1. Executive Summary

This document details the Authentication Flow and Custom Core Banking Sidecar integration for the TMX Agentic Finance platform. It addresses the technical feasibility of integrating with existing banking security infrastructure (OIDC/OAuth2) and defining how the system securely communicates with legacy core banking systems via a dedicated Sidecar pattern.

The architecture ensures Zero Trust security by propagating identity context without exposing credentials, utilizing a "Trust-But-Verify" model enforced by the Secure MCP Gateway.

2. Authentication Architecture

The system is designed to overlay on top of the Bank's existing Identity Provider (IdP). We do not replace the bank's authentication; we consume it.

2.1 Key Principles

  1. Identity Propagation, Not Sharing The Agent never sees or stores the user's login password. It operates on a valid Access Token (JWT) issued by the Bank's IdP.
  2. Gateway as Trust Anchor The Secure MCP Gateway acts as the policy enforcement point. It validates that the Agent is authorized to act on behalf of user_123 before calling any downstream tools.
  3. Sidecar Isolation The connection to the legacy core banking system is isolated within a Custom Core Banking Sidecar, which handles protocol translation (e.g., JSON -> SOAP) and holds the necessary technical service credentials.

3. Detailed Authentication Flow

The following flow describes how a user request traverses the system, maintaining security context from the Mobile App down to the Mainframe.

3.1 The "Context Propagation" Chain

image.png

3.2 Security Boundaries

  1. Public Zone (User → LB): Protected by WAF and Standard OIDC.
  2. Private Zone (Agent Core): Stateless execution environment. Knows who the user is (user_123) but has no access to raw banking credentials.
  3. Secure Zone (Gateway → Sidecar): Highly restricted network.