As an aside ... AADS (http://www.garlic.com/~lynn/ ) relies on existing business processes that provide secure bindings in account records ... just adding public key & digital signature to existing authentication processes for non-face-to-face and/or face-to-face transactions (i.e. the meaning of what is in the account bindings continues to be what the business processes have defined those meanings to be). existing e-commerce is straight forward because it operates almost totally within existing account-based business processes ... and the business transactions tend to include more complex bindings from the acocunt records (than just authentication) ... things like real-time credit-limit, open-to-buy, running totals, month-to-date and/or year-to-date activity, etc. the original PKI target from the early '80s for offline email authentication was a problem since it mostly any kind of authentication binding processes. "R. A. Hettinga" <rah@shipwright.com> on 11/11/2000 11:25:35 AM Please respond to "R. A. Hettinga" <rah@shipwright.com>