Re: [web-nfc] Support ISODep from Zoltan Kis via GitHub on 2016-02-12 (public-web-nfc@w3.org from February 2016)

From: Zoltan Kis via GitHub <sysbot+gh@w3.org>
Date: Fri, 12 Feb 2016 15:05:10 +0000
To: public-web-nfc@w3.org
Message-ID: <issue_comment.created-183364849-1455289509-sysbot+gh@w3.org>

@Maxhy @Liryna 
The security & privacy points were critically important for browser 
makers. As I said, this is a browser API. It is tricky to grant any 
web page e.g. the payment ability (even if the user blindly clicks yes
 to a security dialog).

The document you have [linked](https://www.w3.org/wiki/Draft_APDU_API)
 refers to the W3C System Applications and NFC working groups. Both 
are dead now, since the lack of a suitable web security model that 
would be accepted by browser makers. That means it was not possible to
 evolve the specs through the formal standards track required by W3C.

 As I said, all of those APIs are fine in a web runtime, which seems 
to be your use case. I don't argue about the need of standardizing JS 
APIs for runtimes etc - actually that need is skyrocketing nowadays - 
, but at the moment this seems very difficult to do within the W3C. 
The only way to do it is to forget thinking in terms of JS runtime 
platforms, formulate the use cases in terms of web pages run in 
browsers, and try to convince at least 2 independent browser makers to
 implement the spec. You can then implement the resulting standardized
 API in a web runtime as well.

Apart from that, the API you are requesting is quite simple, it's 
included in the charter and I don't see many divergence possibilities:
 just use Promises and make it simpler than in that document. I wonder
 if it could be exposed as a separate root object, and requiring a 
different permission than 'nfc'. It could also go to a different group
 report (specification), in order to separate the concerns.

What NFC backend would you be interested to use for implementing the 
API you need?

We could support an SE API on Android/Chromium, and Linux/Chromium 
using neard, see the [neard 
SE](http://git.kernel.org/cgit/network/nfc/neard.git/tree/doc/secureelement-api.txt)
 and [SE 
manager](http://git.kernel.org/cgit/network/nfc/neard.git/tree/doc/se-manager-api.txt)
 API.
HCE is not supported yet by neard, and Android has limitations as 
well.

-- 
GitHub Notification of comment by zolkis
Please view or discuss this issue at 
https://github.com/w3c/web-nfc/issues/101#issuecomment-183364849 using
 your GitHub account

Received on Friday, 12 February 2016 15:05:18 UTC