ESROS has no authentication mechanism. Authentication is the responsibility of the performer (which is outside of the scope of ESROS) and the performer is not expected to honor the invoker when it is not authenticated.
