diff --git a/package-lock.json b/package-lock.json
index c7e2a31f6..2e72351ce 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1011,9 +1011,9 @@
       }
     },
     "node_modules/@tbd54566975/dwn-sdk-js": {
-      "version": "0.2.6",
-      "resolved": "https://registry.npmjs.org/@tbd54566975/dwn-sdk-js/-/dwn-sdk-js-0.2.6.tgz",
-      "integrity": "sha512-q9HjMhW9KyUD94XVjuO4N+tkeZaOsgtRINIioMKucuZZTCb8Z2lilUleZqc7LiVePCMzlqdRBVeJpMKbnAGj8Q==",
+      "version": "0.2.8",
+      "resolved": "https://registry.npmjs.org/@tbd54566975/dwn-sdk-js/-/dwn-sdk-js-0.2.8.tgz",
+      "integrity": "sha512-oiKk+ekAQO94bUkt6yk+xkDY8uCGmNC+rKaYQLhAoTrhYrczeRSuDT04F5/vPBT5K6NfAoRcQsIyBmvgRCUvgA==",
       "dependencies": {
         "@ipld/dag-cbor": "9.0.3",
         "@js-temporal/polyfill": "0.4.4",
@@ -1035,7 +1035,7 @@
         "ms": "2.1.3",
         "multiformats": "11.0.2",
         "randombytes": "2.1.0",
-        "readable-stream": "4.4.0",
+        "readable-stream": "4.4.2",
         "ulidx": "2.1.0",
         "uuid": "8.3.2",
         "varint": "6.0.0"
@@ -1079,20 +1079,6 @@
         }
       }
     },
-    "node_modules/@tbd54566975/dwn-sdk-js/node_modules/readable-stream": {
-      "version": "4.4.0",
-      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.4.0.tgz",
-      "integrity": "sha512-kDMOq0qLtxV9f/SQv522h8cxZBqNZXuXNyjyezmfAAuribMyVXziljpQ/uQhfE1XLg2/TLTW2DsnoE4VAi/krg==",
-      "dependencies": {
-        "abort-controller": "^3.0.0",
-        "buffer": "^6.0.3",
-        "events": "^3.3.0",
-        "process": "^0.11.10"
-      },
-      "engines": {
-        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
-      }
-    },
     "node_modules/@tbd54566975/dwn-sdk-js/node_modules/uuid": {
       "version": "8.3.2",
       "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
@@ -9808,7 +9794,7 @@
       "version": "0.2.4",
       "license": "Apache-2.0",
       "dependencies": {
-        "@tbd54566975/dwn-sdk-js": "0.2.6",
+        "@tbd54566975/dwn-sdk-js": "0.2.8",
         "@web5/common": "0.2.1",
         "@web5/crypto": "0.2.2",
         "@web5/dids": "0.2.2",
@@ -9998,7 +9984,7 @@
       "version": "0.8.3",
       "license": "Apache-2.0",
       "dependencies": {
-        "@tbd54566975/dwn-sdk-js": "0.2.6",
+        "@tbd54566975/dwn-sdk-js": "0.2.8",
         "@web5/agent": "0.2.4",
         "@web5/crypto": "0.2.2",
         "@web5/dids": "0.2.2",
diff --git a/packages/agent/package.json b/packages/agent/package.json
index fd77af0e8..3534fa1f9 100644
--- a/packages/agent/package.json
+++ b/packages/agent/package.json
@@ -67,7 +67,7 @@
     "node": ">=18.0.0"
   },
   "dependencies": {
-    "@tbd54566975/dwn-sdk-js": "0.2.6",
+    "@tbd54566975/dwn-sdk-js": "0.2.8",
     "@web5/common": "0.2.1",
     "@web5/crypto": "0.2.2",
     "@web5/dids": "0.2.2",
diff --git a/packages/api/package.json b/packages/api/package.json
index f5eaa53da..b64b2d2df 100644
--- a/packages/api/package.json
+++ b/packages/api/package.json
@@ -75,7 +75,7 @@
     "node": ">=18.0.0"
   },
   "dependencies": {
-    "@tbd54566975/dwn-sdk-js": "0.2.6",
+    "@tbd54566975/dwn-sdk-js": "0.2.8",
     "@web5/agent": "0.2.4",
     "@web5/crypto": "0.2.2",
     "@web5/dids": "0.2.2",
diff --git a/packages/api/tests/dwn-api.spec.ts b/packages/api/tests/dwn-api.spec.ts
index 68de357f7..1320f5165 100644
--- a/packages/api/tests/dwn-api.spec.ts
+++ b/packages/api/tests/dwn-api.spec.ts
@@ -149,25 +149,77 @@ describe('DwnApi', () => {
         expect(response.protocols.length).to.equal(0);
       });
 
-      it('returns a 401 when authorization fails', async () => {
-        /** Create a new DID to represent an external entity who has a remote
-         * DWN server defined in their DID document. */
-        const { did: bob } = await testAgent.createIdentity({ testDwnUrls });
+      it('returns published protocol definitions for requests from external DID', async () => {
+        // Configure a published protocol on Alice's local DWN.
+        const publicProtocol = await dwnAlice.protocols.configure({
+          message: {
+            definition: { ...emailProtocolDefinition, protocol: 'http://proto-published', published: true }
+          }
+        });
+        expect(publicProtocol.status.code).to.equal(202);
 
-        // Attempt to query for a protocol using Bob's DWN tenant.
-        const response = await dwnAlice.protocols.query({
-          from    : bob.did,
+        // Configure the published protocol on Alice's remote DWN.
+        const sendPublic = await publicProtocol.protocol.send(aliceDid.did);
+        expect(sendPublic.status.code).to.equal(202);
+
+        // Attempt to query for the published protocol on Alice's remote DWN authored by Bob.
+        const publishedResponse = await dwnBob.protocols.query({
+          from    : aliceDid.did,
+          message : {
+            filter: {
+              protocol: 'http://proto-published'
+            }
+          }
+        });
+
+        // Verify that one query result is returned.
+        expect(publishedResponse.status.code).to.equal(200);
+        expect(publishedResponse.protocols.length).to.equal(1);
+        expect(publishedResponse.protocols[0].definition.protocol).to.equal('http://proto-published');
+      });
+
+      it('does not return unpublished protocol definitions for requests from external DID', async () => {
+        // Configure an unpublished protocol on Alice's DWN.
+        const notPublicProtocol = await dwnAlice.protocols.configure({
+          message: {
+            definition: { ...emailProtocolDefinition, protocol: 'http://proto-not-published', published: false }
+          }
+        });
+        expect(notPublicProtocol.status.code).to.equal(202);
+
+        // Configure the unpublished protocol on Alice's remote DWN.
+        const sendNotPublic = await notPublicProtocol.protocol.send(aliceDid.did);
+        expect(sendNotPublic.status.code).to.equal(202);
+
+        // Attempt to query for the unpublished protocol on Alice's remote DWN authored by Bob.
+        const nonPublishedResponse = await dwnBob.protocols.query({
+          from    : aliceDid.did,
           message : {
             filter: {
+              protocol: 'http://proto-not-published'
+            }
+          }
+        });
+
+        // Verify that no query results are returned.
+        expect(nonPublishedResponse.status.code).to.equal(200);
+        expect(nonPublishedResponse.protocols.length).to.equal(0);
+      });
+
+      it('returns a 401 with an invalid permissions grant', async () => {
+        // Attempt to query for a record using Bob's DWN tenant with an invalid grant.
+        const response = await dwnAlice.protocols.query({
+          from    : bobDid.did,
+          message : {
+            permissionsGrantId : 'bafyreiduimprbncdo2oruvjrvmfmwuyz4xx3d5biegqd2qntlryvuuosem',
+            filter             : {
               protocol: 'https://doesnotexist.com/protocol'
             }
           }
         });
 
-        /** Confirm that authorization failed because the test identity does not have
-         * permission to delete a record from Bob's DWN. */
         expect(response.status.code).to.equal(401);
-        expect(response.status.detail).to.include('ProtocolsQuery failed authorization');
+        expect(response.status.detail).to.include('GrantAuthorizationGrantMissing');
         expect(response.protocols).to.exist;
         expect(response.protocols.length).to.equal(0);
       });
diff --git a/packages/dev-env/docker-compose.yaml b/packages/dev-env/docker-compose.yaml
index 5b983c7cb..fe4f895d6 100644
--- a/packages/dev-env/docker-compose.yaml
+++ b/packages/dev-env/docker-compose.yaml
@@ -3,6 +3,6 @@ version: "3.98"
 services:
   dwn-server:
     container_name: dwn-server
-    image: ghcr.io/tbd54566975/dwn-server:dwn-sdk-0.2.6
+    image: ghcr.io/tbd54566975/dwn-server:dwn-sdk-0.2.8
     ports:
       - "3000:3000"