- From: Tomoyuki Shimizu <notifications@github.com>
- Date: Tue, 17 Oct 2017 21:42:22 -0700
- To: httpslocal/usecases <usecases@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <httpslocal/usecases/pull/11/c337458766@github.com>
@igarashi50 As you mentioned, this PR only includes "authenticate *before* grant/issue a certificate" rationale. Although I considered the similar idea at first, I have left this PR as it is now for the following reasons: - "authenticate *after* grant/issue a certificate" might cause unwanted or unintended certificate grant or issuance by aborting the consequent authentication step. - The user might be asked two times by the UA, 1) to grant/issue a certificate, and 2) to authenticate. On the other hand, I suppose that the *before* case could combine these two steps of user interaction into a single one. (Note that this PR still mentions "granted by the user" just in case, but we can discuss whether it can be safely dropped or not.) > I suggest that the following requirements about the former case will be be clarified the based on the "Certificate Grant and Issuance" Do you mean that typing PIN code is required two times for both authentication and certificate grant/issuance? > I also think the user grant for "Device Delegate" is optional. I can agree if the device behind the device delegate can request the UA to respond with PIN code via the delegate. > - UA shall expose a user the information of discovered devices by indicating they have certificates for the endpoint URL obtained by. This PR intentionally omits this sort of idea since I currently assume that discovery about server-capable devices *without* a certificate, which could not be connected due to *mixed content restriction*, would be out of scope. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpslocal/usecases/pull/11#issuecomment-337458766
Received on Wednesday, 18 October 2017 04:42:51 UTC