This document enumerates existing specifications and drafts relevant to in local network via HTTP and/or WebSocket over TLS, for the purpose of exploring a secure and flexible use of TLS in local network.
For details and further discussion, please refer to the corresponding issue in GitHub. Any proposals for addition, clarification and improvement are absolutely welcome.
[RelevantIETFDocuments.md], a list of potentially relevant standards and drafts discussed in IETF, could provide ideas, hints, and potential solutions for you, as well.
- IETF
- Use Cases for Authentication and Authorization in Constrained Environments: introduces several CoAP-based use cases of devices in constrained environments.
- W3C Web Application Security WG
- Secure Contexts: defines “secure contexts”, which user agent implementers and specification authors to allow minimum features of which authentication and confidentiality are met.
- Mixed Context: describes how a user agent should handle fetching of content over unencrypted or unauthenticated connections in the context of an encrypted and authenticated document.
- WHATWG Living Standards
- Fetch Living Standard: describes Cross-Origin Resource Sharing (CORS) specification integrated into fetch algorithms.
- W3C Second Screen CG
- BBC
- Discovery and Pairing Literature Review for MediaScape: describes a variety of service discovery and device paring mechanisms which are widely collected.
- IETF
- Automatic Certificate Management Environment (ACME): introduces an automation framework of issuing Domain Validated (DV) server certificates, developed by IETF ACME WG. Let's Encrypt is widely known as its implementation.
- CAA Record Extensions for Account URI and ACME Method Binding: proposes extensions to CAA records; a parameter "account-uri" to identify a specific CA account, and a parameter "validation-methods" to specify a challenge method.
- Use of Short-Term Automatically Renewed (STAR) Certificates to Delegate Authority over Web Sites: extends ACME to servers behind intermediate nodes such as load balancers, edge servers, etc.
- Bootstrapping Remote Secure Key Infrastructures (BRSKI): introduces automated bootstrapping of a remote secure key infrastructure (BRSKI) for devices in Low-powered and Lossy Networks (LLNs).
- IETF
- Special Use Domain 'home.arpa.' discusses use of a domain name '.home.arpa' specified to home networks
- W3C Web Authentication WG
- Web Authentication: An API for accessing Public Key Credentials Level 1: defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users.
- IETF
- The OAuth 2.0 Authorization Framework: defines procedures for how to enable a third-party application to obtain limited access to an HTTP service.
- OAuth 2.0 Device Flow for Browserless and Input Constrained Devices: proposes an authorization flow for browserless and input constrained devices like smart TV, media console, picture frame, printer, etc.
- J-PAKE: Password-Authenticated Key Exchange by Juggling: introduces password-authenticated key change technique without relying a PKI. W3C Second Screen Community Group is trying to incorporate J-PAKE into Open Screen Protocol.
TBA