Re: [whatwg] Web Bluetooth API
http://webbluetoothcg.github.io/web-bluetooth/use-cases.html#security_privacy lists some of the risks we want to avoid in implementations. The basic model is that the website tells the UA what kinds of devices it can productively connect to, and then the UA presents the user a dialog from which to pick the particular device(s) to pair with the website. Sites can never ask for global bluetooth access, and for initial versions of the API, at least, we won't let them ask for an entire class of devices at once. (It's possible a specially designed class of devices could get around this by pretending to all be a single device.) There's a risk of websites attacking devices through this API. This is currently mitigated by avoiding access to streaming protocols that require the device to include a parser, and allowing access to the GATT format, which defines key/value pairs. It's still likely that some devices will be vulnerable to GATT messages, and we'll need to keep consulting with various security teams to see whether that risk is acceptable. The third risk, of tracking the user through unique Bluetooth IDs, is described in the current spec. Is that the sort of answer you were looking for? Thanks, Jeffrey On Sat, Aug 23, 2014 at 12:46 AM, Jonas Sicking jo...@sicking.cc wrote: The main question that I have is what is the security model? The security section of the spec is very light. / Jonas On Aug 22, 2014 6:34 PM, Jeffrey Yasskin jyass...@chromium.org wrote: We have a draft API for Bluetooth device access at https://webbluetoothcg.github.io/web-bluetooth/, for which I'm planning to send a Blink Intent to Implement email soon. The spec isn't really up to web standard quality yet: we're planning to refine it as we get feedback from implementation and experimental use. However, we'd still appreciate any feedback this group has on the current draft. Feedback as issues at https://github.com/WebBluetoothCG/web-bluetooth/issues will be easiest to incorporate. Feedback as replies to this email is still welcome. Participation at http://lists.w3.org/Archives/Public/public-web-bluetooth/ is even more welcome. :) Thanks, Jeffrey Yasskin P.S. I'll ping Monday so this doesn't get lost over the weekend, but want to give anyone a chance to comment early if you want.
Re: [whatwg] Web Bluetooth API
The main question that I have is what is the security model? The security section of the spec is very light. / Jonas On Aug 22, 2014 6:34 PM, Jeffrey Yasskin jyass...@chromium.org wrote: We have a draft API for Bluetooth device access at https://webbluetoothcg.github.io/web-bluetooth/, for which I'm planning to send a Blink Intent to Implement email soon. The spec isn't really up to web standard quality yet: we're planning to refine it as we get feedback from implementation and experimental use. However, we'd still appreciate any feedback this group has on the current draft. Feedback as issues at https://github.com/WebBluetoothCG/web-bluetooth/issues will be easiest to incorporate. Feedback as replies to this email is still welcome. Participation at http://lists.w3.org/Archives/Public/public-web-bluetooth/ is even more welcome. :) Thanks, Jeffrey Yasskin P.S. I'll ping Monday so this doesn't get lost over the weekend, but want to give anyone a chance to comment early if you want.
[whatwg] Web Bluetooth API
We have a draft API for Bluetooth device access at https://webbluetoothcg.github.io/web-bluetooth/, for which I'm planning to send a Blink Intent to Implement email soon. The spec isn't really up to web standard quality yet: we're planning to refine it as we get feedback from implementation and experimental use. However, we'd still appreciate any feedback this group has on the current draft. Feedback as issues at https://github.com/WebBluetoothCG/web-bluetooth/issues will be easiest to incorporate. Feedback as replies to this email is still welcome. Participation at http://lists.w3.org/Archives/Public/public-web-bluetooth/ is even more welcome. :) Thanks, Jeffrey Yasskin P.S. I'll ping Monday so this doesn't get lost over the weekend, but want to give anyone a chance to comment early if you want.
Re: [whatwg] Web Bluetooth API
It's fairly similar to the BluetoothGatt API that was posted to https://wiki.mozilla.org/B2G/Bluetooth/WebBluetooth-v2 yesterday. The FFOS API provides more control over discovery and pairing, as is appropriate for an API aimed at certified applications. We have been actively communicating with the Mozilla team, especially Shawn Huang and Marcos Caceres. On Fri, Aug 22, 2014 at 6:38 PM, Andreas Gal andr...@mozilla.com wrote: Is this similar to the API we are implementing in FFOS/Gecko? Thanks, Andreas On Aug 22, 2014, at 7:33 PM, Jeffrey Yasskin jyass...@chromium.org wrote: We have a draft API for Bluetooth device access at https://webbluetoothcg.github.io/web-bluetooth/, for which I'm planning to send a Blink Intent to Implement email soon. The spec isn't really up to web standard quality yet: we're planning to refine it as we get feedback from implementation and experimental use. However, we'd still appreciate any feedback this group has on the current draft. Feedback as issues at https://github.com/WebBluetoothCG/web-bluetooth/issues will be easiest to incorporate. Feedback as replies to this email is still welcome. Participation at http://lists.w3.org/Archives/Public/public-web-bluetooth/ is even more welcome. :) Thanks, Jeffrey Yasskin P.S. I'll ping Monday so this doesn't get lost over the weekend, but want to give anyone a chance to comment early if you want.
