Bootstrap URL and WebBluetooth connection from tapping NFC tag

[zolkis]

Kenneth suggested: NFC supports handover to Bluetooth, plus loading URL from tag (similar to Physical Web). Having bluetooth.referringDevice already populated with the bluetooth connection would be great.

Examine what is needed to make this doable.

[cyberphone]

I don't understand this use-case which may be due to a lack of details. You mean that a URL published by a Web page through NFC should:

• Make the invoking device setup an internet connection (access point) over Bluetooth via the device where the Web page is shown
• Open the invoking device's browser with this URL using the Internet connection

?

It is a pity that you haven't rather considered creating NFC-activated, asynchronous, bi-directional, BLE-channels to invoking Web pages since this would target a huge amount of already established high-volume real-world applications which currently are stuck with various inconvenient and security-broken OOB and QR schemes, including over 500 million Chinese users of mobile payment systems.

Slight clarification: The above refers to native payment solutions ("Apps") which also include Google and Apple who have no (known) plans for migrating these to the Web (if even possible). For the mobile Web everybody out there are using schemes where the browser (in some way) talks to the native layer.

The giant Chinese payment vendors are firmly convinced that they will (fueled by 100 million Chinese international tourists), be able establishing QR as the future standard for local and Web payments also in the Western world. This roll-out has begun and is driven by large merchants.

QR is apparently getting mainstream even in Europe: https://www.ideal.nl/en/payee/getting-started/qr-code/

So the bigger question is if NFC support in PCs will become a standard feature. Current use-cases are IMO not compelling enough to motivate that.

[cyberphone]

A related application which the entire industry is betting on is FIDO. Although FIDO deals with NFC, they do not (AFAIK) target the "phone token" which is a de-facto standard.

A next step could cover a wide range of phone-app to pc-web interactions. Payments + FIDO would help ensuring NFC support in future PCs (which may turn out to be the #1 problem).

[cyberphone]

Highly related: http://www.mobilepay.dk/da-dk/pages/The-story-in-English.aspx

[cyberphone]

Is the Web NFC CG concluded? There were never any explanation what this issue was asking for. You should close issues that you consider invalid.

[kenchris]

No, when tapping a device with NFC, the browser can auto connect to that device over Web Bluetooth.

The work on Web NFC spec has been a bit on pause as we get the level 1 features into Chrome and get developer feedback. That has finally happened and we are now trying to become part of the Origin Trial.

[cyberphone]

@kenchris I'm still not clear what your proposal is with respect to the URL mentioned in the initial posting by @zolkis

Since the Hardware Based Security Services CG (initiated by Intel) didn't pan out, secure payments seem to continue relying on "Apps" which is why I'm suggesting a charter revision for a possible next phase. The Web Payment WG (technically lead by Google) have had no "philosophical" problems with supporting native Apps including Android Pay.

The suggestion in a nutshell is allow Web NFC+ creating a paired BLE connection between a tapping device and the NFC-hosting Web page, including offering some kind of invocation attributes so that only specific Apps are started. In this scenario it is rather the App and/or Mobile OS that is the gatekeeper which means that the Web page security context must be available as well.

http://www.europeanpaymentscouncil.eu/index.cfm/knowledge-bank/epc-documents/epc-white-paper-on-mobile-payments-version-50/epc492-09-v50-white-paper-mobile-payments-edition-2017/ "For other mobile proximity payments (i.e. non-NFC based), the lack of standardization in the usage of the various proximity technologies (e.g., QR codes, BLE, etc.) is resulting in a very fragmented approach throughout Europe, and even at domestic level"

Actually even NFC payments are quite limited because they are currently based on card operations which fits squarely in mobile phones which are much more advanced than cards (like having a UI).