From MgmtWiki
Jump to: navigation, search

Full Title or Meme

Several best practices and laws require that users are informed of a change of state, or a periodic confirmation of state, then user Notification is required.


Whenever a Web Site encounters a condition that policy or legislation requires that the User be informed, or when action by the is required, the site needs to put some message in front of the user.


In Notification the concepts of Security, Privacy and User Experience all collide and make any solution a compromise among competing mandates.


This example is an email from a Health-Care provider that has a variety of problems which are enumerated below. The first four problems are security issues, others are user experience issues:

  1. The sender of the Notification is not clearly shown. Specifically there is no legal entity identified that is responsible for the email.
  2. There is not the slightest attempt made to prove the trustworthiness of the Notification.
  3. There is a link to a web site which creates two security issues:
    1. The site may infect the user with malware and no legal entity is identified that would be responsible.
    2. The user is encouraged to click on a link that is not known to be trustworthy which re-enforces a bad security practice by the user.
  4. The first and last sentence are contradictory, but apply to an action that the user should be able to perform.
  5. The importance of the message is not indicated, nor is there any indication if user action is required.
  6. The provider is not identified, probably for privacy reasons, but if the user has more than one family member using more than one provider, the messages is completely unhelpful in any disambiguation. (Theoretically the message ID should do that, but the creator of that ID is not knowable from the rest of the message.)