Yah, Dashboard 2.0 will come soon
It's not decided yet, maybe use http authenticate. And @elliott suggested we can use OAuth to restrict the privileges of Clients. You can see this discussion
Basically yes, I think, a client could only editing its own data. Each Client will only know its own existence.
Maybe they can read others data? I'm not sure for this. But it seems to be a bad idea.
Though, we don't have much client... the chance of duplicating is there. So I'll make sure each scope has a unique identifier, by setting unique indexes. And maybe auto generate unique identifiers.
Things related with RESTful API is still in discussion and design, and I havn't done any tests. Thus, things may change.