I know OpenSSL, but I wouldn’t say that a secure solution with client-side certificates is “easy” (and without client certificates, every browser script that is allowed to connect to local sockets would still be able to do malicious things).
(If it is enough to click OK [no password required] to install a rootkit, it doesn’t matter if GfxTablet is present anway.)
So, thanks for your suggestion But GfxTablet is a prototype/proof of concept and not intended to be a secure server that supports authentication. If you’re interested in implementing this, please fork and submit a patch request.
After a bit of tinkering, my device appeared also as a pointer as “Network Tablet Pen (0)” . Using it
xinput map-to-output “$( xinput list --id-only “Network Tablet Pen (0)” )” HDMI-0
worked like a charm