In <20040311114757(_dot_)GD8016(_at_)dumbo(_dot_)pobox(_dot_)com> Meng Weng
Wong <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> writes:
I think the confusion between "authentication" and "authorization"
arises from perspective.
From the sender domain's point of view, the SMTP transaction is
authorized or unauthorized.
From the receiver's point of view, the sender is authenticated or
unauthenticated.
I can see your point, but I still do not agree with the use of
authentication to describe what the LMAP proposals do. Just because
something is authentic doesn't mean it is authorized. Hector has
suggested "validated" as a better term, and that was what I was going
to suggest also.
-wayne