Authorizing Agent REST Services Access - Future Permissions API?

Is there a preferred method on how to authorize a request to an agent as coming from someone with the required permissions? Does Electric Imp have any plans to implement some sort of user structure for Agent interaction for authentication and authorization?

Right now I am planning to use HTTP Basic Access Authentication and assume I am okay since the agents will use https and TLS to provide security - is this a reasonably secure way to act in modern cyberspace?

With HTTPS even the URL is sent over the secure connection and so can’t be snooped.

We currently don’t have plans to implement anything specific. You could use a shared secret or something in headers if required.