How do you handle MCP tool access control for internal tenants in an enterprise platform?
If you use FastMCP for your MCP servers have you found stateless_http=True to be stable in production, or do you keep stateful sessions for anything?
If you use FastMCP for your MCP servers have you found stateless_http=True to be stable in production, or do you keep stateful sessions for anything?
Do you usr Microsoft Foundry as your LLM gateway? I would like to understand if you use Foundry for this use case .
We are building an internal developer platform . The platform has a central API Gateway FastAPI (we call it MCP Gateway) that sits in front of multiple backend microservices (we call them MCP Servers using FastMCP ). Tenants (internal application teams) call tools exposed by these backend servers through the gateway.
The gateway handles all authentication and authorization. Backend servers trust the gateway and do no auth themselves.
Context:
Backend servers run as Kubernetes pods (EKS)
Gateway dispatches to backends via internal cluster DNS
All tools are AWS-related operations
Some tools are read-only (safe for automation), some are write operations (should be human-initiated only)
We enforce tier-based access control (read-only tier, write tier, governance tier) at the gateway
Tenants are identified by their AD group memberships extracted from JWT claims
Account-level eligibility is derived from AD groups at request time
Looking specifically for: contract requirements between gateway and backend (what the backend must expose/accept), operational requirements (health, reliability), security requirements (secrets, network, IAM), and data handling requirements. What kind of baseline you have set it up ?
what the tool must and must not return or log
We are building an internal developer platform . The platform has a central API Gateway FastAPI (we call it MCP Gateway) that sits in front of multiple backend microservices (we call them MCP Servers using FastMCP ). Tenants (internal application teams) call tools exposed by these backend servers through the gateway.
The gateway handles all authentication and authorization. Backend servers trust the gateway and do no auth themselves.
Context:
Backend servers run as Kubernetes pods (EKS)
Gateway dispatches to backends via internal cluster DNS
All tools are AWS-related operations
Some tools are read-only (safe for automation), some are write operations (should be human-initiated only)
We enforce tier-based access control (read-only tier, write tier, governance tier) at the gateway
Tenants are identified by their AD group memberships extracted from JWT claims
Account-level eligibility is derived from AD groups at request time
Looking specifically for: contract requirements between gateway and backend (what the backend must expose/accept), operational requirements (health, reliability), security requirements (secrets, network, IAM), and data handling requirements. What kind of baseline you have set it up ?
what the tool must and must not return or log
hello experts, Can you guide me where i can apply for freelance work on IT from poland ,
hello 👋 folks , hope you are doing good ? is there any news for option trading features enable in trading212 ?
i don’t like IBKR due to complex platform. any other simpler option do we have similar like robinhood ?
i am from poland
Cześć,
Mam pytanie o inwestowanie przez XTB, szczególnie przez IKE lub IKZE.
Jestem obcokrajowcem z Indii, mieszkam i pracuję w Polsce jako specjalista IT. Płacę podatki w Polsce.
Czy ktoś wie, czy jako obcokrajowiec mogę normalnie korzystać z IKE/IKZE w XTB? Jak wygląda wtedy kwestia podatków? Czy trzeba płacić podatek Belki? I czy można wypłacać pieniądze od czasu do czasu, czy lepiej nie ruszać tych środków przed emeryturą?
Zastanawiam się też, czy w mojej sytuacji lepiej inwestować przez zwykłe konto maklerskie, czy przez IKE/IKZE.
Będę wdzięczny za każdą poradę.
Hello Obsadian experts , how you embedded draw.io diagrams? any tips or tools you use ?
Hello, which broker from Poland do you use for trading, and which one for investing?
We're now designing a group-based model . (on-prem AD groups synced to Entra, group assigned to subscription role via Terraform, users request membership via self-service with approval)
How do you manage?
do you use a flat structure like AZ_{sub-name}_RL_{Role} or something hierarchical?
we want on-prem so offboarding automatically strips membership. Anyone doing cloud-only groups and solving the offboarding gap differently
are you using PIM for eligible assignments instead of/alongside groups?
Witam, jakiego brokera z Polski używasz do tradingu, a którego do inwestowania?
Have you setup foundry on your landing Zone ? What is the use case your are solving ? any production grade architecture you suggest?
AWS summit videos .. where i can watch ?
To run a Qwen3-35B-A3B Local model which Mac configuration i need to run atleast
why Antigravity IDE does not show opus 4.7 ?