- From: Jonas Sicking via GitHub <sysbot+gh@w3.org>
- Date: Wed, 18 Feb 2015 23:11:31 +0000
- To: public-nfc@w3.org
> Re "it might be ok to simply ask the user if it's ok for this website to read NFC tags", I think it's ok to infer the user's intent to allow a page to read a tag, from the fact that the user touched the tag with their device while the page was "frontmost". Whether the tag is a Web tag doesn't really affect this. My main point was actually that we can be less restrictive when it comes to *reading* non-WebNFC NFC tags than when it comes to *writing* to them. But we might very well not even need a prompt. The only concern that I had was that the user might not have intended to touch their device to a tag. For example the user might not have realized that a tag existed in the given location at all. But I agree that's a bit far-fetched. But you make a good point that that scenario isn't that different between WebNFC tags and non-WebNFC tags. Either way this seems like a solvable problem. > Separately, I think that the id NDEF record is probably too limited to identify WebNFC devices. We probably want the device to be able to express a set of origins that are allowed to access it, rather than just a single origin, and IIUC the id record can't hold enough data to do that in general. I don't have a strong opinion on this. Assuming that we allow cross-origin iframes to use the WebNFC API, you can always have one origin be the one which reads the tag, but then forward that information to any set of origins using parent.postMessage(). -- GitHub Notif of comment by sicking See https://github.com/w3c/nfc/issues/76#issuecomment-74968902
Received on Thursday, 19 February 2015 00:12:04 UTC