Web-NFC. Was: Centralization dangers of applying OpenID Connect to wallets protocols (was: Re: 2022-2026 Verifiable Data Standards Roadmap [DRAFT])

I might need to follow up with the TangemID people. I am not sure how to
reach them. I have an installation of their Tangem ID app on my iPhone. I
just ran through the process with the issuer/verifier and credential wallet
cards and I got an error “This data cannot be signed”. I do have an NFC
reader and an NFC reader/writer in addition to what is available with my
iPhone.

On Monday, March 21, 2022, Anders Rundgren <anders.rundgren.net@gmail.com>
wrote:

> On 2022-03-21 13:45, Orie Steele wrote:
>
>> Although the firmware is proprietary, if WebNFC supported APDU, these
>> crypto currency wallet NFC Cards would almost give you what you want.
>>
>
> What I "want" is more basic: a replacement/complement to QR codes since QR
> codes are (like passwords), susceptible to traditional phishing attacks due
> to the lack of binding between the Web page and an URL provided in an
> embedded QR image.
>
> To succeed, NFC would eventually have to become a part of the PC/Mac
> platform which obviously will never happen unless something along these
> lines becomes a standard.
>
> Thanx,
> Anders
>
>
>> https://tangem.com/en/ <https://tangem.com/en/>
>>
>> I have tested them in "Kiosk" setups and they allow for vanilla EdDSA or
>> ES256K from hardware isolated keys.
>>
>> Unfortunately, you need a regular card reader to interact with them,
>> because web nfc does not expose the APDU interface.
>>
>> So they pair their solution with a Native App.
>>
>> I wouldn't say it's "too late"... there are currently 0 registered
>> standard payment method identifiers: https://www.w3.org/TR/payment-
>> method-id/#registry <https://www.w3.org/TR/payment-method-id/#registry>
>>
>> It does seem like somehow the folks who needed to be in the same room to
>> make this happen got spread across different WGs.
>>
>> OS
>>
>> On Mon, Mar 21, 2022 at 7:21 AM Anders Rundgren <
>> anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>>
>> wrote:
>>
>>     On 2022-03-21 13:13, Orie Steele wrote:
>>      > I'm not sure what exactly the proposal is.
>>      >
>>      > NDEF Tags and QR Codes can contain URLs which can then be used to
>> invoke applications.
>>      >
>>      > Are you hoping for more general purpose NFC APIs that are not
>> limited to mobile browsers?
>>
>>     Hi Orie,
>>
>>     Since the boat has sailed I'm not really hoping on anything :(
>>
>>     The idea is pretty well described in this GitHub issue:
>> https://github.com/w3c/web-nfc/issues/140 <https://github.com/w3c/web-nf
>> c/issues/140>
>>
>>     Thanx,
>>     Anders
>>
>>
>>      >
>>      > OS
>>      >
>>      > On Sat, Mar 19, 2022 at 1:52 AM Anders Rundgren <
>> anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>
>> <mailto:anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gm
>> ail.com>>> wrote:
>>      >
>>      >     Since the original topic is extremely large, I take the
>> liberty focusing on a related item which I have been actively involved in.
>>      >
>>      >     Google and Intel have created an API that makes it possible
>> reading and writing certain types of RFID tags from a mobile browser.
>> That's fine but this use case is already supported by much more powerful
>> native apps.
>>      >
>>      >     I claimed early on (and to no avail), that mobile devices
>> (phones) with native apps interacting with Web pages running in desktop
>> computers have lots of already established applications that could benefit
>> from a better solution.
>>      >
>>      >     The current solution to this generic use case are QR codes
>> which require you to manually start a specific application, alternatively
>> provide some private information which can be used for Web push.
>>      >
>>      >     Since QR codes do not provide the security context of the Web
>> page, this solution is susceptible to phishing.
>>      >
>>      >
>>      >     The only people outside of Google and Intel who have been
>> visible in this activity are RFID vendors.  The payment industry were not
>> there.  The same goes for the identity folks.
>>      >
>>      >     I would like to restart this activity but not alone.  Getting
>> NFC back in PCs will not happen overnight, if ever.
>>      >
>>      >     Thanx,
>>      >     Anders
>>      > https://github.com/w3c/web-nfc/issues/128 <
>> https://github.com/w3c/web-nfc/issues/128> <https://github.com/w3c/web-nf
>> c/issues/128 <https://github.com/w3c/web-nfc/issues/128>>
>>      >
>>      >
>>      >
>>      > --
>>      > *ORIE STEELE*
>>      > Chief Technical Officer
>>      > www.transmute.industries
>>      >
>>      > <https://www.transmute.industries <https://www.transmute.industr
>> ies>>
>>
>>
>>
>> --
>> *ORIE STEELE*
>> Chief Technical Officer
>> www.transmute.industries
>>
>> <https://www.transmute.industries>
>>
>
>
>

-- 
-Brent Shambaugh

GitHub: https://github.com/bshambaugh
Website: http://bshambaugh.org/
LinkedIN: https://www.linkedin.com/in/brent-shambaugh-9b91259
Skype: brent.shambaugh
Twitter: https://twitter.com/Brent_Shambaugh
WebID: http://bshambaugh.org/foaf.rdf#me

Received on Monday, 21 March 2022 18:18:55 UTC