Re: General objection regarding Web NFC

On 2015-04-14 15:46, Kostiainen, Anssi wrote:
> Hi Anders,

Hi Anssi,

>
>> On 14 Apr 2015, at 14:41, Anders Rundgren <anders.rundgren.net@gmail.com> wrote:
>>
>> When I read issues like https://github.com/w3c/web-nfc/issues/16
>> I get the impression that you expect connecting clients to use Web-technology.
>>
>> IMO, this assumption will severely limit the value of Web NFC.
>> The only "standard" that's really lacking, is a way for untrusted Web-pages to interact with connecting client devices.
>> http://ipt.intel.com/Home/How-it-works/network-security-identity-management/ipt-with-near-field-communications
>>
>> How Web-based OSes expose NFC to the outer world should IMO be left to another forum to cater for including
>> security considerations.
>
> The group's Charter defines the goals and scope for the group. I encourage you familiarise yourself with the document:
>
>    http://w3c.github.io/web-nfc/charter/
>
> The Charter was crafted with input from multiple stakeholders, including multiple major browser implementers.

I know but the charter doesn't address my question.

I.e. a fundamental issue didn't show-up until it got into the actual specification.
BTW, this is quite normal, it happens all the time :-)


> As the participant of the group, you are free to propose changes
 > to the Charter per the "Amendments to this Charter" section defined in the above-mentioned document.

I prefer leaving this to Intel and Google to think about.

There is one consideration I would like to add as well:
Ideally you always want to "centralize" privacy and security UX, right?
The problem is that this "one-size-fits-all" approach creates new problems
since the browser often cannot really tell the user what exactly is at risk.
Therefore I have decided to "delegate" this problem to the connecting applications
which can do this job much better.

Regards
Anders

>
> Thanks,
>
> -Anssi (CG chair)
>

Received on Tuesday, 14 April 2015 15:02:24 UTC