DMR API and Wireformat
+ separate static security meta data from dynamic runtime headers?
++ static: part of "read-resource-access"
++ dynamic: indication of enforced constraints as part of a DMR response (i.e suppressed elements)
Yes. The dynamic part is only relevant for read-resource (perhaps read-resource-description) where part of the result might be filtered. For something like read-attribute, the operation would fail if access was not allowed.