canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
Privacy/Reviews/Push API: Difference between revisions
→Document Overview
Ptheriault (talk | contribs) |
|||
| (10 intermediate revisions by 3 users not shown) | |||
| Line 12: | Line 12: | ||
|'''Security Contact:''' || Paul Theriault | |'''Security Contact:''' || Paul Theriault | ||
|- | |- | ||
|'''Document State:''' || <section begin='status'/>{{ | |'''Document State:''' || <section begin='status'/>{{done|dropped}} protocol to be changed<section end='status'/> | ||
|} | |} | ||
| Line 23: | Line 23: | ||
|'''Recommendation Meeting:''' || (date TBD) | |'''Recommendation Meeting:''' || (date TBD) | ||
|- | |- | ||
|'''Review Complete ETA:''' || <section begin='revieweta' /> | |'''Review Complete ETA:''' || <section begin='revieweta' />dropped<section end='revieweta' /> | ||
|} | |} | ||
| Line 225: | Line 225: | ||
=== Application Server === | === Application Server === | ||
The application server is the website that wants to publish push notifications to a client. To use the Push API the application server will need to store WAToken, URL and a Public & Private Key Pair. | The application server is the website that wants to publish push notifications to a client. To use the Push API the application server will need to store WAToken, URL and a Public & Private Key Pair. All storage and communication is under the control of the developer. | ||
= User Data Risk Minimization = | = User Data Risk Minimization = | ||
| Line 238: | Line 238: | ||
====Principle: Transparency / No Surprises==== | ====Principle: Transparency / No Surprises==== | ||
Will the user be prompted if an application requests Push Notifications? | |||
Can the user delete existing WATokens? | |||
How long are WATokens stored? | |||
''Recommendations'': (what can be improved) | ''Recommendations'': (what can be improved) | ||
* Prompt the user when an application (first?) registers for push applications. | |||
* Clear WATokens when a user "clears application data" or deletes the application | |||
====Principle: Real Choice==== | ====Principle: Real Choice==== | ||
''Recommendations'': | |||
* A user should be able to opt-out of push notifications (either on a per-app or global basis) | |||
====Principle: Sensible Defaults==== | ====Principle: Sensible Defaults==== | ||
''Recommendations'': | ''Recommendations'': | ||
* We should encrypt notifications so that the network and notification server can't intercept them. | |||
====Principle: Limited Data==== | ====Principle: Limited Data==== | ||