Do I understand it correctly if I believe that they’ve *renamed* tokens to ”authenticators” in the last draft? Not *removed* them at all? The text otherwise appears approximately the same to me from a quick glance, but It’s more than likely that I’m missing something, and I’d be happy to learn.
https://pages.nist.gov/800-63-3/sp800-63-3/sec3_definitions.html
"Authenticator
Something that the claimant possesses and controls (typically a cryptographic module or password) that is used to authenticate the claimant’s identity. In previous versions of this guideline, this was referred to as a token."
Could you elaborate a bit? What are the implications you see and want clarified?
Regards,
> To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/470E74DE-B931-4BC5-9D5C-52DAA634CF84%40kth.se.