ONTAP MCP should enforce OAuth authentication to prevent unauthorized access to the MCP server.
When the MCP server is deployed, any LLM client or user who knows the MCP server’s IP address and TCP port can currently connect to it without authentication and automatically gain all permissions associated with the ONTAP users. This represents a significant security risk.
The MCP specification supports OAuth authorization (via OAuth grant types), authentication is currently defined as optional rather than mandatory.
OAuth-based authentication should be mandatory (MUST) for ONTAP MCP in order to properly secure ONTAP production environments that expose MCP endpoints and prevent unauthorized access or misuse.
ONTAP MCP should enforce OAuth authentication to prevent unauthorized access to the MCP server.
When the MCP server is deployed, any LLM client or user who knows the MCP server’s IP address and TCP port can currently connect to it without authentication and automatically gain all permissions associated with the ONTAP users. This represents a significant security risk.
The MCP specification supports OAuth authorization (via OAuth grant types), authentication is currently defined as optional rather than mandatory.
OAuth-based authentication should be mandatory (MUST) for ONTAP MCP in order to properly secure ONTAP production environments that expose MCP endpoints and prevent unauthorized access or misuse.