Designing an Agentic AI-Ready Secure Authentication and Authorization Platform – Yuichi Nakamura, Hitachi
wEvent Recap: LF Energy Summit Europe 2025
TL;DR
At LF Energy Summit Europe 2025, Yuichi Nakamura (Hitachi) examined how secure identity systems must evolve as AI agents interact directly with enterprise tools and data. The session outlined how open standards such as Model Context Protocol (MCP), OAuth 2.1, and Financial-grade API (FAPI), together with Keycloak, can help organizations deploy agentic AI with stronger authentication, authorization, and interoperability controls.
Watch the full presentation >>
Presentation Overview
Nakamura described AI agents as software systems that act on behalf of users while communicating with external tools such as databases, file systems, and APIs. These tools provide the latest information and operational capabilities, but they also create integration complexity because each uses different interfaces and protocols.
To address that challenge, he introduced Model Context Protocol (MCP), which uses MCP clients and MCP servers to create a more standardized connection layer between AI agents and external systems. This can reduce the need for custom integrations across many different tool types.
Security Requirements for AI Agents
A major focus of the presentation was the need for stronger security when AI agents access sensitive systems or data.
Nakamura explained that users must be able to authorize access to their data, while both users and agents need authentication before access is granted. MCP servers must also block unauthorized requests and verify that access tokens are valid before allowing actions to proceed.
He noted that improperly implemented authorization systems can create security risks, particularly if tokens or authorization codes are stolen.
OAuth 2.1 and Keycloak
The session highlighted OAuth 2.1 as a modern framework for secure delegated access. Nakamura explained that OAuth 2.1 builds on earlier OAuth guidance and incorporates stronger default protections.
He then presented Keycloak as an open source identity and access management platform that can serve as an authorization server for MCP environments.
Capabilities discussed included:
- User authentication
- Consent management
- Access token issuance and validation
- Two-factor authentication
- Passkeys
- Social login
- Role-based access decisions
- Support for standards such as OIDC and OAuth 2.1
FAPI and Interoperability
Nakamura also introduced Financial-grade API (FAPI) standards from the OpenID Foundation.
Originally developed for open banking, FAPI adds stricter security controls and formal conformance testing. He noted that FAPI 2.0 shares similar security goals with OAuth 2.1 and can also support authentication and authorization needs for MCP-based systems.
Watch the full presentation >>
FAQ
What is MCP?
Model Context Protocol (MCP) is an open protocol designed to help AI agents interact with tools and services through standardized client-server connections.
Why is authentication important for AI agents?
AI agents may access sensitive systems or act on behalf of users, so identity verification and authorization controls are necessary.
What is Keycloak?
Keycloak is an open source platform for identity and access management.
What is FAPI?
Financial-grade API (FAPI) is a security standard developed by the OpenID Foundation that adds stronger protections and interoperability testing for high-trust API environments.
About LF Energy
LF Energy is an open source foundation within the Linux Foundation focused on advancing collaboration in digital energy infrastructure.
Learn more: https://lfenergy.org
