Model Context Protocol Blog

The Enterprise-Managed Authorization extension is now stable. Organizations can centrally manage authorization for MCP servers and end-users can access all connected MCP servers through a single log in. The extension is being adopted by Anthropic, Microsoft, Okta and a growing number of MCP servers. The Enterprise-Managed Authorization (EMA) extension is now stable. We’ve heard from the community that authorization and repeated consent prompts from connected MCP servers is one of the biggest pain points when it comes to managing connectivity in enterprise environments. This extension helps address this. ...

The release candidate for MCP 2026-07-28 is now available. It is the largest revision of the protocol since launch and delivers on the 2026 roadmap: a stateless core that scales on ordinary HTTP infrastructure extensions including server-rendered UIs through MCP Apps and long-running work through the Tasks extension authorization that aligns more closely with OAuth and OpenID Connect deployments a formal deprecation policy so the protocol can evolve without breaking what you’ve built, and many other changes. ...

I’m happy to share two updates to the maintainer team: Clare Liguori is joining the Core Maintainer group, and Den Delimarsky is joining me as a Lead Maintainer. When we introduced the MCP governance model last summer, the goal was to make sure the protocol could keep growing without any one person becoming a bottleneck. That has held up well through two specification releases, the move to the Agentic AI Foundation (AAIF), and a steady increase in SEP volume, and these changes give the project the leadership capacity it needs for what comes next. ...