Scripting related topics

[zolkis]

Mirror of https://github.com/w3c/wot-scripting-api/issues/315 Issues for which the Scripting TF needs input from Security TF.

• [ ] List security options from the runtime: https://github.com/w3c/wot-scripting-api/issues/299
• [ ] Management API https://github.com/w3c/wot-scripting-api/issues/298
• [ ] #167

[zolkis]

One question that keeps popping up: when writing code for producing/exposing Things, it would be good to know what security configurations the local runtime supports, otherwise the script is in trial/error loop to test various configurations with produce().

We need a system-level API for this. The implementation behind this API might also use a special Thing inside the runtime that could be discovered from the script, but this would need a special keyword in the discovery options. I am not sure this solution is desirable (using a client API in system context). So probably a dedicated system API entry point (bound to permissions / local runtime security policies) is better option to be standardized, rather than an obscure internal object and a special way of using a client API (discovery).

[mmccool]

Circling back to this, I need to check in with the Scripting API TF to see where they are and whether further input from the Security TF is needed. Also... we are currently discussing secure local transports, which may need some (further?) support for key management. We aren't sure yet, still (unfortunately) thinking about it.