The phrase "authentication result" is used many times in the document.
I'm not sure if its the best phrase, as many times CIBA will be used more for authZ purposes.
Even if we keep the phrase I think it would be good to define it as I believe we are talking about the following things (using OIDC terminology):
- Authentication Error Response or
- Successful Token Response or
- Token Error Response