- From: Jonas Sicking via GitHub <sysbot+gh@w3.org>
- Date: Thu, 20 Aug 2015 22:22:42 +0000
- To: public-web-nfc@w3.org
If you feel that using the ID field is safe enough then I'll defer to you. I don't feel like I know the details about how people use NFC well enough to have a strong opinion. > 1. If the format is a "white list", should it be an explicit long list of distinct origins which are allowed to access the data, or could it be a list of URL patterns matching origins? I think either is fine. The two cases that I think are critical is to indicate a single website, or to indicate "*", i.e. that all websites are granted access. Another thing to keep in mind is that it is important to be able to say that "https://somewebsite.com" can access the tag, but that "http://somewebsite.com" can't. I.e. it's important to be able to require a secure connection. I think it would be nice to be able to say that https://*.foo.com should have access, but I don't feel strongly either way here. > 2 Do you think we need to make a difference between read and write access for the actions (meaning no prompts - otherwise the operations may complete with prompts). I don't know of any usecases where separating read and write access is important. > 3 In the actions, do we need to record a preference for allowing showing prompts or not? What is the default? Given the requirements I mentioned above, I don't see how we can allow browsers to prompt anywhere, under any circumstances. But I'm happy to look at a detailed proposal which includes prompting if you can do that while meeting the requirements mentioned above. Most specifically, I'm curious as to how you are proposing that the prompt would contain enough information that the user can make an informed decision. -- GitHub Notif of comment by sicking See https://github.com/w3c/web-nfc/issues/3#issuecomment-133197922
Received on Thursday, 20 August 2015 22:22:44 UTC