As an aside ... AADS (http://www.garlic.com/~lynn/ ) relies on existing business
processes that provide secure bindings in account records ... just adding public
key & digital signature to existing authentication processes for
non-face-to-face and/or face-to-face transactions (i.e. the meaning of what is
in the account bindings continues to be what the business processes have defined
those meanings to be).
existing e-commerce is straight forward because it operates almost totally
within existing account-based business processes ... and the business
transactions tend to include more complex bindings from the acocunt records
(than just authentication) ... things like real-time credit-limit, open-to-buy,
running totals, month-to-date and/or year-to-date activity, etc.
the original PKI target from the early '80s for offline email authentication was
a problem since it mostly any kind of authentication binding processes.
"R. A. Hettinga"