Skip to toolbar

Community & Business Groups

HTTPS in Local Network Community Group

The HTTPS in Local Network Community Group (CG) explores the manner of secure communication between browsers and server-capable devices in local network such as set-top boxes, network attached storages, etc. We propose that this Community Group clarify requirements for browsers and devices in issuing valid certificates and establishment of HTTPS and WebSocket connections over TLS and incubate relevant specifications of APIs and/or network protocols. This work has four primary purposes:
  • Improve security and privacy of communication between browsers and server-capable devices.
  • Enable web applications in secure contexts to communicate with server-capable devices in local network via XMLHttpRequest, Fetch API, and WebSocket.
  • Enable service discovery mechanisms to advertise existence of TLS-enabled server-capable devices.
  • Encourage adoption and implementation of the specification by browser vendors and device manufacturers.
Given wider support and adequate stability, we plan to migrate the proposals generated in this Community Group to an appropriate standards track, for example the IETF Standards Track or a W3C Working Group, for further contributions and formal standardization.

Note: Community Groups are proposed and run by the community. Although W3C hosts these conversations, the groups do not necessarily represent the views of the W3C Membership or staff.

No Reports Yet Published

Learn more about publishing.

Chairs, when logged in, may publish draft and final reports. Please see report requirements.

Publish Reports

Welcome to HTTPS in Local Network Community Group

We have launched the HTTPS in Local Network Community Group. Our goal is to find out the manner of secure communication between browsers and server-capable devices in local network.

Background

Today, many developers and manufacturers of devices working in local network are being faced with security restrictions, as follows:

  • Mixed Content: When a web application is in Secure Contexts (e.g. cloud services), the web application cannot connect to local network device’s URL such as http:// and ws://.
  • Secure Contexts: When web apps is in local network device’s origin (not in Secure Contexts), powerful features like getUserMedia, WebBluetooth, etc. become unavailable.

Of course, these specifications are intended to mitigate risk of security and privacy and prevent browsers from feature abuse on the web. While these specifications mandate even server-capable devices to use HTTP and WebSocket communications over TLS to collaborate with web applications in Secure Contexts, server certificates cannot be issued to such a device due to lack of possible validation (e.g. domain validation (DV)).

Discussion in TPAC 2016 Breakout Session

In order to share the motivation mentioned above and explore further understanding, several sponsors proposed a session for discussion in W3C TPAC 2016 breakouts. As a result, approximately 50 participants joined the session, and succeed to acquire a lot of valuable comments.

If you have an interest, please refer to the session summary.

Join us

We have just started exploring the manner of secure browser-to-device communication which mitigates restrictions without exposing browsers and devices to risk of security and privacy. We hope that developers and engineers in various technical areas would participate in our discussion.

Call for Participation in HTTPS in Local Network Community Group

The HTTPS in Local Network Community Group has been launched:


The HTTPS in Local Network Community Group (CG) explores the manner of secure communication between browsers and server-capable devices in local network such as set-top boxes, network attached storages, etc. We propose that this Community Group clarify requirements for browsers and devices in issuing valid certificates and establishment of HTTPS and WebSocket connections over TLS and incubate relevant specifications of APIs and/or network protocols.

This work has four primary purposes:

  • Improve security and privacy of communication between browsers and server-capable devices.
  • Enable web applications in secure contexts to communicate with server-capable devices in local network via XMLHttpRequest, Fetch API, and WebSocket.
  • Enable service discovery mechanisms to advertise existence of TLS-enabled server-capable devices.
  • Encourage adoption and implementation of the specification by browser vendors and device manufacturers.

Given wider support and adequate stability, we plan to migrate the proposals
generated in this Community Group to an appropriate standards track, for
example the IETF Standards Track or a W3C Working Group, for further
contributions and formal standardization.


In order to join the group, you will need a W3C account. Please note, however, that W3C Membership is not required to join a Community Group.

This is a community initiative. This group was originally proposed on 2017-02-03 by Tomoyuki Shimizu. The following people supported its creation: Tomoyuki Shimizu, Daisuke Ajitomi, Yoshiro Yoneya, Junichi Hashimoto, Tatsuya Igarashi. W3C’s hosting of this group does not imply endorsement of the activities.

The group must now choose a chair. Read more about how to get started in a new group and good practice for running a group.

We invite you to share news of this new group in social media and other channels.

If you believe that there is an issue with this group that requires the attention of the W3C staff, please email us at site-comments@w3.org

Thank you,
W3C Community Development Team