SLIM provides secure identity messaging for agents but when applied to MCP, the tool call payloads themselves aren't cryptographically signed. Tool definitions from MCP servers are accepted without hash verification, and there's no replay protection on individual calls.
MCPS (MCP Secure) fills this specific gap — per-message ECDSA signing over canonical JSON payloads, tool schema pinning, and nonce-based replay rejection. It's designed to sit underneath identity layers like SLIM/AGNTCY.
IETF Internet-Draft: draft-sharif-mcps-secure-mcp
Would be interested in exploring how MCPS could integrate with the SLIM MCP transport.
SLIM provides secure identity messaging for agents but when applied to MCP, the tool call payloads themselves aren't cryptographically signed. Tool definitions from MCP servers are accepted without hash verification, and there's no replay protection on individual calls.
MCPS (MCP Secure) fills this specific gap — per-message ECDSA signing over canonical JSON payloads, tool schema pinning, and nonce-based replay rejection. It's designed to sit underneath identity layers like SLIM/AGNTCY.
IETF Internet-Draft: draft-sharif-mcps-secure-mcp
Would be interested in exploring how MCPS could integrate with the SLIM MCP transport.