- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Wed, 15 Apr 2015 20:52:33 +0200
- To: Wayne Carr <wayne.carr@linux.intel.com>, "Web NFC (W3C)" <public-web-nfc@w3.org>
- Message-ID: <552EB371.1050803@gmail.com>
On 2015-04-15 19:56, Wayne Carr wrote:
>
>
> On 2015-04-14 20:10, Anders Rundgren wrote:
>> Hi Guys,
>>
>> Just in order to get this discussion in a better shape, would it be possible
>> getting a rationale for the fact that your work assumes that the connecting
>> client device is based on Web technology?
>
> I may not be understanding you. This is the WorldWide Web Consortium. It creates Web specs. If it wasn't using Web technologies, we wouldn't be doing it here.
Since the latter part of use-case 2
"2. Support communication with active (powered devices such as readers,
phones) and passive (smart cards, tags, etc) devices"
hardly is based on Web technology I find this statement contradictory.
There can be no requirement that connecting mobile devices use HTML5/JS-based clients to interact with Web NFC tags activated from Web-pages, right?
I.e. there are de-facto TWO projects in this CG sharing the same document-set which leads to security considerations like:
"Web apps installed from a store, or web pages installed to home screen
(with [MANIFEST]) may be considered trusted by the user agent"
which has no counterparts in Android and iOS.
To me the requesting and connecting side are quite different.
Anders
>
>> It is clearly an omission from the charter and use-case documents.
>
> Are you saying that the charter doesn't make it clear this is about client side Web technology?
>
> From the Charter:
>
> "The Web Near Field Communication Community Group will define an API for Web page scripts to use the..."
>
> "The goal is to provide a Web NFC API that satisfies the most important use cases for NFC from Web pages."
>
> "The scope of the Web Near Field Communications Community Group is limited to the development of APIs for Web page scripts"
>
> "The APIs will be designed to permit execution in the Web browser context, using the security model of the Web."
>
> "The CG will define a Web NFC API specification, suitable for use from Web Browsers."
>
> If I'm understanding you, it seems you want to do something other than an NFC JavaScript API for Web Browsers and that you think that isn't useful or necessary. Again, if I understand you, you would like a spec for discovery and message passing to native apps from Web pages and you think that would be a substitute for efforts like this group.
>
> That would be a different group, not this one. It would be one about registering and exchanging messages with native code. There are other groups who could consider that: Web Applications Security WG, Web Applications WG, Trust & Permissions Community Group, Device API WG, or a new Community Group aimed at that particular topic. This Community Group isn't for delivering general infrastructure like that. It would be one of those groups or a separate group.
>
>>
>> Cheers,
>> Anders
>>
>> On 2015-04-14 13:41, Anders Rundgren wrote:
>>> When I read issues like https://github.com/w3c/web-nfc/issues/16
>>> I get the impression that you expect connecting clients to use Web-technology.
>>>
>>> IMO, this assumption will severely limit the value of Web NFC.
>>> The only "standard" that's really lacking, is a way for untrusted Web-pages to interact with connecting client devices.
>>> http://ipt.intel.com/Home/How-it-works/network-security-identity-management/ipt-with-near-field-communications
>>>
>>> How Web-based OSes expose NFC to the outer world should IMO be left to another forum to cater for including
>>> security considerations.
>>>
>>> Cheers,
>>> Anders
>>>
>>>
>>
>>
>>
>>
>
Received on Wednesday, 15 April 2015 18:53:11 UTC