One capability that would be useful is strongAuthentication. It would identify special security needs for a device type.
Its attribute could be “true” or “false”.
Device types that do cloud-to-cloud integration which requires a ST seamless authentication process with others.
Of course, there would be other attributes and methods related to this capability.
As an example, here are some details about the strong authentication seamless workflow at ecobee (which as a very APIs);
https://www.ecobee.com/home/developer/api/documentation/v1/auth/authz-code-authorization.shtml
Device types with such capabilities would then be tagged to be able to do so. This would enable ST to better control (security wise) those device types within special containers.
Regards.