Re: [scripting] management interface from Dave Raggett on 2017-04-11 (public-wot-wg@w3.org from April 2017)

From: Dave Raggett <dsr@w3.org>
Date: Tue, 11 Apr 2017 10:37:54 +0100
To: "Hund, Johannes" <johannes.hund@siemens.com>
Cc: "Kis, Zoltan" <zoltan.kis@intel.com>, Public Web of Things WG <public-wot-wg@w3.org>
Message-Id: <9A6DD114-43CE-4052-851D-933843C55EF1@w3.org>

We need to consider the security requirements in order to be able to better understand the design choices for the scripting API.

The right to install/run a thing on a hub suggests the need for a means to authenticate the request. There is also likely to be a requirement to limit which entities can access a thing, e.g. to preserve privacy for different family members of the same household.

I have started a survey of end to end security and privacy across a range of IoT standards suites on behalf of the EU project Create-IoT.  What are the requirements that they seek to address?  How do these vary from one platform to another? Is it practical to have a security model that embraces different platforms?  If not, what are the barriers for convergence?


Dave Raggett <dsr@w3.org> http://www.w3.org/People/Raggett
W3C lead for the Web of things

Received on Tuesday, 11 April 2017 09:38:08 UTC