Gah, i am so disappointed in slashdot. comments like the parent are why i come here. Somebody who spends their time thinking about an interesting problem and is willing to share some of that background. Instead of discussion we get people complaining about ... anything.
Anyway, thanks for the post. I like the way you are thinking and I love the idea of 'as secure as necessary'. I can see a future where my phone decides when it is still with me based on the myriad of data it collects (and helpfully shares) and unlocks my house as I get near (unless I mumble a 'kidnapped' signal in which case it should drop the machine guns and kill the bad guys trying to force their way in with me... B)
tbh, the steps to get there don't seem that far off either. I spent a bit of time trying to think of 'real' road blocks but i was able to dismiss most of them outside of time and money it would take to replace everything w/ an integrated version.
That of course assumes somebody wins a standard war and is able to push through a standard protocol for the authorization levels which the various apps and IoT vendors support. Which also needs someobdy to solve the patching problem on these IoT devices (which will hopefully allow us to move toward a solution to the security problem). gah, i was getting optimistic for a second there...
Kidding aside, I would like to explore this more. Any podcasts/blogs you recommend in this space?