diff --git a/lib/auth/auth.lisp b/lib/auth/auth.lisp
index 6f0894a..6420678 100644
--- a/lib/auth/auth.lisp
+++ b/lib/auth/auth.lisp
@@ -6,30 +6,39 @@
                     (:core :scopes/core)
                     (:util :scopes/util))
   (:export #:config #:setup
+           #:simple-credentials
            #:login))
 
 (in-package :scopes-auth)
 
-(defvar *authenticator* nil)
-
 (defclass config (config:base)
   ((admin-credentials :reader admin-credentials :initarg :admin-credentials)))
 
+(defclass context (core:context)
+  ((authenticator :initform (make-instance 'simple-authenticator))))
+
 (defun setup (cfg)
-  (let ((ctx (core:default-setup cfg))
-        (*authenticator* (make-instance 'simple-authenticator)))
+  (let* ((ctx (core:default-setup cfg 'context)))
     ctx))
 
 ;;;; simple / basic auth service implementation
 
-(defclass simple-authenticator () ())
+(defclass simple-authenticator () 
+  ((principals)))
 
-(defclass simple-credentials () ())
+(defclass simple-credentials () 
+  ((login-name)
+   (password)))
 
-(defclass internal-principal () ())
+(defclass principal () 
+  ((identifier)
+   (credentials)
+   (full-name)
+   (primary-address)
+   (primary-role)))
 
 (defun authenticate (cred)
-  (make-instance 'internal-principal))
+  (make-instance 'principal))
 
 ;;;; login entry point
 
@@ -37,3 +46,8 @@
   (let ((srv (core:find-service :auth)))
     (util:lgi cred (admin-credentials (core:config srv)))))
 
+;;;; auxiliary functions
+
+(defun digest (pw)
+  (ironclad:digest-sequence 
+    :sha3/256 (flexi-streams:string-to-octets pw :external-format :utf8)))
diff --git a/lib/auth/scopes-auth.asd b/lib/auth/scopes-auth.asd
index 1fd91c6..932ec1f 100644
--- a/lib/auth/scopes-auth.asd
+++ b/lib/auth/scopes-auth.asd
@@ -6,7 +6,8 @@
   :version "0.0.1"
   :homepage "https://www.cyberconcepts.org"
   :description "Authentication services"
-  :depends-on (:scopes)
+  :depends-on (:scopes
+               :flexi-streams :ironclad)
   :components ((:file "auth"))
   :long-description "scopes framework: authentication services."
   ;;#.(uiop:read-file-string
diff --git a/lib/auth/test/etc/config.lisp b/lib/auth/test/etc/config.lisp
index 0905a34..2cbf9e8 100644
--- a/lib/auth/test/etc/config.lisp
+++ b/lib/auth/test/etc/config.lisp
@@ -1,4 +1,4 @@
-;;;; cl-scopes/lib/auth/test/config
+;;;; cl-scopes/lib/auth/test/etc/config
 ;;;; use: `(let ((t:*current-system* :scopes-auth) ...)
 ;;;;        `(load (t:test-path "config" "etc")))` 
 ;;;; from scopes-auth/test
diff --git a/test/etc/config-postgres.lisp b/test/etc/config-postgres.lisp
index 00405b9..1ca6b0d 100644
--- a/test/etc/config-postgres.lisp
+++ b/test/etc/config-postgres.lisp
@@ -1,4 +1,4 @@
-;;; cl-scopes/test/config-postgres.lisp
+;;; cl-scopes/test/etc/config-postgres.lisp
 ;;; use: `(load "test/...")` from package scopes/test-storage
 
 (in-package :scopes/test-storage)