- From: Jeffrey Yasskin via GitHub <sysbot+gh@w3.org>
- Date: Wed, 18 Feb 2015 21:47:18 +0000
- To: public-nfc@w3.org
jyasskin has just created a new issue for https://github.com/w3c/nfc: == Charter: Impossible requirement about user expectations. == http://w3c.github.io/nfc/charter/index.html#scope says: > answering “yes” to a security question must not enable a page to overwrite a writable tag in a way the user did not expect. Nor can it mean that a website can initiate a P2P communication with an NFC device which can have effects that the user did not intend. If the user allows an untrustworthy page to write to a tag, the page can write whatever it wants. To try to achieve the requirement here, we could imagine the UA knowing the format of some tags, and echoing to the user what the page asked to write, but even then, the user might have drawn an image, and the page could have steganographically hidden some extra information that the user won't see in the confirmation dialog. And we probably don't want to require that UAs understand the format of every tag or peer we let pages interact with. I think it makes sense to charter the WG to explore permission systems that minimize the fraction of users who are surprised by pages being allowed to interact with NFC devices, but I don't think absolutes are achievable here. See https://github.com/w3c/nfc/issues/79
Received on Wednesday, 18 February 2015 21:47:33 UTC