEPs Paul Carleton provided updates on authorization-related SEPs, noting that SEP 4, concerning WWW-Authenticate, is almost ready for review. Paul Carleton mentioned two other SEPs related to DCR evolution that need to be considered together, including "software statements in DCR" and "enterprise IDP policy controls," which are still in draft.

  • Working Group Proposals for Authorization David Soria Parra suggested that working groups should provide formal recommendations and proposals for authorization SEPs to help core maintainers make informed decisions. Paul Carleton agreed to jot down notes and plans to discuss this with the authorization group for a readout and vote.

  • Authorization Use Cases and Documentation Nick highlighted the lack of clarity on what specific use cases the authorization features solve, suggesting a need for documentation that explains how to achieve specific use cases like machine authentication. Den Delimarsky noted the absence of reference implementations and documentation for authorization, confirming they are working on a C# reference implementation. Paul Carleton also identified a gap in "how-to" guides, particularly for integrating OAuth with an MCP server.

  • Client-Side Metadata and DCR Evolution Den Delimarsky pointed out that the proposed client metadata URI change, moving away from DCR, would be a significant work item with ramifications for adopters. Nick Cooper emphasized the need for a brief taxonomy of MCP authorization schemes to consistently describe what clients support and provide clear recommendations to customers.

  • SEP Numbering Convention Nick Cooper suggested numbering SEPs based on their GitHub issue number for easier navigation. Che Liu and Basil Hosmer supported this idea, with David Soria Parra agreeing to implement the change and update the guidelines. The decision was made that all SEPs would be numbered by issue ID.

  • Shared Communication Guidelines and Discord Den Delimarsky outlined plans to centralize communication on a single Discord server (CWG Discord) with private and read-only channels . David Soria Parra noted this is a prerequisite for the governance blog post, aiming for implementation soon.

  • Namespaces and Search Proposals David Soria Parra suggested that namespaces are not required in the protocol, as URI schema format for names inherently allows hierarchical separation similar to namespaces. Nick Cooper and Nick agreed that the namespace proposal is likely unnecessary, with Nick suggesting that search functionality should be a more general solution and not tied to namespace tags. Che Liu proposed publishing guidelines that supersede existing namespace discussions and formalizing a separate, generic search SEP.

  • Declining Namespace Proposals David Soria Parra and Nick concluded that the current namespace proposal should be declined, unless a sponsor would be found and move the SEP forward. Che Liu offered to decline the proposal and communicate to the community that URL schemes are the preferred approach for hierarchical separation.

  • SDK Requirements and Consistency David Soria Parra raised a concern about the Java SDK not implementing OAuth directly, instead providing hooks for higher-level frameworks, which conflicts with the "framework independent" SDK requirement. Nick emphasized the benefit of consistency across SDKs so that developers have clear expectations of functionality regardless of the language. Basil Hosmer and Che Liu also stressed that SDKs should implement the entire spec to ensure a consistent developer experience and avoid hindering adoption.

  • Authorization Server Implementation in SDKs Paul Carleton questioned whether SDKs should provide a fully functional authorization server, leaning towards not providing one due to maintenance overhead. Nick agreed, stating that client-side OAuth implementation is crucial, but implementing an OAuth server is less important as it is often handled by external technology. Den Delimarsky also cautioned against implementing an authorization server within the SDK due to security complexities and potential breach risks.

  • Community Involvement and Maintainer Promotion David Soria Parra expressed concern that the bar for community involvement, particularly for becoming a maintainer, feels too high for new contributors. They suggested a future discussion on how to streamline the process for promoting people into maintainer roles, to foster more participation and influence within the community. David Soria Parra also recognized the need to improve meeting preparation by sending out SEP documents and agendas 24 hours in advance

Suggested next steps

  • David Soria Parra will kick off a poll in the Discord about his availability in August for New York.
  • Den Delimarsky will tweak and clean up the communication strategy proposal today and send it to the group.
  • David Soria Parra will go through all the SEPs today and link the notes, and write a formalized version of the SDK requirements for official SDKs.
  • David Soria Parra will ensure that for the next core maintainer meetings, an email with SEPs and agenda is sent out 24 hours in advance.
  • Den Delimarsky will jot down notes on how working groups want to review proposals.
  • Nick Cooper will send the PR for the changes to the guidelines regarding numbering SEPs by issue number.
  • Nick will send Che Liu the link to the best practices of tool collision in the docs.
  • Che Liu will follow up with the namespace folks for their two existing SEPs and collaborate with them to formalize the guidelines into a set and change the spec.

Metadata

Metadata

Assignees

No one assigned

    Labels

    notesNotes from meetings and discussions. Used for tracking purposes only, no action is needed.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions