Authorization and minimizing access to TD in Things directory

[ereshetova]

Things directories should have some mechanism to only expose a limited set of TDs to querying parties. Need a discussion on methods to do this.

[mmccool]

Possibly multiple questions here:

1. Who is authorized to use the Thing Directory web service. Since this is a web service, it can be handled like other web service.
2. How can/should we support sub-setting of Thing Descriptions, i.e. should a Thing Directory support different levels of authorization?
3. If we do a semantic search, the data that can be used for inferencing should also only be data that the user has authorization to access. For example, could have two levels of access, full and partial. Then a user with "partial" access can only do inferencing over partial TDs.

A related problem: Thing Directories are not officially part of the WoT architecture. This may be a problem since we may leave out important security hooks like the identity of the entity doing discovery.

[mmccool]

These are definitely requirements that are feeding into the current Discovery design, and in particular the design of the directory API.