- From: Kis, Zoltan <zoltan.kis@intel.com>
- Date: Tue, 14 Apr 2015 22:41:00 +0300
- To: Anders Rundgren <anders.rundgren.net@gmail.com>
- Cc: "Kostiainen, Anssi" <anssi.kostiainen@intel.com>, "Web NFC (W3C)" <public-web-nfc@w3.org>
- Message-ID: <CANrNqUe0RRqfAatS8XyEs=sntB2x7KVUDNvQ403MEfpcigOyng@mail.gmail.com>
On Tue, Apr 14, 2015 at 6:52 PM, Anders Rundgren <
anders.rundgren.net@gmail.com> wrote:
> When I read issues like
>> https://github.com/w3c/web-__nfc/issues/16 <
>> https://github.com/w3c/web-nfc/issues/16>
>> I get the impression that you expect connecting clients to
>> use Web-technology.
>>
>> IMO, this assumption will severely limit the value of Web NFC.
>> The only "standard" that's really lacking, is a way for
>> untrusted Web-pages to interact with connecting client devices.
>> http://ipt.intel.com/Home/How-__it-works/network-security-__
>> identity-management/ipt-with-__near-field-communications <
>> http://ipt.intel.com/Home/How-it-works/network-security-
>> identity-management/ipt-with-near-field-communications>
>>
>> How Web-based OSes expose NFC to the outer world should IMO
>> be left to another forum to cater for including
>> security considerations.
>>
>> This is the CG which intended to deal with it.
>>
>
> So this is basically SysApps reborn, then?
>
No, we use the browser security model, and Web NFC functionality is exposed
to untrusted web pages.
> I'm not talking about API changes, I'm suggesting an entirely different
> direction
> targeted at the mass-market which is currently using *agnostic* connecting
> clients.
>
> This is way outside of what a Web Payment IG could deal with, this is core
> technology.
> In fact, I'm not even myself enough into NFC and WebIDL to create the
> complete
> specification which is one reason why I joined this CG.
>
> Anyway, there is a 3 + 8 page "presentation/specification" for those who
> are interested.
> https://cyberphone.github.io/openkeystore/resources/docs/
> webnfc--web2device-bridge.pdf
> https://cyberphone.github.io/openkeystore/resources/docs/
> web2native-bridge.pdf
>
>
I think the best way to deal with this would be a separate report (spec) in
this CG.
However, we need to poll how much interest is there for implementing it.
To summarize the points. As we discussed earlier, you'd need the following:
- a device with NFC, from which a user starts a session with a web page,
say merchant.com, and wants to get a payment done
- need a dispatch mechanism by which the page at merchant.com could pack
contextual data relevant to the payment and
- either function as a Point of Sales terminal and get the payment done
from another device with NFC and a wallet app,
- a) or send a request by NFC to launch on the second device a local
vetted/trusted target app with the context received as opaque data, on
which the user completes the payment
- b) or, in a variant, the second device is used for creating a
handover on bluetooth with the first device and complete the payment on the
first device, by the target app talking with the original merchant page.
So implementations need to be able to
- handle capabilities (e.g. payment of this kind),
- register/discover trusted target apps which support that capability
- dispatch requests + opaque contextual data via NFC
- receive such requests and invoke a local trusted target app (web-callable
trusted apps).
This is not much different from your earlier idea to call privileged
functions from an i-frame and communicate via PostMessage with it. However,
NFC would leverage built-in security and the gesture of touch as a
permission.
We still have attacker & threat model to deal with (especially with that
opaque contextual data).
Now this functionality is quite separate from what we've been doing in Web
NFC CG. It could be an additional feature to be supported by
implementations. If there is interest for it in this group, it would be
nice to start work on a CG report related to it.
Best regards,
Zoltan
Received on Tuesday, 14 April 2015 19:41:32 UTC