Re: [httpslocal/usecases] Clarify requirements (#4) from Daisuke Ajitomi on 2017-06-05 (public-httpslocal@w3.org from June 2017)

From: Daisuke Ajitomi <notifications@github.com>
Date: Mon, 05 Jun 2017 01:41:38 -0700
To: httpslocal/usecases <usecases@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <httpslocal/usecases/issues/4/306135127@github.com>

> Just ping @dajiaji

... pong @tomoyukilabs  time= 2 months

Very sorry for the late response. It's June already...
It's about time to resume the discussion. 

As a starting point, I'd like to categorize requirements derived from [use cases](https://github.com/httpslocal/usecases/blob/master/UseCases.md) roughly as follows:

- Device Discovery
- (Mutual?) authentication between device and secure context 
- Issuing TLS server certificate for device (Device authentication for UA)
- Cross-origin access from secure context to device
- Managing (reissuing and revoking) TLS server certificate for device

What do you think about it ?  If you can agree with the outline, I'll upload a draft proposal for requirements (it'll include just a table of contents).

> While the following items could be examples, I would like to ask you to add or modify them. 

Thank you for providing the items. But it is a little bit difficult for me to extract requirements by categorizing the use cases based on the items.

> * Network environment: a local network and/or a global network

I think all of the use cases basically have the same network environment (the secure context is loaded from the internet and the target device and the UA are connected to the local network).
It is true that local network of UC-04 is different from that of other use cases and is virtual loop-back network in the device but I think the difference doesn't have a significant impact for analyzing requirements.

> * Certificate issuer: public CA / corporate or organizational CA / private CA

I think that it is too early to discuss the type of CA that depends on a solution for HTTPS/WSS in local network.

> * Privacy scope: public / per service or device manufacturer / private

Sorry. I can't understand this item. Does the 'privacy' mean the disclosure scope of domain names ? If it is true, I think that it depends on a solution as is the case with the CA above.


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpslocal/usecases/issues/4#issuecomment-306135127

Received on Monday, 5 June 2017 08:42:22 UTC