Welcome to HTTPS in Local Network Community Group
Posted on:We have launched the HTTPS in Local Network Community Group. Our goal is to find out the manner of secure communication between browsers and server-capable devices in local network.
Background
Today, many developers and manufacturers of devices working in local network are being faced with security restrictions, as follows:
- Mixed Content: When a web application is in Secure Contexts (e.g. cloud services), the web application cannot connect to local network device’s URL such as
http://
andws://
. - Secure Contexts: When web apps is in local network device’s origin (not in Secure Contexts), powerful features like getUserMedia, WebBluetooth, etc. become unavailable.
Of course, these specifications are intended to mitigate risk of security and privacy and prevent browsers from feature abuse on the web. While these specifications mandate even server-capable devices to use HTTP and WebSocket communications over TLS to collaborate with web applications in Secure Contexts, server certificates cannot be issued to such a device due to lack of possible validation (e.g. domain validation (DV)).
Discussion in TPAC 2016 Breakout Session
In order to share the motivation mentioned above and explore further understanding, several sponsors proposed a session for discussion in W3C TPAC 2016 breakouts. As a result, approximately 50 participants joined the session, and succeed to acquire a lot of valuable comments.
If you have an interest, please refer to the session summary.
Join us
We have just started exploring the manner of secure browser-to-device communication which mitigates restrictions without exposing browsers and devices to risk of security and privacy. We hope that developers and engineers in various technical areas would participate in our discussion.
Where is the best place to begin participating in the discussion?
Sorry, but I have not announced our logistics on the web yet. For now, we have prepared GitHub [1] for the purpose of sharing information, having discussions and create documents including CG reports.
First, we have made a repository to collect use cases [2], for the purpose of discussing and clarifying requirements.
[1] https://github.com/httpslocal
[2] https://github.com/httpslocal/usecases
Awesome and Very Informative Article. Thank you so much, It Helps me a lot!
You are welcome. We are happy if that information is useful for you.