What does it mean to authenticate something, or someone? How do we know when something is authentic (when to trust)? Who tells us what we must do, and when we have (or they have) determined its OK?
IMO, one of the biggest challenges to developing and implementing effective authentication systems has always been the fact that the thresholds & process for determining authenticity vary so greatly between different products and contexts. Think about:
- The TSA person checking you out at the airport to let you board the plane
- The store clerk accepting your credit card for payment
- The pharmacist filling your prescription
In each of these situations, the criteria, the tools and the process for checking those tools varies widely. And most importantly, the threshold for being able to say "this is OK" varies as well.
Hard to find the right technology to trust when the game changes so much.