We have launched the HTTPS in Local Network Community Group. Our goal is to find out the manner of secure communication between browsers and server-capable devices in local network.
Today, many developers and manufacturers of devices working in local network are being faced with security restrictions, as follows:
- Mixed Content: When a web application is in Secure Contexts (e.g. cloud services), the web application cannot connect to local network device’s URL such as
- Secure Contexts: When web apps is in local network device’s origin (not in Secure Contexts), powerful features like getUserMedia, WebBluetooth, etc. become unavailable.
Of course, these specifications are intended to mitigate risk of security and privacy and prevent browsers from feature abuse on the web. While these specifications mandate even server-capable devices to use HTTP and WebSocket communications over TLS to collaborate with web applications in Secure Contexts, server certificates cannot be issued to such a device due to lack of possible validation (e.g. domain validation (DV)).
Discussion in TPAC 2016 Breakout Session
In order to share the motivation mentioned above and explore further understanding, several sponsors proposed a session for discussion in W3C TPAC 2016 breakouts. As a result, approximately 50 participants joined the session, and succeed to acquire a lot of valuable comments.
If you have an interest, please refer to the session summary.
We have just started exploring the manner of secure browser-to-device communication which mitigates restrictions without exposing browsers and devices to risk of security and privacy. We hope that developers and engineers in various technical areas would participate in our discussion.