w3c / wot-security-best-practices

WoT Security Best Practices
https://github.com/w3c/wot-security-best-practices/blob/master/index.html
8 stars 12 forks source link

Separate security recommendations for Exposed and Consumed Things #26

Open mmccool opened 3 years ago

mmccool commented 3 years ago

To meet some scripting discussion requirements, define use cases for consumed vs. exposed things. To do: Zoltan to elaborate

zolkis commented 3 years ago

Based on discussion we have had in Scripting, it would make sense to make separate security recommendations for consuming, and exposing Things, respectively.

Since consuming Things is the use case that is (or will be) probably most relevant for browsers as well, security for consuming Things should be aligned with Web Platform security as much as possible.

Security for exposing Things is pretty much what the current security document is about.

In addition, I suggest establishing security guidelines for provisioning/onboarding WoT/IoT systems for interacting with the Web (browsers/pages and runtimes).