The HTTPS in Local Network Community Group (CG) explores the manner of secure communication between browsers and server-capable devices in local network such as set-top boxes, network attached storages, etc. We propose that this Community Group clarify requirements for browsers and devices in issuing valid certificates and establishment of HTTPS and WebSocket connections over TLS and incubate relevant specifications of APIs and/or network protocols.
This work has four primary purposes:
foo.local), however, such an
identifier may be much less appropriate for issuing certificates. The
specifications will provide a manner to issue suitable certificates for
such devices in secure and robust procedures.
Given wider support and adequate stability, we plan to migrate the proposals generated in this Community Group to an appropriate standards track, for example the IETF Standards Track or a W3C Working Group, for further contributions and formal standardization.
Membership of the group is open to everybody. Upon joining the group, participants agree to the terms of the W3C Community Contributor License Agreement (CLA).
By tradition, diverse kinds of connected devices have been provided browsers with web applications as their controller user interfaces via plain HTTP connections. Since such a connection usually lacks encryption and identity verification, the current web security model regards the device's origin as insecure, which prevents web applications in secure contexts from connecting to the devices in local network.
Therefore, it is necessary how to issue valid TLS certificates for the devices in order to ensure security and privacy of their communication channels and avoid mixed content. Issuing certificates securely would require device verification by the issuer and device authentication by users. Coordination with service discovery mechanisms might also be important.
The following tasks are in scope for the work of the community group. The group's scope are divided into two phases. In phase 1, the group will focus on clarifying the network, functional, security and privacy requirements, and exploring adoption of existing standards to meet the requirements. If the group cannot find any existing standards which can meet the requirements, the group will develop new supplementary standards in phase 2.
The following specification may be developed in phase 2, only if it is found that any existing standards cannot be adopted to meet the requirements discussed in phase 1.
For this community group, the following tasks are out of scope.
The group will only produce Specifications listed in this section at most.
The Community Group will deliver specifications designed to meet functional and security requirements of adopting TLS for communication between browsers and server-capable devices, which will be discussed in this group, only if the group cannot find any existing standards to meet the requirements.
To add any additional specifications, this Charter must be amended by the process described in the Amendments to the Charter section. All deliverables for which the CLA Patents section applies must be designated as such here.
The group may produce other Community Group Reports within the scope of this charter but that are not Specifications, for instance use cases, requirements, or white papers.
It is anticipated that the group will collaborate with appropriate W3C Working Groups, Interest Groups and Community Group in order to transition specification proposals to the Recommendation Track.
The group operates under the Community and Business Group Process. Terms in this Charter that conflict with those of the Community and Business Group Process are void.
As with other Community Groups, W3C seeks organizational licensing commitments under the W3C Community Contributor License Agreement (CLA). When people request to participate without representing their organization's legal interests, W3C will in general approve those requests for this group with the following understanding: W3C will seek and expect an organizational commitment under the CLA starting with the individual's first request to make a contribution to a group Deliverable. The section on Contribution Mechanics describes how W3C expects to monitor these contribution requests.
The group will not publish Specifications on topics other than those listed under Specifications above. See below for how to modify the charter.
Substantive Contributions to Specifications can only be made by Community Group Participants who have agreed to the W3C Community Contributor License Agreement (CLA).
Specifications created in the Community Group must use the W3C Software and Document License. All other documents produced by the group should use that License where possible.
Community Group participants agree to make all contributions in the GitHub repo the group is using for the particular document. This may be in the form of a pull request (preferred), by raising an issue, or by adding a comment to an existing issue.
All Github repositories attached to the Community Group must contain a copy of the CONTRIBUTING and LICENSE files.
The group will conduct all of its technical work in public. All technical work will occur in its GitHub repositories (and not in mailing list discussions). This is to ensure contributions can be tracked through a software tool.
Meetings may be restricted to Community Group participants, but a public summary or minutes must be posted to the group's public mailing list and Wiki.
This group will seek to make decisions where there is consensus. Groups are free to decide how to make decisions (e.g. Participants who have earned Committer status for a history of useful contributions assess consensus, or the Chair assesses consensus, or where consensus isn't clear there is a Call for Consensus [CfC] to allow multi-day online feedback for a proposed course of action). It is expected that participants can earn Committer status through a history of valuable contributions as is common in open source projects. After discussion and due consideration of different opinions, a decision should be publicly recorded (where GitHub is used as the resolution of an Issue).
If substantial disagreement remains (e.g. the group is divided) and the group needs to decide an Issue in order to continue to make progress, the Committers will choose an alternative that had substantial support (with a vote of Committers if necessary). Individuals who disagree with the choice are strongly encouraged to take ownership of their objection by taking ownership of an alternative fork. This is explicitly allowed (and preferred to blocking progress) with a goal of letting implementation experience inform which spec is ultimately chosen by the group to move ahead with.
Any decisions reached at any meeting are tentative and should be recorded in a GitHub Issue for groups that use GitHub and otherwise on the group's public mail list. Any group participant may object to a decision reached at an online or in-person meeting within 10 days of publication of the decision provided that they include clear technical reasons for their objection. The Chairs will facilitate discussion to try to resolve the objection according to the decision process.
It is the Chairs' responsibility to ensure that the decision process is fair, respects the consensus of the CG, and does not unreasonably favour or discriminate against any group participant or their employer.
Participants in this group choose their Chair(s) and can replace their Chair(s) at any time using whatever means they prefer. However, if 5 participants, no two from the same organisation, call for an election, the group must use the following process to replace any current Chair(s) with a new Chair, consulting the Community Development Lead on election operations.
Participants dissatisfied with the outcome of an election may ask the Community Development Lead to intervene. The Community Development Lead, after evaluating the election, may take any action including no action.
The group can decide to work on a proposed amended charter, editing the text using the Decision Process described above. The decision on whether to adopt the amended charter is made by conducting a 30-day vote on the proposed new charter. The new charter, if approved, takes effect on either the proposed date in the charter itself, or 7 days after the result of the election is announced, whichever is later. A new charter must receive 2/3 of the votes cast in the approval vote to pass. The group may make simple corrections to the charter such as deliverable dates by the simpler group decision process rather than this charter amendment process. The group will use the amendment process for any substantive changes to the goals, scope, deliverables, decision process or rules for amending the charter.