- From: Kis, Zoltan <zoltan.kis@intel.com>
- Date: Thu, 22 Jun 2017 09:27:54 +0300
- To: Anders Rundgren <anders.rundgren.net@gmail.com>
- Cc: "Web NFC (W3C)" <public-web-nfc@w3.org>
- Message-ID: <CANrNqUfXHztxOnn4W0o_+nJS_O=W7s93C-E5NFO0mO7RjO0Qqg@mail.gmail.com>
On Thu, Jun 22, 2017 at 7:40 AM, Anders Rundgren < anders.rundgren.net@gmail.com> wrote: > https://www.thetimes.co.uk/article/handy-way-to-pay-little- > bills-on-the-cards-h0ffmpkmv > > Web NFC will never be able to that. > > Yes, I would be concerned if you could do that with Web NFC :). In your view, what is the gain if a web page could do that? There are number of apps that allow users to make and receive payments, either involving card provisioning or linking to bank account. There is nothing new in that. So far all of them are apps, need store security and payment provisioning. We don't want to give access to that kind of payment provisioning to a web page. The question is, what is the gain and what it the price. IMO it's a very narrow use case for the web but creates a large attack surface. The Web NFC group rather focuses on more universal use cases that conform well to the web security model (I have a deja vu feeling when saying this). Of course it's only a subset of what native NFC apps could do. Anders > https://github.com/w3c/webauthn/issues/496 There are apps for that too, without even using NFC (e.g. Nordea Codes). It's much simpler to type in a PIN in an app on any phone with a SIM card than being required to use two devices with NFC support and NFC between them. Guess which solution is more universal? Zoltan
Received on Thursday, 22 June 2017 06:28:31 UTC