Re: Rationale? Re: General objection regarding Web NFC

Hi Anders,

On Wed, Apr 15, 2015 at 6:10 AM, Anders Rundgren <
anders.rundgren.net@gmail.com> wrote:

> On 2015-04-14 13:41, Anders Rundgren wrote:
>
>> When I read issues like https://github.com/w3c/web-nfc/issues/16
>> I get the impression that you expect connecting clients to use
>> Web-technology.
>>
>> IMO, this assumption will severely limit the value of Web NFC.
>> The only "standard" that's really lacking, is a way for untrusted
>> Web-pages to interact with connecting client devices.
>> http://ipt.intel.com/Home/How-it-works/network-security-
>> identity-management/ipt-with-near-field-communications
>>
>> How Web-based OSes expose NFC to the outer world should IMO be left to
>> another forum to cater for including
>> security considerations.
>>
>>  Just in order to get this discussion in a better shape, would it be
> possible
> getting a rationale for the fact that your work assumes that the connecting
> client device is based on Web technology?
>
>
We are using a web-specific NFC format because major browser makers wanted
to avoid threats described in
https://github.com/w3c/web-nfc/issues/2

But it is still NFC. Any native NFC app can read any web-NFC messages, and
can forge web-NFC messages. So being web-NFC is hardly any limitation for
native apps. The point is that untrusted web pages cannot write (destroy)
tags if their origin is not allowed to. That, and other policies make it
possible to access NFC from the web at all. Again, the use cases are
described in
http://w3c.github.io/web-nfc/use-cases.html
and you are right, the payment related use cases need some updating.

What you have been presenting is an interesting idea, but somewhat
disconnected from the current focus. Nevertheless, let's open at least an
issue about it in order to track it and get the opinion of major browser
makers. I can create the issue. If there is interest, we can draft a report
about this, and even better, as Wayne said, start a new CG about it - it is
big.

Best regards,
Zoltan

Received on Wednesday, 15 April 2015 07:06:11 UTC