-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Define TD/API Security requirements for 2018 spring plugfest. #59
Comments
Perhaps there are two issues:
|
RESOLUTION: As discussed in the Scripting API meeting on Dec 18, security data, like protocol bindings, need to be provided when the Thing is provisioned, eg when the Thing runtime is set up. The scripting API only deals with actions taken from "inside" a Thing, and so this setup is out of scope. However, for practical reasons, we do need to have an implementation that allows this information to be specified. Therefore, the node-wot API should be extended to support the definition of security metadata during setup, and this part of the API should be documented, but it should be made clear that this part of the node-wot API is non-normative. However: this only works for thing-wide security data. Security data specific to a property, action, or event can't be specified during setup time since these are not known then. Likewise, security metadata has to be the same for all Exposed Things created by a given Runtime instance. We should discuss whether or not this is a problem. |
Some implications and questions:
|
Such an API should be on a different root object than the WoT object. Perhaps WoTProvisioning? |
Over now. |
Define security requirements for next plugfest. See
w3c/wot-scripting-api#82 (comment)
were some security issues have recently been brought up.
The text was updated successfully, but these errors were encountered: