- From: Jeffrey Yasskin <jyasskin@google.com>
- Date: Mon, 7 Sep 2015 14:03:53 -0700
- To: "Kis, Zoltan" <zoltan.kis@intel.com>
- Cc: "Web NFC (W3C)" <public-web-nfc@w3.org>, "Kostiainen, Anssi" <anssi.kostiainen@intel.com>
For this series of messages, I don't care what scheme you intend use. I'm just trying to help you specify whatever's in your head, clearly. If I suggest a different wording for something, and that new wording doesn't match your intent, it's because the original wording was so bad it conveyed the wrong intent to me, so you still need to fix it, even if it's to something different from what I suggested. On Mon, Sep 7, 2015 at 2:00 PM, Kis, Zoltan <zoltan.kis@intel.com> wrote: > A short write-up about the story of NDEF ID vs Web NFC Id vs Web NFC record. > > We tried for long time to use the NDEF ID for storing origins. If we only > deal with that, we would not need a Web NFC record. This would be great for > interoperability. > > There are 3 issues with that: > - Jonas wanted that Web NFC messages are distinct enough, so not that much > interoperability is desired eventually. > - The NDEF ID is 255 bytes long, which can store an ASCII serialized origin, > but cannot store paths. A few people considered paths important for watches > and filtering. If we ever wanted to have that, the format needed to be > generic enough to contain it, so we needed Web NFC records. The Web NFC Id > is the origin + path. > - Jonas wanted allowed-origin policies. For that we'd need Web NFC records > anyway. > > In the meantime we figured out that on every platform to be supported, we > can have support for writing multiple NDEF records per message, so having a > Web NFC record did not have any obstacles. > > That's how we ended up using them, in a bit simpler form than in the first > proposal, since in the meantime we realized that NFC content cannot be > trusted at all for integrity, so we can't base any origin based policies on > the content of the NDEF messages. Even if we defer the problem to an app > store, still the terminology would not be correct from security point of > view. That is why we need some other word instead of "origin" of a message. > > Best regards, > Zoltan >
Received on Monday, 7 September 2015 21:04:40 UTC