user-controlled notifications: nōtifs

User-controlled notifications: Nōtifs

Jim Fenton<notifs@bluepopcorn.net>

Tuesday, October 28, 14

Tuesday, October 28, 14

What is a Nōtif?

• Tell a user that something they’re interested in is happening or has happened

• Requested by the user

• Typically short

• Typically time-sensitive, perishable

Tuesday, October 28, 14

What a Nōtif isn’t

• Anything unsolicited -- correspondence, spam

• Addressed by a human -- addresses are unsuitable for that

• Two-way

• Multihop

Tuesday, October 28, 14

Notification examples• Emergency bulletins

• Advertising / special offers

• Event invitations

• Approval requests

• Tech support

• Password resets

• Fraud alerts (bank, etc.)

• Alerts from “things” (IoT)

• Newsletter availability

• Social media alerts

Tuesday, October 28, 14

Nōtif characteristics• Opt-in

• Typically short

• Modifiable/deletable (best effort)

• Acknowledged delivery

• Domain-signed

• Encrypted in transit

• Urgency and category tagged

• Expires at specified date/time

Tuesday, October 28, 14

Notifiers

Agent

User endpoints

NotificationAgent

PhoneCallSMS,

App push

GrowlManagement,Authorization

NotificationsAuthorization TableRules

Bank EmergencyServices RetailersSocial Media Approval

RequestsCalendar

Tuesday, October 28, 14

Notifiers• Typically not operated

by user

• Opt-in by user through authorization ceremony

• May or may not know much about the user

• Examples:

• Emergency services

• E-Commerce sites

• Social media

• Enterprise services

• Reminders

Tuesday, October 28, 14

Notification Agents• Operate on behalf of

user

• Cloud-based

• User-chosen, decentralized

• Store notifications for retrieval by user

• Manage authorizations for user

• Push selected notifications to selected user endpoints

Tuesday, October 28, 14

User endpoints• Push

• Mobile device app (push notification)

• SMS

• Voice (telephone)

• Desktop app

• Email (!)

• Pull

• Web interface

• Mobile app (via API)

Tuesday, October 28, 14

Typical Nōtif{"origtime": "2014-10-26T22:06:13.462484Z", "to": "A2074808-969A-4772-90DB-312D020C6039@altmode.net:5342", "category": 2, "priority": 2, "expiration": "2014-11-25T22:06:13.462484Z" "subject": "Suspicious account activity", "body": "Your ATM card was just used at an ATM in Elbonia.", "selector": "shiny", "signature": "NBzZ7k/hiK1e5pIqVXDF82P2zICjl2qia9kV0L77uUXYXg0Lvyhk3Dj4oDqwlCsBUOKI3FTViDIwp2zdmgQVsKlptvMKHOGm0Oun/YZ/UoRzqB2smJd+7K8JFbNMWvRn/3qx+K96F5BFn3XLngpMKx7HuSqIYKmzwCtsUmnEMx8="}

Tuesday, October 28, 14

Authorization

Tuesday, October 28, 14

Outgoing Methods

Tuesday, October 28, 14

Outgoing RulesVery preliminary for now...

Tuesday, October 28, 14

Current status

• Prototype Notif agent up and running

• Linux/MongoDB/Go

• Implementing signature verification and SMS outgoing

• Prototype user/authorization/notif management

• Linux/MongoDB/Python/Django

• Notifier SDK (Python)

Tuesday, October 28, 14

To Be Done

• Authorization UX

• Open-source the code (when I’m reasonably happy with it)

• Write an API/Protocol Specification

• Mobile app

• Connectors: Generate notifs from legacy services

Tuesday, October 28, 14