Name of API: WebNFC API
Brief purpose of API: Allow core (certified) apps to interact directly with NFC devices General Use Cases:
- Theft of sensitive data
- Device compromise (configuring NFC device)
- Potential for financial impact (payments via NFC)
Threat severity: Critical
Regular web content (unauthenticated)
Use cases for unauthenticated code: None
Authorization model for normal content: None
Authorization model for installed content: None
Potential mitigations: N/A
Trusted (authenticated by publisher)
Same as for installed unauthenticated app
Certified (vouched for by trusted 3rd party)
Use cases for certified code:
- Configure, enable/disable NFC devices.
- Interact with NFC devices.
- Manage NFC payments.
Authorization model for normal content: Implicit
Non-certified use cases are out of scope for 1.0. We will consider those for a subsequent release.