Web NFC API Community Group Charter

This Charter: {TBD: URI}
none
Start Date: 2015-03-15
Last Modified 2015-03-15

Goals

Near-field communication (NFC) is a form of short range wireless communication in which NFC devices such as mobile phones can communicate with each other over a typical distance of 4cm or less. NFC allows for two way communication. The NFC Forum defines base standards for how smart cards are emulated by NFC devices and NFC Forum tags are formatted and the protocols for communicating between devices. There are three modes of operation:

read/write mode - the NFC device can read or write records, each of which has a type. There are currently several defined record types (Text, URI, Smart Poster, etc.). Records can be set to read-only, and protected through encryption and digital signatures. peer to peer mode - where two NFC devices exchange data, for example, data for setting up WiFi access, or data representing a business card. card emulation mode - where an NFC device emulates a smart card, e.g. allowing an NFC enabled phone to be used for contactless ticketing and payment applications. Emulated cards may have limited storage capabilities, e.g. the MiFare Classic 1K with 1024 bytes of data storage split across 16 sectors.

read/write mode - the NFC device can read or write records, each of which has a type. There are currently several defined record types (Text, URI, Smart Poster, etc.). Records can be set to read-only, and protected through encryption and digital signatures.
peer to peer mode - where two NFC devices exchange data, for example, data for setting up WiFi access, or data representing a business card.
card emulation mode - where an NFC device emulates a smart card, e.g. allowing an NFC enabled phone to be used for contactless ticketing and payment applications. Emulated cards may have limited storage capabilities, e.g. the MiFare Classic 1K with 1024 bytes of data storage split across 16 sectors.

The main benefit of NFC is the speed and simplicity of operation for end users. Touch a card to a reader to pay for ride on the metro. Touch an NFC phone to a tag on a poster to view the website for the associated event. Touch two NFC phones together to exchange business cards.

In some cases no set up is needed as the card's record type is recognized by the NFC device's operating system, which automatically launches the appropriate application, such as the web browser. In other cases, as in peer to peer mode, the device will first need to run the corresponding application, which may involve asking the user to select what information to share.

The Web Near Field Communication Working Group will define an API for Web page scripts to use the NFC data exchange format and APDUs, enabling a range of use cases for reading, writing, emulating cards and data exchange with peer NFC devices. Further background information can be found on the NFC Wiki.

Scope of Work

The goal is to provide a Web NFC API that satisfies the most important use cases for NFC from Web pages. We believe that means that the API will not expose full, low level NFC functionality, but rather a higher level subset that is safe for Web pages, protects user privacy, and doesn't annoy users with unnecessary or complex permission requests.

The scope of the Web Near Field Communications Working Group is limited to the development of APIs for Web page scripts to perform the following operations with NFC devices:

Reading NDEF messages
Writing NDEF messages
Setting NFC tags to read-only
Peer to peer exchange of NDEF messages between NFC devices
Optionally, manual connection for various technologies, e.g. NFC-A and NFC-F
Optionally, initiation of NFC Card emulation mode for NFC devices, to allow the use of a device for payments or for unlocking electronic door locks.
Optionally, initiation of handover mode to Bluetooth or WiFi technology.

The APIs will be designed to permit execution in the Web browser context, using the security model of the Web. The very short range of NFC devices requires users to make a conscious decision to put one of the devices into the appropriate mode and to bring the devices physically together, and this should enable a simpler security model that minimizes the need for applications to ask for explicit user permission. The need for direct user involvement under circumstances will need to be explored. The Working Group will explore permission models that recognize the special role of the frontmost, foreground tab when NFC devices are brought into close proximity by the user. The Working Group will also explore the possibility of sites registering with the user agent for particular types of messages. When multiple registrations are made for a particular type of message, a chooser is shown to the user to select among sites to handle the available message. Considerations like these could simplify user interactions for granting permissions while preserving privacy and security. However, answering “yes” to a security question must not enable a page to overwrite a writable tag in a way the user did not expect. Nor can it mean that a website can initiate a P2P communication with an NFC device which can have effects that the user did not intend. The Working Group may consider both an API for use by an untrusted website, as well as an enhanced API available to a Website is considered trusted. The WG will consider requiring that User Agents implement the Web NFC API to be HTTPS-only. The WG will consider requiring that for riskier API's that the User Agent knows which user is logged into the User Agent and knows what types of permissions that user is allowed to set, and the user has agreed to allowing a risky or experimental API for a particular trusted website. The identity of the user would be known by the User Agent (but not the web page), to know what is permitted for use by that Web site. The Web site is known through use of HTTPS so some APIs could be restricted to use by particular users and only by known, trusted websites. The Working Group could also consider use of some APIs only for sites in the local network (if permitted by the user). For example, where a device in the local network offers a web page (using https), the user could grant that web page permissions beyond what normally is allowed for random web pages. That would allow for a set of APIs, one safe for any website and then perhaps others that require higher levels of trust and permission.

Out of Scope

The Community Group will be implemented on top of NFC implementations provided by the platform. Low level NFC specification is out of scope.

Deliverables

Community Group Reports that are Specifications

The CG will define a Web NFC API specification, suitable for use from Web Browsers. The CG may also create a specification related to permissions and security governing availability or use of APIs. This could include defining particular message content related to permissions and security. The CG is free to arrange these specifications into one or more specifications for convenience. However, all Specifications being worked on must be clearly indicated on the CG Web page.

Community Group Reports that are not Specifications

The group MAY produce other Community Group Reports within the scope of this charter but that are not Specifications covered by the CLA.

Test Suites and Other Software

At present, there are no plans to create a test suite. If, however, the CG decides to develop a test suite, it will be developed in Open Source using the W3C Software License.

Dependencies or Liaisons

This group’s specifications have no direct dependencies on any other developing specification other than the Web Applications Working Group’s Web IDL specification, which many W3C specs depend upon. However, several other groups would provide valuable feedback and they will be asked to review drafts.


Device APIs Working Group: The NFC Working Group will coordinate with the Device APIs Working Group to ensure that the NFC API can be used effectively together with Web Intents.
HTML Working Group: The NFC Working Group will coordinate with the HTML Working Group to ensure that the NFC APIs conform to the privacy and security model for Web browsers.
Web Security Interest Group: The Web Security Interest Group should be asked to review deliverables to secure reviews on its deliverables from the Web Security Interest Group to ensure they offer the right level of security.
Privacy Interest Group: The Privacy Interest Group should be asked to review deliverables for privacy considerations.
Web Cryptography Working Group: Interaction with this group would be valuable for the potential synergies between work on JavaScript cryptographic APIs and access to secure elements on NFC devices.
Web Bluetooth Community Group: The Web Bluetooth Community Group should be asked to review deliverables to take advantage of their general expertise in exposing wireless technologies for Web standards. The NFC WG will closely follow the work of the Web Bluetooth CG, exploring the similarities of the approach on using these technologies by Web pages.
Trust and Permissions Community Group: The Trust and Permission Community Group may explore the notion of trusted websites, which would allow use of enhanced APIs that are available for use only in trusted pages.
WAI Protocols and Formats Working Group: The WAI Protocols and Formats Working Group should be asked to review deliverables in order to ensure the API supports accessibility requirements, particularly with regard to interoperability with assistive technologies, and inclusion in the deliverable of guidance for implementing the group’s deliverables in ways that support accessibility requirements.
Internationalization Activity: The Working Group will ask for reviews to ensure any I18N issues in the API are addressed.
NFC Forum: The NFC Working Group will liaise with the NFC Forum to ensure that the W3C NFC API is compatible with the NDEF specifications defined by the NFC Forum.
ISO and ECMA: The NFC Working Group will build upon the capabilities provided by NFC related standards developed by ISO/IEC/JTC 1 SC 6 and SC 17, and by Ecma International.

Community and Business Group Process

Terms of in this charter that conflict with those of the Community and Business Group Process are void.

Work Limited to Charter Scope

The group will not publish Community Group Reports that are Specifications on topics other than those listed under "Community Group Reports that are Specifications" above. See below for how to modify the charter. The CLA applies to these Community Group Reports.

Contribution Mechanics

For these Reports, Community Group participants agree to send contributions to either the group “contrib” list or to the general group list, with subject line starting "“[short-name-for spec]". When meeting discussion includes contributions, contributors are expected to record those contributions explicitly on the mailing list as described.

Chair Selection

Participants in this group choose their Chair(s) and can replace their Chair(s) at any time using whatever means they prefer. However, if 5 participants —no two from the same organization— call for an election, the group must use the following process to replace any current Chair(s) with a new Chair, consulting the Community Development Lead on election operations (e.g., voting infrastructure and using RFC 2777). Participants announce their candidacies. Participants have 14 days to announce their candidacies, but this period ends as soon as all participants have announced their intentions. If there is only one candidate, that person becomes the Chair. If there are two or more candidates, there is a vote. Otherwise, nothing changes. Participants vote. Participants have 21 days to vote for a single candidate, but this period ends as soon as all participants have voted. The individual who receives the most votes —no two from the same organization— is elected chair. In case of a tie, RFC2777 is used to break the tie. An elected Chair may appoint co-Chairs. Participants dissatisfied with the outcome of an election may ask the Community Development Lead to intervene. The Community Development Lead, after evaluating the election, may take any action including no action.

Decision Process

This group will seek to make decisions when there is consensus. When the group discusses an issue on the mailing list and there is a call from the group for assessing consensus, after due consideration of different opinions, the Chair should record a decision and any objections. Participants may call for an online vote if they feel the Chair has not accurately determined the consensus of the group or if the Chair refuses to assess consensus. The call for a vote must specify the duration of the vote which must be at least 7 days and should be no more than 14 days. The Chair must start the vote within 7 days of the request. The decision will be based on the majority of the ballots cast. It is the Chair’s responsibility to ensure that the decision process is fair, respects the consensus of the CG, and does not unreasonably favor or discriminate against any group participant or their employer.

Transparency

The group will conduct all of its technical work on its public mailing list. Any decisions reached at any meeting are tentative. Any group participant may object to a decision reached at an online meeting within 7 days of publication of the decision on the mail list. That decision must then be confirmed on the mail list by the Decision Process above.

Amendments to this Charter

The group can decide to work on a proposed amended charter, editing the text using the Decision Process described above. The decision on whether to adopt the amended charter is made by conducting a 30-day vote on the proposed new charter. The new charter, if approved, takes effect on either the proposed date in the charter itself, or 7 days after the result of the election is announced, whichever is later. A new charter must receive 2/3 of the votes cast in the approval vote to pass. The group may make simple corrections to the charter such as deliverable dates by the simpler group decision process rather than this charter amendment process. The group will use the amendment process for any substantive changes to the goals, scope, deliverables, decision process or rules for amending the charter.