Notifs .... a new messaging medium

From IIW

Session Topic: Nōtifs

Tuesday 1B

Convener: Jim Fenton

Notes-taker: David Waite

Tags for the session - technology discussed/ideas considered:

Pseudonymous secure opt-in notifications

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Point: Non-human-consumable items (like addresses) have a tendency to become targetted towards humans. See URLs, vanity license plates

Question on messages targetting multiple roles for people represented differently to individuals; if the notification is just content, eventually the different representations will be targetted toward different people

Question: for Notification agents, is there an opening toward cloud and ad-supported provider for notifications, vs running your own. Big players have advantages in email with things like spam control; notification agents should be on a more level playing field

Message format: may have additional tags, formatting, etc. for the body in the future

Suggestion: Consider/look at JOSE for cryptographic functions - presenter has not considered yet because of existing DKIM background.

There was an agreement that excluding values from signatures would optimize some cases of broadcasting a fixed message to a large # of people without requiring resigning per message

Observation from the view of one armed with the OAuth hammer: webfinger lookup for user notification service; oauth authorization for adding notification

Push to SMS as a feature for less capable user agents? Already envisioned using a service like Twilio

Clarification: Signature is verified by notification agent, not exposed to end user. There is a certain amount of trust by the user to their notification agent.

Additional point: On submission, a notification agent gives an identifier to the submitted notification, so that agents can expose a way update or best effort delete notifications

Users can delete notifications, although bit under-defined. System specifically ignores user actions for notifications (view, deleted)

Privacy protection: notifier does not know user, just uuid. Notification Agent has access to messages for a particular user, but you have the option to choose one/many agents or run one yourself.

Slides and related information: - Slides on Slideshare Blog post on Nōtifs