Why We're Excited About Solid and MCP

Like thousands of other developers, the Inrupt team has been experimenting with Anthropic's Model Context Protocol (MCP). 

MCP "provides a universal, open standard for connecting AI systems with data sources, replacing fragmented integrations with a single protocol,” according to Anthropic.

The vision of MCP will resonate for those familiar with Solid, because it aims to establish itself as a standard for data interoperability across systems. Our initial exploration has revealed promising opportunities for deeper protocol-level integration, particularly in developing robust agent identity and permissioning layers that the MCP ecosystem currently needs.

Here's why this matters: Imagine giving an AI agent access to just one folder in your Google Drive. With current MCP authentication, you can't — you hand over everything.

We've been working on a solution, and we think you'll want to see this. We've integrated Solid's permission model with MCP to create Agentic Wallets™ — here's what we've learned.

Solid + MCP = Safer Identity and Permissioning for AI Agents

The current MCP authentication model treats AI agents like they're you — full access to everything. But Solid changes the game by decoupling identity, data, and permissions into discrete, manageable components. Now your AI agent can access just that project folder, nothing more. 

This approach becomes especially critical when implementing AI systems with complex data access requirements — a consideration enterprise architects regularly face when designing secure, compliant systems. Similarly, security and data governance teams demand proper permissioning for AI systems that interact with sensitive enterprise information.

By combining MCP's interoperability with Solid's granular permissions model, we can create a framework that enforces the well-known principle of least privilege for AI agents. The underlying Agentic Wallet™ ensures agents operate only with the specific access they need, delivering a proper baseline of security without compromising functionality.

Building a Solid-enabled MCP Server

We built a prototype of an MCP Solid server that allows MCP clients, like Claude, to interact with our Agentic Wallets™, based on the Solid protocol. We’ve hooked our server up to Claude alongside a few other common MCP servers and have been experimenting with different uses and scenarios.

The setup allows for organization and management of data in a Wallet through a simple natural language interface. Instead of clicking, dragging, dropping, downloading and uploading files to the right place, it’s a simple command: “Move all my 2024 tax forms from my email and my downloads folder into the ‘Taxes’ folder in my Wallet.”

Any CRUD action can be performed using natural language through the MCP-Client. It also includes direct calls to the Solid consent endpoints to issue Access Grants and review Access Requests. You could ask questions like "Who currently has the ability to view my car rental receipt?" 

And you can issue permissions on the fly: "Share my driver's license with the rental agency" becomes a natural language interaction that triggers secure, controlled data sharing. Actually, due to Solid’s advanced consent framework, that instruction could be: “Share my driver’s license with the rental agency for the next 48 hours so they can confirm my eligibility to rent this car.”

Persistent Storage for Agents that Work Across Systems

These are simple examples, but we think the combination of MCP and Agentic Wallets fills a critical gap in the current MCP landscape. While MCP excels at enabling agents to pull data from existing sources to generate insights or new content, a fundamental question remains: Where does this new or updated data ultimately live and how is access to it controlled?

In some scenarios, it makes perfect sense to push updated data back to the original source using MCP's capabilities. However, many agent interactions generate entirely new data that doesn't logically fit within any existing data source. Without a dedicated home, this valuable information either remains in short-term context memory or gets lost entirely.

Various AI vendors are trying to solve this problem piecemeal by introducing editable “memory” functions to their offerings. But so far, these memories are clunky and limited. They’re either auto-generated from snippets of conversation, or text instructions that the user adds manually to a memory file. They have no capability to store files or other types of data. And more fundamentally, these memory repositories are tied to each AI vendor — they don’t match the vision of interoperability that guides MCP.

This is where Agentic Wallets™ emerge as the ideal solution. By serving as a dedicated repository for agent-generated data, Wallets ensure persistence and reusability of this information across sessions and systems. Rather than starting from scratch each time, agents can build upon previous interactions, even if those interactions were with other agents. This gives each individual a continuously evolving knowledge base that enhances future capabilities.

Agentic Wallets™ effectively become the permissioned memory for the entire agent ecosystem — a trusted, user-controlled space where AI-generated insights can be preserved, organized, and accessed with appropriate permissions.

Join Us

We're seeing organizations struggle with agent data persistence and granular permissions — two critical gaps that prevent enterprise AI adoption. Our implementations are delivering the control and security teams need. We'd love to share insights with organizations tackling similar challenges — reach out at product@inrupt.com.