- From: Jonas Sicking via GitHub <sysbot+gh@w3.org>
- Date: Thu, 20 Aug 2015 07:42:41 +0000
- To: public-web-nfc@w3.org
> IMO the spec itself should be concerned with stating the need for obtaining permissions rather than specifying prompting policies which may be platform dependent. I don't think asking the user to make decisions about what's safe and what's not safe is useful. What information will the user use to base that decision on? I.e. how will the user know if allowing access to a given tag is safe or not? I guess that's the short version of my longer response above. If we think that permission of some form needs to be granted by anyone, then I think it needs to be the tag that grants the permission. Not the user. > On the other hand, the spec actually states that the browser security mechanisms are used, i.e. NFC content is handled the same way as any other content (vs cross-origin access). For cross-origin access of network content we require that the website explicitly say that it either can be read by a given website, or that it can be read by all websites. I.e. for website X to be able to read from website Y, website Y must either explicitly white-list X, or say that any website can read the contents. -- GitHub Notif of comment by sicking See https://github.com/w3c/web-nfc/issues/3#issuecomment-132921435
Received on Thursday, 20 August 2015 07:42:43 UTC