W3C home > Mailing lists > Public > public-nfc@w3.org > February 2015

[nfc] Consider removing the UA use of which user is logged in

From: Jeffrey Yasskin via GitHub <sysbot+gh@w3.org>
Date: Wed, 18 Feb 2015 21:38:27 +0000
To: public-nfc@w3.org
Message-ID: <issues.opened-58132193-1424295506-sysbot+gh@w3.org>
jyasskin has just created a new issue for https://github.com/w3c/nfc:

== Consider removing the UA use of which user is logged in ==
http://w3c.github.io/nfc/charter/index.html#scope says:

> The WG will consider requiring that for riskier API's that **the 
User Agent knows which user is logged into the User Agent and knows 
what types of permissions that user is allowed to set**, and the user 
has agreed to allowing a risky or experimental API for a particular 
trusted website. The identity of the user would be known by the User 
Agent (but not the web page), to know what is permitted for use by 
that Web site. The Web site is known through use of HTTPS so some APIs
 could be restricted to use by particular users and only by known, 
trusted websites.

Generally the User Agent itself has only the OS-level permissions of 
the User, so it can't grant permissions the user doesn't have. Do we 
have a precedent for UAs acting as if they have more permissions than 
the user?

I also don't know of OS restrictions on NFC use by user: either the 
user can access the NFC radio or not, and the tag at the other end 
doesn't affect that. Are there platforms I don't know about that do 
let users access a subset of NFC devices?

I'd suggest rewording that paragraph to something like:

> The WG will consider requiring that for riskier API's whether the 
user has agreed to allowing a risky or experimental API for a 
particular trusted website. The Web site is known through use of HTTPS
 so some APIs could be restricted to use only by known, trusted 
websites.


See https://github.com/w3c/nfc/issues/78
Received on Wednesday, 18 February 2015 21:38:36 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 18 February 2015 21:38:36 UTC