...
- Martin found the breakdown confusing. He added that the words "entity" and "object" are not clearly defined and they're not in a glossary. He said he was hoping to see a more fundamental discussion of what are we trying to accomplish with authentication because is often overestimated. He thinks it would be useful to drill down into that.
- Mark King: It's useful to have a coherent position because the definition of authentication varies from person to person and country to country.
- Mark K: Line 1157 "However, there appear to be two solutions: anything or “two-factor” authentication". What "anything" means?, he believes a word is missing.
- Mark K: Lines 624-626 "Two major forms of digital signatures are DSA and PKI. However, Merkle signatures schemes are often used for blockchain protection against change". This is confusing.
- IAWG agreed that it seems like a lot of theory that hasn't been thought through and in a coherent matter.
- Richard pointed out that the practices have not been adopted by service providers, it seems impractical to meet a pseudo normative standard based on a theoretical paper.
- Several participants have issues with the authorization part.
- Ken pointed out that some things could not be feasible at present but are there, similar to 800-63 rev3.
- Mark H. pointed out commented that there is an explosion of authentication mechanisms with personal devices and other services on the web that work.
...