Review Scripting API to ensure Security configuration is supported

w3c / wot-security

a repo exclusively for security to better manage issues and security considerations for WoT

https://w3c.github.io/wot-security/

18 stars 22 forks source link

Review Scripting API to ensure Security configuration is supported #167

Open mmccool opened 4 years ago

mmccool commented 4 years ago

Review the Scripting API draft to ensure that necessary security features can be configured through the API, for example, selection of security schemes in interactions (if there is more than one...) and OAuth2 scopes.

This issue is for the review itself. If any specific issues are found they should be created as issues in the Scripting API repo.

As part of this, review previous discussion, if any (To Do: link and summarize here...): TO DO

zolkis commented 4 years ago

These seem to be the main use cases:

app selects security scheme in ConsumedThing interactions
app passes init data for security when creating ExposedThing
eventually app passes security options for discovery.

mmccool commented 4 years ago

And specifies form option specific to selected schemes, eg. scopes for OAuth2. This is a short-term priority for node-wot implementation as well, due to the request by users to support OAuth2 as soon as possible.