Open tomoyukilabs opened 7 years ago
chrisn
commented
7 years ago Some useful work is being done in the Second Screen Community Group on protocols to support the Presentation API and Remote Playback API. For example, here is an analysis of mDNS and DNS-SD and SSDP.
Regarding authentication and authorization, are you thinking of things like OAuth 2.0 (and in particular the Device Flow)?
tomoyukilabs
commented
7 years ago @chrisn Thanks a lot! Of course, that analysis report looks very useful to us, and we should read "Privacy" and "Security" sections carefully.
Regarding authentication and authorization, are you thinking of things like OAuth 2.0 (and in particular the Device Flow?
Maybe, yes. We are thinking about mechanism to issue appropriate TLS certificates for such devices. So, authenticating and authorizing the devices properly would be necessary so that the devices could have their certificates safely and a web application could access the devices via HTTPS.
@dajiaji what do you think about that?
dajiaji
commented
7 years ago @dajiaji what do you think about that?
Sorry for my very late reply.
Regarding authentication and authorization, are you thinking of things like OAuth 2.0 (and in particular the Device Flow?
I think that OAuth 2.0 Device Flow might be helpful as a way to pair a device in local network to a user-agent on the step that the device obtains a server certificate.
However, the OAuth 2.0 Device Flow itself is different from what we want to do because the devices are OAuth clients and basically act as HTTP clients that access resource servers on the internet.
dajiaji
commented
7 years ago
- certificates and PKI
ACME: IETF ACME WG is mainly developing a specification of the framework for certificate authorities to issue DV (domain verified) server certificates automatically. The framework (called ACME framework) has been standardized based on existing technologies which is utilized by free automated certificate authority service Let’s Encrypt. I think that it is meaningful for us to think of a server certificate issuing mechanism for devices in local network based on ACME.
Use of Short-Term Automatically Renewed (STAR) Certificates to Delegate Authority over Web Sites: This is one of ACME extensions and focuses on the use cases that intermediate nodes (e.g., load balancers in cloud environments, edge servers in CDNs) have to terminate TLS sessions. The draft defines the way for authorities (domain name owners) to delegate the use of the certificates to the intermediate nodes above. Since devices in local network cannot obtain DV certs directly, such a delegation mechanism might be helpful for our solutions.
tomoyukilabs
commented
7 years ago @dajiaji Many thanks!
I have made a PR #10 to summarize all specs enumerated in this issue. I'll update the draft as items are proposed here.
In parallel with use cases and requirements clarification work, we would like to collect IETF standards and internet drafts relevant to local network services. Specs and drafts collected here can include but not limited to:
.local)At this moment I haven't prepared any draft or template yet. Any forms of contributions and proposals are welcome.
@yoneyajp If time permits, could you facilitate this work?