- From: Tomoyuki Shimizu <notifications@github.com>
- Date: Thu, 12 Oct 2017 23:03:01 -0700
- To: httpslocal/usecases <usecases@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 13 October 2017 06:06:49 UTC
@igarashi50 several comments below: > REQ-02: Device Authentication I agree with this change. We can drop "secure context" here. > The UA shall be able to authenticate the device as a secure content in order to support Mixed Content and CORS (/w credentials). .That is, the device shall be able to communicate https or wss as required by Secure Contents. it is quite obvious that the UA should be compliant with the specs of Secure Contexts, Mixed Content, and CORS. I suppose that to explore how to connect the UA to the device under this restriction, we are going to discuss its solution in REC-03. What we should talk about in REQ-02 looks like how the UA could specify the target device correctly and prevent other devices from eavesdropping and impersonating the device. This requirement could be similar to [privacy and security requirements of Open Screen Protocol](https://github.com/webscreens/openscreenprotocol/blob/gh-pages/requirements.md#privacy-and-security). Note that we should rather say, "*restrict* mixed content". (Please refer to [Mixed Content spec](https://w3c.github.io/webappsec-mixed-content/)) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpslocal/usecases/issues/4#issuecomment-336358678
Received on Friday, 13 October 2017 06:06:49 UTC