We need to consider the security requirements in order to be able to better understand the design choices for the scripting API.
The right to install/run a thing on a hub suggests the need for a means to authenticate the request. There is also likely to be a requirement to limit which entities can access a thing, e.g. to preserve privacy for different family members of the same household.
I have started a survey of end to end security and privacy across a range of IoT standards suites on behalf of the EU project Create-IoT. What are the requirements that they seek to address? How do these vary from one platform to another? Is it practical to have a security model that embraces different platforms? If not, what are the barriers for convergence?
Dave Raggett <dsr@w3.org> http://www.w3.org/People/Raggett
W3C lead for the Web of things