/modes/security & /modes/authentication in ISO standard #38
Description
In the ISO/DIS 17978-3 standard, the behavior of /modes/security and /modes/authentication isn't well defined, and mingled together. There should be a clear distinction between the services, since they both perform different tasks (authenticating levels vs. roles).
A behavior should be recommended for RequestSeed/SendKey in /modes/security, and the different authentication modes for /modes/authentication in the uds spec. Ideally allowing OEM specific payloads, since the standard just defines "records", which benefit greatly from OEM specific names for things in those records.