Looks like the interesting part is 4.5 Proposed Code of Practice
I don't like its point 4 - if credentials are per-device, there should be no need for TrustZones and whatnot.
In point 5 they forgot about authentication (preventing MITM)
Point 7 will probably be implemented in a very tinkerer-hostile way.
The labelling proposition later on is also nice.