Re: [scripting] management interface

On Tue, Apr 11, 2017 at 12:37 PM, Dave Raggett <dsr@w3.org> wrote:

> We need to consider the security requirements in order to be able to
> better understand the design choices for the scripting API.
>
>
Definitely. The proposed API is already aligned with the draft security
document (in its second iteration) that is not yet shared with the WG, but
it's imminent (pending WG/IG member announcement of the author). As agreed
in the last Scripting TF call, I will update the Scripting rationale.md
document with current information on this.


> The right to install/run a thing on a hub suggests the need for a means to
> authenticate the request. There is also likely to be a requirement to limit
> which entities can access a thing, e.g. to preserve privacy for different
> family members of the same household.
>

First we need to clarify actors, threat model, then move on to
identification, authentication, access management, integrity (data and
comms), security policies etc.

Actors include end users, solution providers, hardware manufacturers. We
also need to be able to identify/authenticate a Thing and a WoT Runtime.

The threat model takes into account the use cases needed in WoT. So the
first thing to get right in the WG for covering security is a set of use
cases that involve the actors above.


>
> I have started a survey of end to end security and privacy across a range
> of IoT standards suites on behalf of the EU project Create-IoT.  What are
> the requirements that they seek to address?  How do these vary from one
> platform to another? Is it practical to have a security model that embraces
> different platforms?  If not, what are the barriers for convergence?
>
>
This would be tremendously useful. Again, we need to elicit
- use cases
- actors in use cases
- threats
- threat mitigation options
- and only then move on to weighing which protocols and technologies to
support in WoT.

Best regards,
Zoltan