SlideShare a Scribd company logo

Notifs update

Jim Fenton
Jim Fenton

Presentation on current state of the Notifs user-managed notifications project, given at Internet Identity Workshop XX on April 7, 2015.

Technology
1 of 23
Download to read offline
User-controlled notifications: Nōtifs Jim Fenton
 <notifs@bluepopcorn.net> 1 Spring 2015 Update
What is a Nōtif? • Nōtif : notification :: app : application • Tell a user that something they’re interested in is happening or has happened • Requested by the user • Typically short • Typically time-sensitive, perishable 2
What a Nōtif isn’t • Anything unsolicited • correspondence • spam • Addressed by a human • addresses are unsuitable for that • Two-way • Multihop 3
4
Notification examples • Emergency bulletins • Advertising / special offers • Event invitations • Approval requests • Tech support • Password resets
 
 
 
 • Fraud alerts (bank, etc.) • Alerts from “things” (IoT) • Newsletter availability • Social media alerts • Burglar/fire alarms 5
Nōtifs Manifesto • Users: • Should have control over what nōtifs they receive • Should be able to know that the nōtifs they receive are genuine • Should have control over if and how they are alerted when nōtifs arrive • Should not have to reveal information about themselves just to receive nōtifs • Notifiers: • Should not have to guess whether nōtifs are being delivered • Should not have to employ intermediaries to get nōtifs delivered • Should be able to amend or delete nōtifs to keep them relevant • Nōtifs: • Should expire and hide when no longer relevant 6
Nōtif characteristics • Opt-in • Typically short • Modifiable/deletable (best effort) • Acknowledged delivery • Domain-signed • Encrypted in transit (use TLS) • Priority tagged • Expires at specified date/time 7
Notifiers Agent User endpoints Notification Agent Phone CallSMS, App push Growl Management, Authorization Notifications Authorization Table Rules Bank Emergency Services RetailersSocial Media Approval Requests Calendar 8
Notifiers • Typically not operated by user • Opt-in by user through authorization ceremony • May or may not know much about the user
 
 
 
 
 
 • Examples: • Emergency services • E-Commerce sites • Social media • Enterprise services • Reminders 9
Nōtif Agents • Operate on behalf of user • Cloud-based • User-chosen, decentralized • Store notifications for retrieval by user • Manage authorizations for user • Alert user to specific notifications of particular interest or urgency 10
Nōtif Authorizations • A record of a relationship between a notifier and a user
 • Contains: • Notification address • Notifier’s domain • Description (provided/edited by user) • Max authorized priority • Tags • Flags (active, deleted, etc.) • Statistics (count, etc.) • Link to user (internal) 11
User endpoints • Push • Mobile device app (push notification) • SMS • Voice (telephone) • Desktop app • Email (!) • Pull • Web interface • Mobile app (via API) 12
Typical Nōtif {"header": {"to": “d28363d7-9d28-49f2-8d5b- b9c1cf989335@altmode.net:5342"}, "payload": “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogInNoaW55In0. eyJvcmlndGltZSI6ICIyMDE1LTA0LTA0VDE2OjE3OjAwLjI0MjE4MVoiLC AicHJpb3JpdHkiOiA0LCAiZXhwaXJlcyI6ICIyMDE1LTA0LTA0VDE2OjE3 OjAwLjI0MjE5M1oiLCAiYm9keSI6ICJJdCBpcyBub3cgMDk6MTcgYW5kIG FsbCBpcyB3ZWxsIiwgInN1YmplY3QiOiAiSXQgaXMgbm93IDA5OjE3In0. MVXxsqrqc6XQm2gkVgatmHC847JEBxg0eR4LSmsUsTpMAwWgZ7dKQ_Wk_Q K0It0aibj4qVdnJbs1MY6IwV7rqJMsSbzuZ7n_QDn_OKjI2L_rPq9IsW7z EUtwf2T1J1j9yfWX0zmXwqSxdqnFHNcv49S7eDPrEhlvIMLtixHDOjk"} Protected header Unprotected header Payload Signature Now in JWS format! 13
Protected Header • Public key from DNS TXT record ala DKIM • Algorithm must agree with that specified by key record {"alg": “RS256", "kid": "shiny"} Public key obtained from DNS: <kid>._domainkey.<notifier-domain> Signing and hashing algorithms 14
Nōtif Body • You can’t spoof what isn’t there: • From address/domain (comes from authorization) • To address (part of the envelope) {"origtime": “2015-04-04T16:17:00.242181Z", "priority": 4, "expires": “2015-04-05T16:17:00.242193Z", "body": "It is now 09:17 and all is well”, "subject": "It is now 09:17"} 15
Nōtif Summary 16
Nōtif Detail 17
Authorization Summary 18
Authorization 19
Methods 20
Alert Rules 21
Current status • Prototype Nōtif agent up and running • Linux/MongoDB/Go • Prototype user/authorization/nōtif management • Linux/MongoDB/Python/Django • Notifier SDK (Python) • Sample “clockwatcher” notifier running 22
To Be Done • Open-source the code (when I’m reasonably happy with it) • Write an API/Protocol Specification • Mobile app • Connectors: Generate notifs from legacy services 23

Recommended

TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...
TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...
TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...rmcsoft
 
ID & Data presented at SDForum TechWomen
ID & Data presented at SDForum TechWomenID & Data presented at SDForum TechWomen
ID & Data presented at SDForum TechWomenKaliya "Identity Woman" Young
 
Cloud Identity Summit
Cloud Identity SummitCloud Identity Summit
Cloud Identity Summitkantarainitiative
 
Where is Identity
Where is IdentityWhere is Identity
Where is IdentityKaliya "Identity Woman" Young
 
Digital ID World 2007 - Understanding Openid
Digital ID World 2007 - Understanding OpenidDigital ID World 2007 - Understanding Openid
Digital ID World 2007 - Understanding OpenidDavid Recordon
 
Identity 101: Boot Camp for Identity North 2016
Identity 101: Boot Camp for Identity North 2016Identity 101: Boot Camp for Identity North 2016
Identity 101: Boot Camp for Identity North 2016Kaliya "Identity Woman" Young
 
NEW INNOVATIONS IN CONSENT, PRIVACY, AND USER-MANAGED ACCESS
NEW INNOVATIONS IN CONSENT, PRIVACY, AND USER-MANAGED ACCESSNEW INNOVATIONS IN CONSENT, PRIVACY, AND USER-MANAGED ACCESS
NEW INNOVATIONS IN CONSENT, PRIVACY, AND USER-MANAGED ACCESSForgeRock
 
Modern IAM Trends and Themes by Eve Maler, Forrester
Modern IAM Trends and Themes by Eve Maler, ForresterModern IAM Trends and Themes by Eve Maler, Forrester
Modern IAM Trends and Themes by Eve Maler, ForresterForgeRock
 

Recommended

TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...
TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...
TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...rmcsoft
 
ID & Data presented at SDForum TechWomen
ID & Data presented at SDForum TechWomenID & Data presented at SDForum TechWomen
ID & Data presented at SDForum TechWomenKaliya "Identity Woman" Young
 
Cloud Identity Summit
Cloud Identity SummitCloud Identity Summit
Cloud Identity Summitkantarainitiative
 
Where is Identity
Where is IdentityWhere is Identity
Where is IdentityKaliya "Identity Woman" Young
 
Digital ID World 2007 - Understanding Openid
Digital ID World 2007 - Understanding OpenidDigital ID World 2007 - Understanding Openid
Digital ID World 2007 - Understanding OpenidDavid Recordon
 
Identity 101: Boot Camp for Identity North 2016
Identity 101: Boot Camp for Identity North 2016Identity 101: Boot Camp for Identity North 2016
Identity 101: Boot Camp for Identity North 2016Kaliya "Identity Woman" Young
 
NEW INNOVATIONS IN CONSENT, PRIVACY, AND USER-MANAGED ACCESS
NEW INNOVATIONS IN CONSENT, PRIVACY, AND USER-MANAGED ACCESSNEW INNOVATIONS IN CONSENT, PRIVACY, AND USER-MANAGED ACCESS
NEW INNOVATIONS IN CONSENT, PRIVACY, AND USER-MANAGED ACCESSForgeRock
 
Modern IAM Trends and Themes by Eve Maler, Forrester
Modern IAM Trends and Themes by Eve Maler, ForresterModern IAM Trends and Themes by Eve Maler, Forrester
Modern IAM Trends and Themes by Eve Maler, ForresterForgeRock
 
Notifs 2018
Notifs 2018Notifs 2018
Notifs 2018Jim Fenton
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud preventionYury Leonychev
 
IoT & Big Data - A privacy-oriented view of the future
IoT & Big Data - A privacy-oriented view of the futureIoT & Big Data - A privacy-oriented view of the future
IoT & Big Data - A privacy-oriented view of the futureFacundo Mauricio
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud preventionRakuten Group, Inc.
 
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleCybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleBrian Pichman
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024Brian Pichman
 
MobileMiner and NervousNet
MobileMiner and NervousNetMobileMiner and NervousNet
MobileMiner and NervousNetkingsBSD
 
Remediating Violated Customers
Remediating Violated CustomersRemediating Violated Customers
Remediating Violated CustomersBarry Greene
 
LVIMA DPD 2015 - Qualia
LVIMA DPD 2015 - QualiaLVIMA DPD 2015 - Qualia
LVIMA DPD 2015 - QualiaChris Evans
 
Social Networks - The Good and the Bad
Social Networks - The Good and the BadSocial Networks - The Good and the Bad
Social Networks - The Good and the BadXavier Mertens
 
Identity Theft
Identity TheftIdentity Theft
Identity TheftSimpletel
 
Securing and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupSecuring and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupBrian Pichman
 
OWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationOWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationuisgslide
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and ComplianceBankingdotcom
 
Push to Engage
Push to EngagePush to Engage
Push to EngageChristian Glover Wilson
 
Introduction to Cybersecurity - Secondary School_0.pptx
Introduction to Cybersecurity - Secondary School_0.pptxIntroduction to Cybersecurity - Secondary School_0.pptx
Introduction to Cybersecurity - Secondary School_0.pptxShubhamGupta833557
 
Le Web 2012 presentation - Dalton Caldwell
Le Web 2012 presentation - Dalton CaldwellLe Web 2012 presentation - Dalton Caldwell
Le Web 2012 presentation - Dalton Caldwelldaltoncaldwell
 
Protecting Your Business From Cybercrime
Protecting Your Business From CybercrimeProtecting Your Business From Cybercrime
Protecting Your Business From CybercrimeDavid J Rosenthal
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestJay McLaughlin
 
REQUIRETLS: Sender Control of TLS Requirements
REQUIRETLS: Sender Control of TLS RequirementsREQUIRETLS: Sender Control of TLS Requirements
REQUIRETLS: Sender Control of TLS RequirementsJim Fenton
 
User Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondUser Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondJim Fenton
 

More Related Content

Similar to Notifs update

Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud preventionYury Leonychev
 
IoT & Big Data - A privacy-oriented view of the future
IoT & Big Data - A privacy-oriented view of the futureIoT & Big Data - A privacy-oriented view of the future
IoT & Big Data - A privacy-oriented view of the futureFacundo Mauricio
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud preventionRakuten Group, Inc.
 
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleCybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleBrian Pichman
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024Brian Pichman
 
MobileMiner and NervousNet
MobileMiner and NervousNetMobileMiner and NervousNet
MobileMiner and NervousNetkingsBSD
 
Remediating Violated Customers
Remediating Violated CustomersRemediating Violated Customers
Remediating Violated CustomersBarry Greene
 
LVIMA DPD 2015 - Qualia
LVIMA DPD 2015 - QualiaLVIMA DPD 2015 - Qualia
LVIMA DPD 2015 - QualiaChris Evans
 
Social Networks - The Good and the Bad
Social Networks - The Good and the BadSocial Networks - The Good and the Bad
Social Networks - The Good and the BadXavier Mertens
 
Identity Theft
Identity TheftIdentity Theft
Identity TheftSimpletel
 
Securing and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupSecuring and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupBrian Pichman
 
OWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationOWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationuisgslide
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and ComplianceBankingdotcom
 
Introduction to Cybersecurity - Secondary School_0.pptx
Introduction to Cybersecurity - Secondary School_0.pptxIntroduction to Cybersecurity - Secondary School_0.pptx
Introduction to Cybersecurity - Secondary School_0.pptxShubhamGupta833557
 
Le Web 2012 presentation - Dalton Caldwell
Le Web 2012 presentation - Dalton CaldwellLe Web 2012 presentation - Dalton Caldwell
Le Web 2012 presentation - Dalton Caldwelldaltoncaldwell
 
Protecting Your Business From Cybercrime
Protecting Your Business From CybercrimeProtecting Your Business From Cybercrime
Protecting Your Business From CybercrimeDavid J Rosenthal
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestJay McLaughlin
 

Similar to Notifs update (20)

Notifs 2018
Notifs 2018Notifs 2018
Notifs 2018
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud prevention
 
IoT & Big Data - A privacy-oriented view of the future
IoT & Big Data - A privacy-oriented view of the futureIoT & Big Data - A privacy-oriented view of the future
IoT & Big Data - A privacy-oriented view of the future
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud prevention
 
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleCybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
 
MobileMiner and NervousNet
MobileMiner and NervousNetMobileMiner and NervousNet
MobileMiner and NervousNet
 
Remediating Violated Customers
Remediating Violated CustomersRemediating Violated Customers
Remediating Violated Customers
 
LVIMA DPD 2015 - Qualia
LVIMA DPD 2015 - QualiaLVIMA DPD 2015 - Qualia
LVIMA DPD 2015 - Qualia
 
Social Networks - The Good and the Bad
Social Networks - The Good and the BadSocial Networks - The Good and the Bad
Social Networks - The Good and the Bad
 
Identity Theft
Identity TheftIdentity Theft
Identity Theft
 
Securing and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupSecuring and Safeguarding Your Library Setup
Securing and Safeguarding Your Library Setup
 
OWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationOWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentation
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliance
 
Push to Engage
Push to EngagePush to Engage
Push to Engage
 
Introduction to Cybersecurity - Secondary School_0.pptx
Introduction to Cybersecurity - Secondary School_0.pptxIntroduction to Cybersecurity - Secondary School_0.pptx
Introduction to Cybersecurity - Secondary School_0.pptx
 
Le Web 2012 presentation - Dalton Caldwell
Le Web 2012 presentation - Dalton CaldwellLe Web 2012 presentation - Dalton Caldwell
Le Web 2012 presentation - Dalton Caldwell
 
Protecting Your Business From Cybercrime
Protecting Your Business From CybercrimeProtecting Your Business From Cybercrime
Protecting Your Business From Cybercrime
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, West
 

More from Jim Fenton

REQUIRETLS: Sender Control of TLS Requirements
REQUIRETLS: Sender Control of TLS RequirementsREQUIRETLS: Sender Control of TLS Requirements
REQUIRETLS: Sender Control of TLS RequirementsJim Fenton
 
User Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondUser Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondJim Fenton
 
User Authentication Overview
User Authentication OverviewUser Authentication Overview
User Authentication OverviewJim Fenton
 
Making User Authentication More Usable
Making User Authentication More UsableMaking User Authentication More Usable
Making User Authentication More UsableJim Fenton
 
Toward Better Password Requirements
Toward Better Password RequirementsToward Better Password Requirements
Toward Better Password RequirementsJim Fenton
 
Security Questions Considered Harmful
Security Questions Considered HarmfulSecurity Questions Considered Harmful
Security Questions Considered HarmfulJim Fenton
 
LOA Alternatives - A Modest Proposal
LOA Alternatives - A Modest ProposalLOA Alternatives - A Modest Proposal
LOA Alternatives - A Modest ProposalJim Fenton
 
IgnitePII2014 Nōtifs
IgnitePII2014 NōtifsIgnitePII2014 Nōtifs
IgnitePII2014 NōtifsJim Fenton
 
iBeacons: Security and Privacy?
iBeacons: Security and Privacy?iBeacons: Security and Privacy?
iBeacons: Security and Privacy?Jim Fenton
 
OneID Garage Door
OneID Garage DoorOneID Garage Door
OneID Garage DoorJim Fenton
 
Identity systems
Identity systemsIdentity systems
Identity systemsJim Fenton
 
Adapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTICAdapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTICJim Fenton
 

More from Jim Fenton (12)

REQUIRETLS: Sender Control of TLS Requirements
REQUIRETLS: Sender Control of TLS RequirementsREQUIRETLS: Sender Control of TLS Requirements
REQUIRETLS: Sender Control of TLS Requirements
 
User Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondUser Authentication: Passwords and Beyond
User Authentication: Passwords and Beyond
 
User Authentication Overview
User Authentication OverviewUser Authentication Overview
User Authentication Overview
 
Making User Authentication More Usable
Making User Authentication More UsableMaking User Authentication More Usable
Making User Authentication More Usable
 
Toward Better Password Requirements
Toward Better Password RequirementsToward Better Password Requirements
Toward Better Password Requirements
 
Security Questions Considered Harmful
Security Questions Considered HarmfulSecurity Questions Considered Harmful
Security Questions Considered Harmful
 
LOA Alternatives - A Modest Proposal
LOA Alternatives - A Modest ProposalLOA Alternatives - A Modest Proposal
LOA Alternatives - A Modest Proposal
 
IgnitePII2014 Nōtifs
IgnitePII2014 NōtifsIgnitePII2014 Nōtifs
IgnitePII2014 Nōtifs
 
iBeacons: Security and Privacy?
iBeacons: Security and Privacy?iBeacons: Security and Privacy?
iBeacons: Security and Privacy?
 
OneID Garage Door
OneID Garage DoorOneID Garage Door
OneID Garage Door
 
Identity systems
Identity systemsIdentity systems
Identity systems
 
Adapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTICAdapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTIC
 

Recently uploaded

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 

Recently uploaded (20)

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 

Notifs update

  • 2. What is a Nōtif? • Nōtif : notification :: app : application • Tell a user that something they’re interested in is happening or has happened • Requested by the user • Typically short • Typically time-sensitive, perishable 2
  • 3. What a Nōtif isn’t • Anything unsolicited • correspondence • spam • Addressed by a human • addresses are unsuitable for that • Two-way • Multihop 3
  • 4. 4
  • 5. Notification examples • Emergency bulletins • Advertising / special offers • Event invitations • Approval requests • Tech support • Password resets
 
 
 
 • Fraud alerts (bank, etc.) • Alerts from “things” (IoT) • Newsletter availability • Social media alerts • Burglar/fire alarms 5
  • 6. Nōtifs Manifesto • Users: • Should have control over what nōtifs they receive • Should be able to know that the nōtifs they receive are genuine • Should have control over if and how they are alerted when nōtifs arrive • Should not have to reveal information about themselves just to receive nōtifs • Notifiers: • Should not have to guess whether nōtifs are being delivered • Should not have to employ intermediaries to get nōtifs delivered • Should be able to amend or delete nōtifs to keep them relevant • Nōtifs: • Should expire and hide when no longer relevant 6
  • 7. Nōtif characteristics • Opt-in • Typically short • Modifiable/deletable (best effort) • Acknowledged delivery • Domain-signed • Encrypted in transit (use TLS) • Priority tagged • Expires at specified date/time 7
  • 8. Notifiers Agent User endpoints Notification Agent Phone CallSMS, App push Growl Management, Authorization Notifications Authorization Table Rules Bank Emergency Services RetailersSocial Media Approval Requests Calendar 8
  • 9. Notifiers • Typically not operated by user • Opt-in by user through authorization ceremony • May or may not know much about the user
 
 
 
 
 
 • Examples: • Emergency services • E-Commerce sites • Social media • Enterprise services • Reminders 9
  • 10. Nōtif Agents • Operate on behalf of user • Cloud-based • User-chosen, decentralized • Store notifications for retrieval by user • Manage authorizations for user • Alert user to specific notifications of particular interest or urgency 10
  • 11. Nōtif Authorizations • A record of a relationship between a notifier and a user
 • Contains: • Notification address • Notifier’s domain • Description (provided/edited by user) • Max authorized priority • Tags • Flags (active, deleted, etc.) • Statistics (count, etc.) • Link to user (internal) 11
  • 12. User endpoints • Push • Mobile device app (push notification) • SMS • Voice (telephone) • Desktop app • Email (!) • Pull • Web interface • Mobile app (via API) 12
  • 13. Typical Nōtif {"header": {"to": “d28363d7-9d28-49f2-8d5b- b9c1cf989335@altmode.net:5342"}, "payload": “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogInNoaW55In0. eyJvcmlndGltZSI6ICIyMDE1LTA0LTA0VDE2OjE3OjAwLjI0MjE4MVoiLC AicHJpb3JpdHkiOiA0LCAiZXhwaXJlcyI6ICIyMDE1LTA0LTA0VDE2OjE3 OjAwLjI0MjE5M1oiLCAiYm9keSI6ICJJdCBpcyBub3cgMDk6MTcgYW5kIG FsbCBpcyB3ZWxsIiwgInN1YmplY3QiOiAiSXQgaXMgbm93IDA5OjE3In0. MVXxsqrqc6XQm2gkVgatmHC847JEBxg0eR4LSmsUsTpMAwWgZ7dKQ_Wk_Q K0It0aibj4qVdnJbs1MY6IwV7rqJMsSbzuZ7n_QDn_OKjI2L_rPq9IsW7z EUtwf2T1J1j9yfWX0zmXwqSxdqnFHNcv49S7eDPrEhlvIMLtixHDOjk"} Protected header Unprotected header Payload Signature Now in JWS format! 13
  • 14. Protected Header • Public key from DNS TXT record ala DKIM • Algorithm must agree with that specified by key record {"alg": “RS256", "kid": "shiny"} Public key obtained from DNS: <kid>._domainkey.<notifier-domain> Signing and hashing algorithms 14
  • 15. Nōtif Body • You can’t spoof what isn’t there: • From address/domain (comes from authorization) • To address (part of the envelope) {"origtime": “2015-04-04T16:17:00.242181Z", "priority": 4, "expires": “2015-04-05T16:17:00.242193Z", "body": "It is now 09:17 and all is well”, "subject": "It is now 09:17"} 15
  • 22. Current status • Prototype Nōtif agent up and running • Linux/MongoDB/Go • Prototype user/authorization/nōtif management • Linux/MongoDB/Python/Django • Notifier SDK (Python) • Sample “clockwatcher” notifier running 22
  • 23. To Be Done • Open-source the code (when I’m reasonably happy with it) • Write an API/Protocol Specification • Mobile app • Connectors: Generate notifs from legacy services 23