- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Tue, 07 Apr 2015 14:49:42 +0200
- To: public-nfc@w3.org
- Message-ID: <5523D266.5030205@gmail.com>
5. Security and Privacy Considerations User agents must not provide Web NFC API access to web apps without the expressed permission of the user. User agents must acquire consent for permission through a user interface for each call to the methods of this API, unless a prearranged trust relationship applies. User agents may support prearranged trust relationships that do not require such per-request user interfaces. ------ I'm probably naive and my knowledge of NFC is indeed not that great, but I don't see that writing NDEF records to NFC would necessarily require any security prompts. A short "flash" like in Android saying "NFC data is available" should (IMO) be sufficient. Regarding adapter selection, I would remove that from APIs exposed to the "Open Web" and for the extremely rare situation that there are actually are multiple adapters, leave that choice to the user. /Generally I think user-side NFC and server-side NFC should live in different specs, even if NFC in itself is "symmetric". User-side NFC may be performed by native applications and doesn't necessary have a web-interface at all./ Anders
Received on Tuesday, 7 April 2015 12:50:15 UTC