- From: Jeffrey Yasskin via GitHub <sysbot+gh@w3.org>
- Date: Wed, 18 Feb 2015 22:06:49 +0000
- To: public-nfc@w3.org
Re "it might be ok to simply ask the user if it's ok for this website to read NFC tags", I think it's ok to infer the user's intent to allow a page to read a tag, from the fact that the user touched the tag with their device while the page was "frontmost". Whether the tag is a Web tag doesn't really affect this. Even if the tag isn't a Web tag, it's still exposed to hostile users in its physical environment, so it can't broadcast secret information completely promiscuously, and that protects it against both hostile users, and hostile websites opened by benign users. I think the same is true for sites that `watch()` a kind of NFC device, leading to the UA opening a chooser. As long as the sites only try to read the non-Web device, things should be fine. Showing a "remember this choice" checkbox might depend on the device being WebNFC-enabled, or there might be another way to identify the device's class that works for non-Web devices. Separately, I think that the `id` NDEF record is probably too limited to identify WebNFC devices. We probably want the device to be able to express a set of origins that are allowed to access it, rather than just a single origin, and IIUC the `id` record can't hold enough data to do that in general. -- GitHub Notif of comment by jyasskin See https://github.com/w3c/nfc/issues/76#issuecomment-74958479
Received on Wednesday, 18 February 2015 22:07:01 UTC