List of required Security Schemes

[egekorkan]

I find the list of security schemes to be supported by HTTP profile consumers to be too much. Not even node-wot implements digest for example: https://github.com/eclipse/thingweb.node-wot/blob/24229b3d84fb7973f64528a0364c481b348ddc4d/packages/binding-http/README.md#feature-matrix

[egekorkan]

Also, these are duplicated with https://w3c.github.io/wot-profile/#http-baseline-profile-security

[benfrancis]

There is an Editor's Note in that section (which as you say has been duplicated from section 7.2.9 for some reason) which says:

The list of security schemes to include in the HTTP Baseline Profile is still under discussion.

What do you think the list of mandatory security schemes should be for conformant Consumers? Which schemes are well supported?

In #6 I advocated for NoSecurityScheme and OAuth2SecurityScheme which are what WebThings currently uses (see also: #221 (comment)).

[benfrancis]

@mlagally As far as I know, nobody is currently planning to implement all of the security schemes currently listed in section 6.3. Are Oracle planning to implement all of them (on both the Producer and Consumer side)? If so, are you aware of a second implementation planned as well?

If not, then we have no choice but to reduce this list for WoT Profile 1.0.