More clearly define "Thing Authentication"

[mmccool]

See Issue w3c/wot-security#148 in the wot-security repo.
We agreed that a clearer definition of "authentication" is needed that identifies the actors in the context of IoT specifically, and that this definition belongs in Architecture, since it will/should also be referenced by other current (eg TD) and future documents (eg Discovery).

[mlagally]

This definition could be done as part of the discovery use case.

[mlagally]

Call on 6.2.:
There could be different types of authentication depending on the use case.
Device Authentication, also relates to Onboarding, Discovery, ...

Different aspects:

• identity
• role

Next steps:
Security TF is requested to come with a proposal in a PR.
Draft a section for the architecture spec.

[mjkoster]

A running system will need many stages and forms of authn and authz, including network onboarding and service provisioning.

However, I would like to recommend that we use the defined WoT architecture roles as a focal point for our work.

In the context of WoT architecture, we have TD producers and TD consumers authenticating with discovery services and protocols, and then we have servient-clients interacting with servient-servers using WoT affordances (events, actions, properties).