- From: Zoltan Kis via GitHub <sysbot+gh@w3.org>
- Date: Thu, 20 Aug 2015 11:29:37 +0000
- To: public-web-nfc@w3.org
@sicking > Why don't we simply let tags contain a list which indicates "origins X, Y and Z can read/write this tag"? We should also allow the tag to indicate "any origin can read/write this tag". That is what I meant about a white list. In addition, when a tag is written, the origin of the writing page is also saved anyway. This, and (currently) the presence of the Web NFC record indicates that the tag is a web tag. If you meant that instead of pattern matching we should use a list of exact origins + an "all origins" wildcard, then I am taking the point, but would deserve some more explanation :). Now @alexshalamov has proposed this and I think it's a good idea. - We could implement "being a web tag" without a special Web NFC record, by using the NDEF id field to store the writing origin (contained in max 253 byes which fits the NDEF Id field). That would even allow mixing web content with multiple origins and legacy content in a single tag, and even work with the platforms which currently expose only one record per message (Windows and neard/Linux). - The writing page could indicate it permits access to all origins, and the UA could serialize that as ```<origin> + "/*"``` and still safely fit in the Id field. This means that if you want to say which exact origins to be able to read your data, you write a web NFC record, but if you want either the same-origin policy applied, or no policy (everyone can access), then the NDEF Id field would be enough. The consequences are the following: - Empty tags can be read and written (as before). - By default, writes are partitioned per origin. Every origin can write a tag, but that means only adding record(s) with its origin (plus the * flag eventually) recorded, without affecting other records on the tag. When writing, all the records with the given origin are replaced, but no records of other origins are affected. If that is not possible, the write fails. - When writing a tag with an explicit list of target origins, UA's need to write a Web NFC record which contains that list and the writing origin. Otherwise a Web NFC record is not mandatory (only to write the origin into the Id field). - When reading NFC content (message), and if there is a Web NFC record, that dictates the read policy for the whole message: origin and white list. - If there is no Web NFC record, then the same-origin policy is applied for all reads: you only get the records you created or which have any origin + the * flag. - This also means that legacy records are not exposed by default (since they fail the same-origin check). We can change that policy if you want: we could also say that a missing origin information from the Id field of the record means that everyone can read. And write (but not erase+write). Please provide input on this, both on the read and write policy. - We need to make difference between the partitioned writes (above) and complete erase+write operation on a tag. I argue that we could allow that with a new separate method, which would require user permission. It is rare case, but IMO we could enable it for convenience, at the expense of prompting in a corner case. -- GitHub Notif of comment by zolkis See https://github.com/w3c/web-nfc/issues/3#issuecomment-132981514
Received on Thursday, 20 August 2015 11:29:40 UTC