Open Data Infrastructure

The Model Context Protocol and Open Data Infrastructure

Why MCP needs open data infrastructure behind it: governed access, metadata, lineage, policy, and durable agent context.

The Model Context Protocol gives agents a cleaner way to reach tools and context. That is useful. It also moves the hard question one layer down: what exactly are those tools allowed to touch?

MCP standardizes the interface, not the trust model

MCP defines a protocol for connecting AI applications to external systems through clients and servers. It gives the ecosystem a shared shape for tools, resources, prompts, and context. That is a big deal because agent integrations have been wildly custom.

But MCP does not magically make the data layer governed, portable, or trustworthy. If an MCP server connects to stale data, private metadata, weak permissions, or undocumented business definitions, the agent gets a nicer interface to the same old mess.

ODI is the layer behind the MCP server

For enterprise data, the MCP server should not be a pile of direct database shortcuts. It should sit on top of open data infrastructure: catalogs, policy enforcement, lineage, quality signals, semantic definitions, and audited access paths.

That matters because agents chain actions. A person might run one query. An agent might discover a dataset, inspect metadata, call a tool, summarize an answer, trigger a workflow, and save context for later. Every step needs a data contract.

Core idea: MCP is the agent interface. ODI is what keeps that interface from becoming a very polite security incident.

Design MCP tools around contracts

A good data-facing MCP server should expose narrow tools, not unlimited access. Use specific operations, scoped resources, enforced identity, documented parameters, and logged outputs. Attach metadata with the answer: source, freshness, owner, policy, lineage, and known quality caveats.

Do not make the model infer whether a dataset is approved for use. Put that decision in infrastructure.

Questions for AI platform teams

  • Which catalog decides what data the MCP server can expose?
  • Can access rules be audited across agent calls?
  • Does the answer include source, freshness, and lineage?
  • Can the MCP server change models or warehouses without changing the data contract?

MCP can make agent integration cleaner. ODI decides whether cleaner is also safer.

Sources to start with

These are the primary sources I would start from when checking the claims in this piece.

ODI hub Article library Use the scorecard Previous article Next article