- From: Zoltan Kis via GitHub <sysbot+gh@w3.org>
- Date: Fri, 13 Mar 2015 18:30:45 +0000
- To: public-web-nfc@w3.org
_From @jyasskin on February 18, 2015 22:6_ Re "it might be ok to simply ask the user if it's ok for this website to read NFC tags", I think it's ok to infer the user's intent to allow a page to read a tag, from the fact that the user touched the tag with their device while the page was "frontmost". Whether the tag is a Web tag doesn't really affect this. Even if the tag isn't a Web tag, it's still exposed to hostile users in its physical environment, so it can't broadcast secret information completely promiscuously, and that protects it against both hostile users, and hostile websites opened by benign users. I think the same is true for sites that `watch()` a kind of NFC device, leading to the UA opening a chooser. As long as the sites only try to read the non-Web device, things should be fine. Showing a "remember this choice" checkbox might depend on the device being WebNFC-enabled, or there might be another way to identify the device's class that works for non-Web devices. Separately, I think that the `id` NDEF record is probably too limited to identify WebNFC devices. We probably want the device to be able to express a set of origins that are allowed to access it, rather than just a single origin, and IIUC the `id` record can't hold enough data to do that in general. -- GitHub Notif of comment by zolkis See https://github.com/w3c/web-nfc/issues/2#issuecomment-79224959
Received on Friday, 13 March 2015 18:31:05 UTC