When new technology standards emerge, they often move quickly. That speed can accelerate innovation, but it can also mean early design decisions are optimized for experimentation rather than real-world use at scale. As Autodesk began experimenting with the Model Context Protocol (MCP), an emerging open-source standard designed to help AI-powered tools securely connect to services and data, we saw enormous potential. At the same time, we recognized an opportunity (and a responsibility) to help ensure the standard would work not just for demos, but for enterprises operating in production environments. At Autodesk, trust, security, and privacy are foundational. We build platforms that serve millions of customers, integrate with complex partner ecosystems, and operate under strict governance and compliance requirements. Those realities shaped how we engaged with MCP from the beginning.

Why enterprise identity matters for emerging AI standards

Early MCP implementations raised important questions around authentication, authorization, and client identity, especially as teams began building MCP servers intended for real-world use. At the time, MCP relied on dynamic client registration, a model where a server automatically issues an identity to any client that connects. While this approach lowers friction for experimentation, it introduces significant challenges at enterprise scale. Automatically issued identities make it difficult to:

• Control who has access to sensitive systems and data
• Enforce predictable onboarding and approval processes
• Maintain clear audit trails and accountability

For enterprises like Autodesk, these are not edge cases. They are baseline requirements. From our perspective, for MCP to succeed broadly, it needed to support identity models that align with how large organizations actually manage trust.

Bringing enterprise realities into the MCP community

Standards like MCP are shaped in the open, through collaboration across companies, platforms, communities, and organizations, such as the newly formed Agentic AI Foundation. As Autodesk explored MCP internally, we also began engaging directly in conversations alongside partners, cloud providers, and other technology companies. We joined open MCP discussions on channels like Discord to share practical, real-world feedback based on how large organizations operate and what customers expect, advocating for:

• Predictable, stable client identities
• Intentional onboarding through pre-registration models
• Clear separation between experimentation and production-grade deployments

These aren’t unique needs—they reflect how enterprises across industries manage security, governance, and risk. By participating directly in MCP discussions and contributing proposed changes to the specification, Autodesk helped ensure those enterprise requirements were represented as the standard evolved.

Advancing a more scalable model: Client Identifier Metadata Documents (CIMD)

In parallel, members of the OAuth working group were advancing an approach called Client Identifier Metadata Documents (CIMD). Rather than dynamically creating identities, CIMD uses stable, well-known URLs—hosted by the client and tied to its domain—as client identifiers. From an enterprise standpoint, this model offered clear advantages:

• Client identities are predictable and auditable
• Trust relationships are easier to reason about
• Access controls align with existing governance models

Autodesk supported this direction and contributed feedback, requirements, and implementation insights to help close gaps and establish compatibility with MCP use cases. As discussions progressed across the MCP and OAuth communities, momentum grew around CIMD as a safer, more flexible foundation for client identity. By late 2025, CIMD was incorporated into the MCP specification, significantly improving its readiness for production environments.

What changed—and why it matters

With CIMD in place, MCP became far more viable for enterprise adoption. The updated specification now supports:

• Stable client identities by default
• Pre-registration when tighter controls are required
• Clearer authorization models for MCP servers and clients

For customers, this means MCP servers are easier to configure and trust. For enterprises, it means MCP servers align with established security and governance practices, and for the broader ecosystem, it means a stronger, more adaptable standard.

Autodesk’s approach to shaping emerging standards

Autodesk’s involvement in agentic standards like MCP reflects a broader philosophy: engaging early and constructively in emerging technologies to help shape them so they’re secure, scalable, and built for real-world use. We don’t participate in standards development solely for our own products. We do it to:

• Help protect our customers
• Represent enterprise realities
• Strengthen the ecosystems we depend on

MCP is a clear example of how open collaboration, grounded in real production experience, can lead to better outcomes for everyone involved. Building on the work with MCP, Autodesk also recently joined the Fine‑Grained Authorization working group, to contribute enterprise use cases to help shape how agents navigate complex permission models.

Learn more about how Autodesk is using Model Context Protocols and building enterprise-ready AI experiences