That’s right. This is my idea to create chain of authorization but I use IDS as base authentication. Also thank you for your introduction of RFC6238. I’ve to learn more about this.