Basic Concepts of TokenScript for Developers

Recently we wanted to define the basic concepts of TokenScript for developers.

Do I understand this correctly?

A TokenScript is an overlay of JavaScript code and XML mark-up that defines the token's logic. It is not part of the smart contract which created the token, but can rely on it and interact with it.

The TokenScript file is written and signed by the issuer of a token. It can be updated. Users can download the TokenScript file on any website and validate the signature. The file helps the wallet to use the token by adding information and structuring the interaction with the wallets.

Every information, which is part of the TokenScript, does not need to be in the smart contract. This allows token issuer to add a large scope of information and instructions while keeping the smart contract lean.

TokenScript is build on some concepts:

Attributs: Attaches important information to the token

Label: Attaches the wording for a wallet

Card: Triggers user interaction in a wallet

Transactions: A TokenScript can trigger and structure blockchain transactions

Token Negotiation: I heard this concept to be important, but hardly understand it.

Attestations: I know what attestations are, but I don't understand how it fits into tokenscript from a technical point of view.

Protocols: TokenScripts specify the mainprotocol the token is built upon (Ethereum, Ropsten, etc.), as well as higher level protocols like Magic Links

DvP transaction security: Weiwu mentioned this, but I don't really understand how it fits into TokenScript

Did I miss something?