mlagally
commented
4 years ago This definition could be done as part of the discovery use case.
Open mmccool opened 4 years ago
mlagally
commented
4 years ago This definition could be done as part of the discovery use case.
mlagally
commented
4 years ago Call on 6.2.: There could be different types of authentication depending on the use case. Device Authentication, also relates to Onboarding, Discovery, ...
Different aspects:
Next steps: Security TF is requested to come with a proposal in a PR. Draft a section for the architecture spec.
mjkoster
commented
4 years ago A running system will need many stages and forms of authn and authz, including network onboarding and service provisioning.
However, I would like to recommend that we use the defined WoT architecture roles as a focal point for our work.
In the context of WoT architecture, we have TD producers and TD consumers authenticating with discovery services and protocols, and then we have servient-clients interacting with servient-servers using WoT affordances (events, actions, properties).
See Issue https://github.com/w3c/wot-security/issues/148 in the wot-security repo. We agreed that a clearer definition of "authentication" is needed that identifies the actors in the context of IoT specifically, and that this definition belongs in Architecture, since it will/should also be referenced by other current (eg TD) and future documents (eg Discovery).