Re: [httpslocal/usecases] [Requirements] separate and refine requirements (#11)

I think that the "Device Authentication" should be spited in two cases.  One is before a certificate grant and issuance is done, the other is after then. The former case depends on the "Certificate Grant and Issuance". I suggest that "Device Authentication" states the following requirements on the latter case. 

- The UA shall authenticate one of the discovered device selected by the user.
- The UA shall only expose the interface to the authenticated device to web applications.

I suggest that the following requirements about the former case will be be clarified the based on the "Certificate Grant and Issuance". I also think the user grant for "Device Delegate" is optional.

- The UA shall authenticate one of the devices registered in the device delegate selected on the web application.
- The UA shall ask the user to input information such as PIN code or passphrase when the device requests to do so, and notify the device of the information, so that the UA and the device or the device delegate can properly authenticate with each other.
- The UA shall initiate certificate grant and issuance procedure when the device or the device delegate is authenticated successfully.
- The UA shall be able to authenticate the device or the device delegate automatically without the user’s grant when it has been authenticated once and its certificate has not been expired or revoked yet.

I also suggest including the following requirement in to "Device Discovery" assuming that the "Device Discovery" states the requirements after "Certificate Grand and Issuance" is done.

- The UA shall expose a user the information of discovered devices by indicating the endpoint URL obtained by the devices.






-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpslocal/usecases/pull/11#issuecomment-337444967