From MozillaWiki
Jump to: navigation, search

Name of API: WebNFC API

https://wiki.mozilla.org/WebAPI/WebNFC https://bugzilla.mozilla.org/show_bug.cgi?id=674741

Brief purpose of API: Allow core (certified) apps to interact directly with NFC devices General Use Cases:

Inherent threats:

  • Theft of sensitive data
  • Device compromise (configuring NFC device)
  • Potential for financial impact (payments via NFC)

Threat severity: Critical

Regular web content (unauthenticated)

Use cases for unauthenticated code: None

Authorization model for normal content: None

Authorization model for installed content: None

Potential mitigations: N/A

Trusted (authenticated by publisher)

Same as for installed unauthenticated app

Certified (vouched for by trusted 3rd party)

Use cases for certified code:

  • Configure, enable/disable NFC devices.
  • Interact with NFC devices.
  • Manage NFC payments.

Authorization model for normal content: Implicit


Non-certified use cases are out of scope for 1.0. We will consider those for a subsequent release.