I am coming to the conclusion that these devices should be treated like every other URL on the web. It should have TLs with a proper cert, a global domain name, wifi, and access controlled by something well known like Openid/oauth. With native apps and CORS firewall traversal is solvable without special protocols and adaptors.