mmccool
commented
4 years ago I do think we need to better document the requirements for different security schemes. Schemes based on standards (Oauth) are pretty clear, but the more generic ones ("PSK") need a little more explanation. Marking this as a TD issue as such explanations and definitions should probably be in the TD spec.
Need to consider and clearly specify what mechanisms require being online and at what degree, i.e. some pre-setup certificate based authentication might not require 100% online time (apart from checking CRL), but smth like bearer-token based authentication with the authentication server remotely on network cannot work offline at all.