AUTHENTICATION versus AUTHORIZATION

[wilaw]

See the concerns raised by Magnus online

I think we are not really correct on the terminology here between authentication and authorization. I think in almost all of the cases what these two drafts are providing are authorization. The endpoint is authorized to either subscribe to some namespace or publish into a namespace. In some case additional limitations or conditions are expressed, but the core of these documents are authorization to use a relay or publisher. Having looked at the draft these tokens do not really authenticate the user, that is happening to me as pre-requisite to issuing. I think we should consider both titles and descriptions to use the appropriate language in the drafts.

We should rework draft title and contents to refer to AUTHORIZATION

[alficles]

I concur. This is absolutely an authorization token. We may even want to point out why it matters that it is different in the security consideration section.