Our great sponsors
-
proposals
A home for well-formed proposed incubations for the web platform. All proposals welcome. (by WICG)
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Yes, it is 100% time fot that.
Mozilla FlyWeb was close, but didn't handle remote access. It could have been extended to, but they dropped it.
I wrote a proposal here for how this could be done with Bluetooth-like pairing, using URLs that embed a certificate hash, a random sequence as an extra security layer, and a lookup URL that one can ask where to find the host for a service, for access over the WAN.
By using a URL instead of normal non-HTTP DNS, the lookup URL can be another web service self hosted using the same TLD, or a Data URI if one is hosting from a static IP.
No part of the URL besides the key is used to determine the origin for CORS and local storage, so you can change discovery methods and the random string freely.
Initial connection is by directly sending a link, or by LAN discovery.
Unless discovery is enabled and you are on the same network, it should be impossible to connect without already knowing the URL, so even if your home automation hub is very badly coded, they can't even start hacking it till they find your URL, which can't be found just by sniffing(Because of that random string).
Clients track the "last seen" address of servers, so even if lookup goes down, access still works until your home IP changes.
When nodes connect over LAN, the server sends it's "Find me on the WAN at" IP. So even with no discovery server at all and no static IP, it creates a very convincing illusion of "just working" 99% of the time.
Which means that if you buy a device that uses a cloud lookup service, and they drop that service, your device will still be remote accessible, most of the time. Which might be good enough, or at least good enough to get by until you can find a more permanent solution.
Proposal:
https://github.com/WICG/proposals/issues/43
And a partial implementation of a very close version(Lookups always use OpenDHT in this), plus a notetaking app based on it.
https://github.com/EternityForest/hardlinep2p
I really think this is one of those critical missing technologies that would really enable a lot of amazing things.
Yes, it is 100% time fot that.
Mozilla FlyWeb was close, but didn't handle remote access. It could have been extended to, but they dropped it.
I wrote a proposal here for how this could be done with Bluetooth-like pairing, using URLs that embed a certificate hash, a random sequence as an extra security layer, and a lookup URL that one can ask where to find the host for a service, for access over the WAN.
By using a URL instead of normal non-HTTP DNS, the lookup URL can be another web service self hosted using the same TLD, or a Data URI if one is hosting from a static IP.
No part of the URL besides the key is used to determine the origin for CORS and local storage, so you can change discovery methods and the random string freely.
Initial connection is by directly sending a link, or by LAN discovery.
Unless discovery is enabled and you are on the same network, it should be impossible to connect without already knowing the URL, so even if your home automation hub is very badly coded, they can't even start hacking it till they find your URL, which can't be found just by sniffing(Because of that random string).
Clients track the "last seen" address of servers, so even if lookup goes down, access still works until your home IP changes.
When nodes connect over LAN, the server sends it's "Find me on the WAN at" IP. So even with no discovery server at all and no static IP, it creates a very convincing illusion of "just working" 99% of the time.
Which means that if you buy a device that uses a cloud lookup service, and they drop that service, your device will still be remote accessible, most of the time. Which might be good enough, or at least good enough to get by until you can find a more permanent solution.
Proposal:
https://github.com/WICG/proposals/issues/43
And a partial implementation of a very close version(Lookups always use OpenDHT in this), plus a notetaking app based on it.
https://github.com/EternityForest/hardlinep2p
I really think this is one of those critical missing technologies that would really enable a lot of amazing things.