Intent to Ship: Web NFC

François Beaufort 🇫🇷

unread,

Dec 16, 2020, 12:27:00 AM12/16/20

to blink-dev

Contact emails

fbea...@chromium.org, rei...@chromium.org, rijubrat...@intel.com, kenneth.r.c...@intel.com, zolta...@intel.com

Explainer

https://github.com/w3c/web-nfc/blob/gh-pages/EXPLAINER.md

Specification

https://w3c.github.io/web-nfc/

API spec

Yes.

Design docs

https://web.dev/nfc/

Summary

Web NFC provides sites the ability to read and write to NFC tags when they are in close proximity to the user's device (usually 5-10 cm, 2-4 inches).

The current scope is limited to NFC Data Exchange Format (NDEF), a standardized and lightweight binary message format that works across different tag formats, because the security properties of reading and writing NDEF data are more easily quantifiable. Low-level I/O operations (e.g. ISO-DEP, NFC-A/B, NFC-F) and Host-based Card Emulation (HCE) are not supported.

Web NFC is only available to top-level frames and secure browsing contexts (HTTPS only). Origins must first request the "nfc" permission while handling a user gesture (e.g a button click). To then perform a read or write, the web page must be visible when the user touches an NFC tag with their device. The browser uses haptic feedback to indicate a tap. Access to the NFC radio is blocked if the display is off or the device is locked. For backgrounded web pages, receiving and pushing NFC content are suspended.

The combination of a user-initiated permission prompt and real-world, physical movement of bringing the device over a target NFC tag mirrors the chooser pattern found in the other file and device-access APIs.

The functionality currently available behind a flag at chrome://flags/#experimental-web-platform-features represents a minimum-viable-product for this API.

Blink component

Blink>NFC

TAG review

https://github.com/w3ctag/design-reviews/issues/461

TAG review status

Closed.

The Security and Privacy section has been updated based on TAG review feedback.

Link to origin trial feedback summary

https://docs.google.com/document/d/1DqSyNrRkB_FVO1rATTWWwPN8_F4jQRper211ejyLdsA/edit?usp=sharing

Risks

Interoperability and Compatibility

Gecko: Negative (https://github.com/mozilla/standards-positions/issues/238)

WebKit: Negative (https://lists.webkit.org/pipermail/webkit-dev/2020-January/031007.html)

Web developers: Strongly positive over the years (https://github.com/w3c/web-nfc/issues/556)

Debuggability

Exposing DevTools debugging support for device-access APIs (Web NFC included) is discussed at https://bugs.chromium.org/p/chromium/issues/detail?id=1142566. For now, affordable NFC tags are required to debug Web NFC.

Measurement

WebNfcNdefReaderScan: https://www.chromestatus.com/metrics/feature/timeline/popularity/3094

WebNfcNdefWriterWrite: https://www.chromestatus.com/metrics/feature/timeline/popularity/3095

Is this feature fully tested by web-platform-tests?

Yes https://wpt.fyi/results/web-nfc

Tracking bug

https://crbug.com/520391

Launch bug

https://crbug.com/1035048

Sample links

https://googlechrome.github.io/samples/web-nfc/

https://web-nfc-demo.glitch.me/

https://kenchris.github.io/webnfc-groceries
https://kenchris.github.io/webnfc-rsp/

https://webnfc-media-memo.netlify.app/

Link to entry on the Chrome Platform Status

https://www.chromestatus.com/features/6261030015467520

Links to previous Intent discussions

Intent to prototype: https://groups.google.com/a/chromium.org/g/blink-dev/c/dIbUdDU9a6E/discussion
Intent to experiment: https://groups.google.com/a/chromium.org/g/blink-dev/c/8bsAd-PsdbA/discussion

casey mahaney

unread,

Dec 29, 2020, 11:39:12 AM12/29/20

to blink-dev, François Beaufort

Merry Christmas and a Happy New Year to one and a half I am presently working on the web and XD project chromium OS Taylor instrumentation and finalization of payment for girls Deftones around the website of your choice this country in record time QVC competitions Atwood drawings or drawing boy
.

casey mahaney

unread,

Dec 29, 2020, 11:40:16 AM12/29/20

to blink-dev, François Beaufort

Merry Christmas and happy new year to one and all I am presently working on the Dublin and it's the invitation project for from your mobile development or planning to various websites that are owed money 5 users have styled this should take only a short time Asriel many suggestions and sanitation in the world thank you all for your input and efforts and it I'm going

On Wednesday, December 16, 2020 at 12:27:00 AM UTC-5 François Beaufort wrote:

Yoav Weiss

unread,

Jan 7, 2021, 5:56:57 AM1/7/21

to François Beaufort 🇫🇷, blink-dev

LGTM1

This seems like an important capability addition to the platform.

The main concern around this is privacy/security and the leak of sensitive information from NFC-enabled devices to random websites.

Talking to Chrome's security and privacy folks, they seem happy with the mitigations we've put in place to protect against such an accidental leak (explicit and descriptive prompt + activation only for foregrounded pages when the screen is on + explicit user gesture). It also seems like the spec is making explicit UX recommendations, which is great to ensure other implementations that may follow will do the right thing here.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPpwU5%2BUzRjXLLsJSNmDGKj3sfN0qYpVn3MfU2AX1yqjxeRe%2BA%40mail.gmail.com.

Daniel Bratell

unread,

Jan 7, 2021, 3:39:46 PM1/7/21

to blink-dev, yo...@yoav.ws, blink-dev, François Beaufort

LGTM2

/Daniel

Chris Harrelson

unread,

Jan 7, 2021, 3:40:22 PM1/7/21

to Daniel Bratell, blink-dev, yo...@yoav.ws, François Beaufort

LGTM3

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/ec5d8db2-ce66-4650-a5ee-db21ce22a127n%40chromium.org.

Reply all

Reply to author

Forward