bradjc
commented
9 years ago Prabal's idea: get token when you get the accessor that gives you time limited access to the resource. In the case of the web runtime the webserver would get the token on your behalf based on you logging into the accessor website.
Accessor should != authentication, instead code inside of the accessor should authenticate. This means that we'll need to develop some authentication gateway for embedded devices, etc.