Difference between revisions of "Notification"

From MgmtWiki
Jump to: navigation, search
(Created page with "==Full Title or Meme== Several best practices and ==Context== The collection of User Private Information by a Data Controller now necessitates the ability Authenti...")
 
(Context)
 
(19 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
==Full Title or Meme==
 
==Full Title or Meme==
Several best practices and  
+
Several best practices and laws require that users are informed of a change of state, or a periodic confirmation of state, then user [[Notification]] is required.
  
 
==Context==
 
==Context==
The collection of [[User Private Information]] by a [[Data Controller]] now necessitates the ability [[Authentication|Authenticate]] the [[User]] under a wide range of challenges, like:
+
* Whenever a [[Web Site]] encounters a condition that policy or legislation requires that the [[User]] be informed, or when action by the is required, the site needs to put some message in front of the user.
# Simplest of all the [[User]] needs to [[Authentication|Authenticate]] from time to time and on a variety of devices under less than ideal conditions where passwords are mistyped and [[Multi-factor Authentication|Alternate Authentication factors]] are lost or fail.
+
* [[Notification]] is an act of synchronization to bring two or more asynchronous parallel processes back into synchronization.<ref>Vint Cert, ''On Notifications'' '''CACM''' 2025-05 https://cacm.acm.org/opinion/on-notifications/</ref><blockquote>Like many of you, I receive a variety of notifications by various means. Postal letters, email reminders, pop-ups on my laptop, audio signals on my mobile, highlighted chat application entries, text messages, phone calls, taps on the shoulder—the list is long! Thinking a bit more about this, one of the purposes of notification is to resynchronize otherwise asynchronous processes. You tell Google Assistant to set a timer for 15 minutes and go off to do something else. After 15 minutes, you get an audible reminder that the 15 minutes are up, and you should turn off the spaghetti before it turns to mush.</blockquote>
# More severe [[Recovery]] problems occur when the [[User]] has lost control of their account and needs it to be reset. The level of [[Authentication]] for these situation can be severely taxing to a user desperate for access to their accounts.
 
# When an [[Multi-factor Authentication|Authentication factor]] like an alternate email or phone number is compromised, insecure [[Recovery]] methods themselves become a means of attack, especially since factors like phone number were never intended to be secure.<ref>Lily Hay Newman,  
 
''PHONE NUMBERS WERE NEVER MEANT AS ID. NOW WE’RE ALL AT RISK'' (2018-08-25) Wired Magazine https://www.wired.com/story/phone-numbers-indentification-authentication</ref>
 
  
 
==Problems==
 
==Problems==
In [[]] the concepts of [[Security]], [[Privacy]] and [[User Experience]] all collide and make any solution a compromise among competing tendencies.
+
* People on the web soon learn that there are more notifications than are necessary or desired.
 +
* In [[Notification]] the concepts of [[Security]], [[Privacy]] and [[User Experience]] all collide and make any solution a compromise among competing mandates.
 
===Anti-Pattern===
 
===Anti-Pattern===
 +
This example is an email from a Health-Care provider that has a variety of problems which are enumerated below.
 +
The first four problems are security issues, others are user experience issues:
 +
#The sender of the [[Notification]] is not clearly shown. Specifically there is no legal entity identified that is responsible for the email.
 +
#There is not the slightest attempt made to prove the trustworthiness of the [[Notification]].
 +
#There is a link to a web site which creates two security issues:
 +
##The site may infect the user with malware and no legal entity is identified that would be responsible.
 +
##The user is encouraged to click on a link that is not known to be trustworthy which re-enforces a bad security practice by the user.
 +
#The first and last sentence are contradictory, but apply to an action that the user should be able to perform; that is to contact the sender if the message is sent in error!
 +
#The importance of the message is not indicated, nor is there any indication if user action is required.
 +
#The provider is not identified, probably for privacy reasons, but if the user has more than one family member using more than one provider, the messages is completely unhelpful in any disambiguation. (Theoretically the message ID should do that, but the creator of that ID is not knowable from the rest of the message.)
 +
 +
[[File:TerribleEmailNotification.png]]
 +
 
==Solutions==
 
==Solutions==
 +
===Notification ID===
 +
The idea of a [[Notice-centric ID]] is that some situations require notification that began with posting in the town square to sirens that literally called out to people.
 +
===FIDO===
 +
* 2025-07-30 Heads up that FIDO is talking about notification endpoints/lifecycle management for DPCs (payment credentials)
 +
* See the wiki on [[FIDO 2.0]] for details on that family of standards.
 +
 +
How soon do we need it?
 +
 +
1.1 is fine, but something that exists in priority
 +
 +
Suggestion post-IIW to talk about server-to-server in a dedicated call.
 +
 +
Suggestion using sec-events, no one has tried implementing this yet so needs more robustness.
 +
 +
This is 3 months, can we talk about it earlier?
 +
 +
Ideally yes
 +
 +
Some support to having a dedicated
 +
 +
Suggestion to work out some time in august.
 +
 +
Lifecycle management vs server to server?
 +
 +
Both?
 +
 +
Starting point is to establish a common reference model and objective for what ‘server to server’ means.
 +
 +
AI for Gareth to put together a first draft for the Open ID Foundation
 +
 +
===Open Notice Network===
 +
*The project is OPN, for Open Notice (OPN) Network, its all about digital transparency. Mark L is working on a notice receipt specification to back this up
 +
** A notice of state  is a part of like the  initial services we would be showing you called Privacy Broadcasting, which uses a profile to broadcast a status.
 +
** [https://github.com/Open-Notice Open Notice  Github repository] [https://github.com/peacekeeper Markus Sabadello] of did and dif is one of the contributors
 +
** [https://drive.google.com/file/d/1p7oadr89gFloaUKEheXfGFH9zNIPQ67Z/view OPN: Open Notice Receipt Schema] paper from Mark Lizar and H J Pandit
  
 
==References==
 
==References==
Line 20: Line 66:
 
[[Category:Security]]
 
[[Category:Security]]
 
[[Category:Privacy]]
 
[[Category:Privacy]]
 +
[[Category:Trust]]
 
[[Category:User Experience]]
 
[[Category:User Experience]]
 
[[Category:Best Practice]]
 
[[Category:Best Practice]]

Latest revision as of 13:37, 5 August 2025

Full Title or Meme

Several best practices and laws require that users are informed of a change of state, or a periodic confirmation of state, then user Notification is required.

Context

  • Whenever a Web Site encounters a condition that policy or legislation requires that the User be informed, or when action by the is required, the site needs to put some message in front of the user.
  • Notification is an act of synchronization to bring two or more asynchronous parallel processes back into synchronization.[1]
    Like many of you, I receive a variety of notifications by various means. Postal letters, email reminders, pop-ups on my laptop, audio signals on my mobile, highlighted chat application entries, text messages, phone calls, taps on the shoulder—the list is long! Thinking a bit more about this, one of the purposes of notification is to resynchronize otherwise asynchronous processes. You tell Google Assistant to set a timer for 15 minutes and go off to do something else. After 15 minutes, you get an audible reminder that the 15 minutes are up, and you should turn off the spaghetti before it turns to mush.

Problems

  • People on the web soon learn that there are more notifications than are necessary or desired.
  • In Notification the concepts of Security, Privacy and User Experience all collide and make any solution a compromise among competing mandates.

Anti-Pattern

This example is an email from a Health-Care provider that has a variety of problems which are enumerated below. The first four problems are security issues, others are user experience issues:

  1. The sender of the Notification is not clearly shown. Specifically there is no legal entity identified that is responsible for the email.
  2. There is not the slightest attempt made to prove the trustworthiness of the Notification.
  3. There is a link to a web site which creates two security issues:
    1. The site may infect the user with malware and no legal entity is identified that would be responsible.
    2. The user is encouraged to click on a link that is not known to be trustworthy which re-enforces a bad security practice by the user.
  4. The first and last sentence are contradictory, but apply to an action that the user should be able to perform; that is to contact the sender if the message is sent in error!
  5. The importance of the message is not indicated, nor is there any indication if user action is required.
  6. The provider is not identified, probably for privacy reasons, but if the user has more than one family member using more than one provider, the messages is completely unhelpful in any disambiguation. (Theoretically the message ID should do that, but the creator of that ID is not knowable from the rest of the message.)

TerribleEmailNotification.png

Solutions

Notification ID

The idea of a Notice-centric ID is that some situations require notification that began with posting in the town square to sirens that literally called out to people.

FIDO

  • 2025-07-30 Heads up that FIDO is talking about notification endpoints/lifecycle management for DPCs (payment credentials)
  • See the wiki on FIDO 2.0 for details on that family of standards.

How soon do we need it?

1.1 is fine, but something that exists in priority

Suggestion post-IIW to talk about server-to-server in a dedicated call.

Suggestion using sec-events, no one has tried implementing this yet so needs more robustness.

This is 3 months, can we talk about it earlier?

Ideally yes

Some support to having a dedicated

Suggestion to work out some time in august.

Lifecycle management vs server to server?

Both?

Starting point is to establish a common reference model and objective for what ‘server to server’ means.

AI for Gareth to put together a first draft for the Open ID Foundation

Open Notice Network

  • The project is OPN, for Open Notice (OPN) Network, its all about digital transparency. Mark L is working on a notice receipt specification to back this up

References

  1. Vint Cert, On Notifications CACM 2025-05 https://cacm.acm.org/opinion/on-notifications/
Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=Notification&oldid=24767"