[Technical] The proposal is too high-level: adding a new TR 26.813 subclause “8.3.4 Security aspects” without concrete security requirements, threat model, or normative implications risks duplicating Clause 9 and not producing actionable outputs for SA3 or any follow-on TS work.

[Technical] The claimed gap in TS 33.328 (“does not cover controls to prevent sending UE from using fake avatar representations not belonging to the user”) is asserted but not substantiated with a specific procedure/step analysis of Annex R; without pinpointing where identity binding fails, it’s unclear what new mechanism is needed (e.g., credential-bound avatar token, signing, attestation).

[Technical] The scope “Avatar calls via generalized IMS DC architecture” is ambiguous and may be misaligned with existing security ownership: IMS/DC security is largely SA3/CT3 territory, so TR 26.813 text must clearly separate media/application security considerations from core/IMS authentication and key management already covered by 33-series specs.

[Technical] “Authentication, encryption, and content protection mechanisms” are listed without clarifying which interfaces are in scope (UE–IMS, UE–BAR, UE–Avatar service, network–BAR, inter-operator), which is essential because the applicable mechanisms differ (AKA-based, OAuth2/API security, TLS, SRTP, DRM).

[Technical] The document references TR 26.813 Clause 8 “Access Protection mechanisms for BAR API” and Clause 9 “security and privacy aspects,” yet proposes adding security under Clause 8; this risks inconsistent structure and overlapping content unless the new subclause explicitly defines what is new vs. what is already covered in Clauses 8 and 9.

[Technical] No consideration is given to end-to-end media security for avatar streams (e.g., SRTP keying, E2EE implications, IMS media plane constraints), despite “encryption” being called out; without stating whether encryption is hop-by-hop or end-to-end, the study may produce incompatible assumptions.

[Technical] The proposal does not address authorization and policy control for avatar usage (who can use which avatar, per-call consent, enterprise policy, parental control), which is central to preventing “fake avatar representations” and is distinct from mere authentication.

[Technical] Privacy preservation is mentioned in the SID objective, but the proposed subclause focus is “primarily” on mechanisms for avatar calls; it should explicitly cover privacy threats (linkability of Avatar ID, inference from avatar assets, metadata exposure) and map them to mitigations, otherwise Objective 6 is only partially met.

[Technical] Content protection is cited (watermarking/DRM), but there is no linkage to concrete avatar asset lifecycle (creation, upload, storage, download, rendering, redistribution) and where watermarking/DRM would be applied and enforced; without lifecycle mapping, the study risks being non-implementable.

[Editorial] The contribution mixes TS/TR references and conclusions but does not provide exact clause numbers for several key claims (e.g., which parts of TR 26.813 Clause 9 are insufficient for avatar calls), making it hard for the group to verify gaps and avoid redundant text.

[Editorial] The suggested numbering “8.3.4” is premature without showing the existing Clause 8 substructure in the base CR; renumbering churn is likely, so the proposal should describe insertion location by title/anchor rather than a fixed number.

[Editorial] The document frames the issue as a “gap” in TS 26.264 and TS 33.328 but does not clearly state the intended deliverable impact (TR-only study text vs. triggering a new WI/CR in TS 33.328/33.203/33.210), which weakens the contribution’s actionability for SA4/SA3 coordination.