- From: Tomoyuki Shimizu <notifications@github.com>
- Date: Thu, 12 Oct 2017 22:32:02 -0700
- To: httpslocal/usecases <usecases@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 13 October 2017 05:32:33 UTC
@igarashi50 My comments are inline below. > The "securely discover" should be clarified. I think of it as follows. I agree with this comment, but > (1) Authentication: UA should be able to discover only devices which are trusted by someone. > (2) Confidentiality: The data in discovery message should be only visible between the UA and the Device. > (3) Integrity: I think that the data in discovery message should not be modified by others. I suppose that these properties could be applied to connection establishment rather than the device discovery phase, since neither mDNS nor SSDP provide them, for example. What we should explore here is how to mitigate privacy leakage and possibilities of device scanning as much as possible, right? > * A secure context loaded from the internet to the UA (hereinafter just called 'secure context') should also be able to discover target device capabilities that are actively (e.g., turned on) connected to the local network (e.g., device type, identity of a set of Web APIs, and so on). > It is unclear to me if UA needs to know target device capabilities. I agree with this. IMO, device capability discovery itself seems out of scope. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpslocal/usecases/issues/4#issuecomment-336354527
Received on Friday, 13 October 2017 05:32:33 UTC