Address review

arajasek · arajasek · commit 66d9f23c5a68 · 2022-08-25T12:43:40.000-04:00
diff --git a/FIPS/fip-0044.md b/FIPS/fip-0044.md
@@ -1,11 +1,11 @@
 ---
-fip: <to be assigned>
+fip: "0044"
 title: Standard Authentication Method for Actors
-author: Alex North (@anorth), Aayush Rajasekaran (@arajasek)
+author: Aayush Rajasekaran (@arajasek), Alex North (@anorth)
 discussions-to: https://github.com/filecoin-project/FIPs/discussions/413
 status: Draft
 type: Technical (Interface)
-created: 2022-09-02
+created: 2022-08-02
 replaces: [FIP-0035](https://github.com/filecoin-project/FIPs/blob/master/FIPS/fip-0035.md)
 ---
 
@@ -14,25 +14,30 @@ replaces: [FIP-0035](https://github.com/filecoin-project/FIPs/blob/master/FIPS/f
 The Filecoin protocol has entities called "actors" that can be involved in computation on the Filecoin blockchain. 
 There are various different kinds of actors; among the most common are accounts and multisigs. 
 With [the planned introduction of the Filecoin Virtual Machine](https://github.com/filecoin-project/FIPs/blob/master/FIPS/fip-0030.md), there will be many new kinds of user-defined actors.
-Unfortunately, today, the only kind of actors that can be asked to verify whether they have authorized a piece of data are account actors -- they do so through a signature validation.
-This FIP is the starting point to evolve a convention by which any actor can verify such authorization. It simply proposes adding a special "authorize" message that actors can choose to implement. 
-If they do so, it can be used by other actors to validate their authorization of data.
+Unfortunately, today, the only kind of actors that can "authenticate" a piece of data are account actors -- they do so through a signature validation.
+This FIP is the starting point to evolve a convention by which any actor can verify such authenticity. It simply proposes adding a special "authenticate" message that actors can choose to implement. 
+If they do implement such a method, it can be used by other actors to authenticate pieces of data.
 
 ## Abstract
 
-There is a need for arbitrary actors to be able to authorize (to other actors) that they have approved of a piece of data. This need will become more pressing with the Filecoin Virtual Machine.
-This FIP proposes adding an `Authorize` message that any actor can choose to implement. This message can be called by any other actor to verify whether the "authorizer"
-approves of a piece of data. This is a small change to the existing actors, and allows for user-defined actors to flexibly implement this method according to their needs.
+There is a need for arbitrary actors to be able to verify (to other actors) that they have approved of a piece of data. This need will become more pressing with the Filecoin Virtual Machine.
+This FIP proposes adding an `Authenticate` method that any actor can choose to implement. 
+This method can be called by any other actor to verify the authenticity of a piece of data. This is a small change to the existing actors, and allows for user-defined actors to flexibly implement this method according to their needs.
+Concretely, we add this method to the built-in `Account` actor, and have the `Storage Market` actor invoke this method,
+in lieu of validating signatures directly.
 
 ## Change Motivation
 
-We want any actors, including user-defined actors, to be able to confirm that they have authorized some data.
-If we don't have this ability, we will need to engineer around it in painful ways. The proposed [FIP-0035](https://github.com/filecoin-project/FIPs/blob/master/FIPS/fip-0035.md)
-is a concrete example; it proposes adding several new methods and data types in order to enable
-user-defined actors to serve as clients for storage deals. 
+We want any actors, including user-defined actors, to be able to authenticate arbitrary data.
+If we don't have this ability, we will need to engineer around it in painful ways. 
 
-It will be infeasible to modify the builtin-actors themselves every time we want to be able to authorize some new kind of information, and doing so will require more total messages 
-to be landing on the Filecoin blockchain. Instead, a flexible, universal approach for actors to authorize data would be preferred.
+The proposed [FIP-0035](https://github.com/filecoin-project/FIPs/blob/master/FIPS/fip-0035.md)
+is a concrete example. It seeks to allow user-defined actors to serve as storage clients in the built-in `Storage Market` actor.
+In order to enable this, it proposes adding several new methods and data types in order to work around the 
+inability of user-defined actors to authenticate data.
+
+It will be infeasible to modify the builtin-actors themselves every time we want to be able to authenticate some new kind of information, and doing so will require more total messages 
+to be landing on the Filecoin blockchain. Instead, a flexible, universal approach for actors to authenicate data would be preferred.
 
 ## Specification
 
@@ -41,15 +46,15 @@ This method can then be the blueprint for other builtin actors (eg. the multisig
 as well as a template for user-defined actors.
 
 ```
-    /// Authenticates whether the provided authorization is valid for the provided message.
-    /// Errors if the authentication is invalid.
-    pub fn verify_authorization(params: VerifyAuthorizationParams) -> Result<(), ActorError>
+    /// Authenticates whether the provided input is valid for the provided message.
+    /// Errors with USR_ILLEGAL_ARGUMENT if the authentication is invalid.
+    pub fn authenticate_message(params: AuthenticateMessageParams) -> Result<(), ActorError>
 ```
 
 The params to this method is a wrapper over the message and signature to validate:
 
 ```
-pub struct VerifyAuthorizationParams {
+pub struct AuthenticateMessageParams {
     pub authorization: Vec<u8>,
     pub message: Vec<u8>,
 }
@@ -66,6 +71,9 @@ Other actors might opt for creative implementations of such authorization based
 others can choose not to support this endpoint at all -- the Filecoin protocol's singleton builtin-actors
 such as the Storage Power Actor, the System Actor, the Cron Actor, etc. will likely choose to omit this method.
 
+In order for this method to function as a standard for future actors, it needs a standardized invocation pattern. 
+In the current dispatch model based on method numbers, that would be a standardized method number for `authenticate_message` methods. This FIP does not propose adopting a standard method number, preferring to rely on a new standardized calling convention, such as [FRC-0042](https://github.com/filecoin-project/FIPs/blob/master/FRCs/frc-0042.md) instead.
+
 ## Backwards Compatibility
 
 Introducing new methods to the builtin-actors needs a network upgrade, but otherwise breaks no backwards compatibility.
@@ -74,29 +82,28 @@ Introducing new methods to the builtin-actors needs a network upgrade, but other
 
 Proposed test cases include:
 
-- that the `verify_authorization` method on account actors can be called and succeeds with valid input
-- that the `verify_authorization` method on account actors can be called, but fails with invalid input
+- that the `authenticate_message` method on account actors can be called and succeeds with valid input
+- that the `authenticate_message` method on account actors can be called, but fails with invalid input
 - that storage deals can be made with the changes to the `StorageMarketActor`
 
 ## Security Considerations
 
-We need to be careful with the security of the `verify_authorization` implementations of the
+We need to be careful with the security of the `authenticate_message` implementations of the
 builtin-actors. User-defined contracts are free to implement these methods as they see fit.
 
-This FIP only proposes adding the `verify_authorization` method to the account actor, which 
+This FIP only proposes adding the `authenticate_message` method to the account actor, which 
 simply invokes the signature validation syscall.
 
 ## Incentive Considerations
 
 This proposal is generally well-aligned with the incentives of the network. It can be considered
-as a simpler replacement for FIP-0035, with the only drawback being that this proposal as currently written does not allow for multisigs to be storage clients. It would be trivial 
-to add a similar `verify_authorization` method to the multisig actor, though.
+as a simpler replacement for FIP-0035, with the only drawback being that this proposal as currently written does not allow for the existing built-in multisig actor to be a storage client. 
 
 ## Product Considerations
 
 This proposal is the first step towards enabling non-account actors to function as clients for
 storage deals, which is a major product improvement. Furthermore, it enables future innovation 
-that relies on the ability of non-account actors to authorize data as approved.
+that relies on the ability of non-account actors to authenticate data as approved.
 
 ## Implementation
 
