- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Wed, 15 Apr 2015 10:54:03 +0200
- To: "Kis, Zoltan" <zoltan.kis@intel.com>
- CC: "Web NFC (W3C)" <public-web-nfc@w3.org>
On 2015-04-15 09:33, Kis, Zoltan wrote:
<snip>
>> Since Android is not a "WebOS", the issue https://github.com/w3c/web-nfc/issues/16
>> doesn't apply to Android (or iOS or Windows), making the spec and scope hard to understand.
>>
>
> Well, risking another misunderstanding, I'd say don't be disturbed by that. It is
> concerning an implementation detail for the web platforms :). We needed to record
> that issue as we bumped into the question while doing the implementation.
OK, so you are actually working on two (and IMO independent) standards?
The security considerations are also hard to follow since you don't clearly
separate the "server" (requesting web-page) and the connecting client, in
addition to talking about
"Web apps installed from a store, or web pages installed to home screen
(with [MANIFEST]) may be considered trusted by the user agent"
which doesn't have any direct counterpart in for example Android.
I think this will confuse people who do not belong to the "Inner Circle".
BTW, don't you actually have more or less the same security issues with "Trusted Applications"
as I have in the "WebNFC Bridge" and "Web2Native Bridge" conceptual specifications?
I.e. connecting clients must be prepared for "anything" like any other application
that is connecting to the outside world.
I don't see how you can provide white- or black-listing in a meaningful way either.
Best regards,
Anders
>
> Best regards,
> Zoltan
>
Received on Wednesday, 15 April 2015 08:54:37 UTC