zolkis
commented
3 years ago Based on discussion we have had in Scripting, it would make sense to make separate security recommendations for consuming, and exposing Things, respectively.
Since consuming Things is the use case that is (or will be) probably most relevant for browsers as well, security for consuming Things should be aligned with Web Platform security as much as possible.
Security for exposing Things is pretty much what the current security document is about.
In addition, I suggest establishing security guidelines for provisioning/onboarding WoT/IoT systems for interacting with the Web (browsers/pages and runtimes).
To meet some scripting discussion requirements, define use cases for consumed vs. exposed things. To do: Zoltan to elaborate