...
- Martin found the breakdown confusing. He added that the words "entity" and "object" are not clearly defined and they're not in a glossary. He said he was hoping to see a more fundamental discussion of what are we trying to accomplish with authentication because is often overestimated. He thinks it would be useful to drill down into that.
- Mark King: It's useful to have a coherent position because the definition of authentication varies from person to person and country to country.
- Mark K: Line 1157 "However, there appear to be two solutions: anything or “two-factor” authentication". What "anything" means?, he believes a word is missing.
- Mark K: Lines 624-626 "Two major forms of digital signatures are DSA and PKI. However, Merkle signatures schemes are often used for blockchain protection against change". This is confusing.
- IAWG agreed that it seems like a lot of theory that hasn't been thought through and in a coherent matter.
- Richard pointed out that the practices have not been adopted by service providers, it seems impractical to meet a pseudo normative standard based on a theoretical paper.
- Several participants have issues with the authorization part.
- Ken pointed out that some things could not be feasible at present but are there, similar to 800-63 rev3.
- Mark H. commented that there is an explosion of authentication mechanisms with personal devices and other services on the web that work.
- Mark K. added that in terms of definitions.ISO SC27 has collated those and made those public admittedly technically in the security area, they should state how this document is different to that or not.
- Some participants think that this document is not an ontology.
63B_SAC issues
ARB questions on two 63B_SAC criteria, 63B#0030 and 63B#0150.
...