- From: Tatsuya Igarashi <notifications@github.com>
- Date: Thu, 12 Oct 2017 22:15:52 -0700
- To: httpslocal/usecases <usecases@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 13 October 2017 05:16:22 UTC
I have a comment on REQ-2 authentication. Assuming UA supports Mixed Content and CORS(w/ credientials), The following two requirements of REQ-02 can be supported if UA can authenticate device as secure content. I suggest the change as follows. (Original) REQ-02: Mutual authentication between device and secure context - The secure context must have a way to verify whether the device to which it tries getting access is reliable or not. - The device should have a way to verify whether the origin of the secure context which tries getting access to the device is reliable or not. - etc. (Change) REQ-02: Device Authentication - The UA shall be able to authenticate the device as a secure content in order to support Mixed Content and CORS (/w credentials). .That is, the device shall be able to communicate https or wss as required by Secure Contents. The outstanding open issue is what such local networked device can support https or wss. The derived requirement may be as follows, but it should be discussed in REQ-3. - The UA shall establish https or ws connection with the device with self-certificate if a user grant it and UA shall authorize it as a secure contexts. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpslocal/usecases/issues/4#issuecomment-336352597
Received on Friday, 13 October 2017 05:16:22 UTC