RE: Proper authentication model