When at a friend's or customer's site, the client connects directly
to the user's own server over the internet -- no local server involved,
no federation needed. The thin client is just a screen + network.
- ADR-014: Add scenarios 4b/4c (friend's house, BYOD on-site),
server selection UI, three-category taxonomy (direct remote,
federation, sandboxing)
- ADR-013: BLE beacon payload now includes server address so the
phone tells any terminal where to find the user's desktop
Add wireless charging pad mode -- phone on Qi pad acts as smart card
in a reader slot. NFC provides crisp insert/remove semantics without
RSSI ambiguity. Combined NFC+BLE mode for heartbeat during brief
NFC interrupts. Configurable per-deployment: centimeter range (pad)
vs meter range (pocket) vs combined.
Phone acts as wireless smart card -- walk up to terminal, session
appears; walk away, session suspends. No insertion, works from pocket.
- BLE beacon with encrypted rotating session token
- RSSI-based proximity detection with configurable thresholds
- Anti-flapping timers: T_attach (2s) and T_detach (10s)
- Security: HMAC timestamps, token rotation, optional NFC tap
- Companion app (Android/iOS): one-time OIDC setup, background BLE
- Implements same TokenProvider trait as smart cards (ADR-004)
- NFC as explicit complement, WiFi/mDNS as software fallback
