- From: Anders Rundgren via GitHub <sysbot+gh@w3.org>
- Date: Mon, 16 Apr 2018 05:19:54 +0000
- To: public-web-nfc@w3.org
> The basic idea is as long as the current webpage is open and in the foreground the browser can leverage the HCE implementation of the webpage This scheme has effectively already been solved through QR codes. It is used by airlines all over the world. You can surely do a sleeker and more efficient system using NFC, but WebNFC doesn't seem like the right tool for such work. A remaining problem with HCE, is that (for example) executing EMV inside of a browser introduces security issues since EMV was designed to be carried out in certified terminals. Note: there ARE things to be done here but it requires new protocols that are _designed for the Web_. The recently announced W3C WebAuthentication system is an example of that. The traditional smart card never made it on the Web which caused Google and some other entities to design a system which is compliant with the "Web Security Model". I believe this system (which also supports NFC), actually could be used "as is" for your application. That is, a ticket would be a cryptographic key for exclusive consumption by s specific domain. Yes, WebAuthentication may even have solved the disposable hotel door key problem and that using no additional software or hardware on the client side! It would work off-line as well. -- GitHub Notification of comment by cyberphone Please view or discuss this issue at https://github.com/w3c/web-nfc/issues/142#issuecomment-381482594 using your GitHub account
Received on Monday, 16 April 2018 05:20:05 UTC