Open mmccool opened 3 years ago
@OliverPfaff to review, trying to answer questions raised in the "template" defined in this issue: https://github.com/w3c/wot-security/issues/191
abc
With respect to security, the openHab documentation appears to be scattered and fuzzy in parts. The parts with a more clear description appear to suffer from a low level of elaboration. This creates the impression that security is no major prio in openHab development.
Here is my reading:
"Thing-to-Thing"-security in openHab: openHab uses the term "channel" to denote actual operational exchanges within the system. I did not find information about "channel" security and guess that openHab anticipates a default deployment where unprotected plaintext exchanges happen between things within a dedicated/segregated local network. I.e. security between things seems to remain unelaborated (beyond making that a concern of the network that is being utilized). However this appears to be implicit i.e. the Thing-to-Thing security aspect of openHab security appears to be not elaborated at all (its probably fair to descope this aspect but a descopting of this should be explicit)
"User-to-openHab system"-security: is elaborated in https://www.openhab.org/docs/installation/security.html and distinguishes resp. supports:
Content moved to https://github.com/w3c/wot-security/blob/master/background/hubs.md, further work should be against that file. Will leave open and review next week, in case @OliverPfaff has any further input.
see in general if this is consistent with WoT https://www.openhab.org/