Insufficient Request Authentication

A recurring authentication ambiguity where HTTP request integrity checks (e.g., HMAC/HTTP Signature) are treated as identity proof, leading to reliance on weak or spoofable assumptions instead of verifying the caller’s real identity.