summaryrefslogtreecommitdiff
path: root/design-documents/006-anastasis-ux.rst
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2021-07-18 07:37:58 +0200
committerChristian Grothoff <christian@grothoff.org>2021-07-18 07:37:58 +0200
commit996ce432b49ba3c75b21d14b8d2980c99684d1c2 (patch)
treef14d39329a338298fe51eec87411049fbb23fe2b /design-documents/006-anastasis-ux.rst
parentf4b5e48d5667e9eb4126aa8e060db0f041ef2318 (diff)
downloaddocs-996ce432b49ba3c75b21d14b8d2980c99684d1c2.tar.gz
docs-996ce432b49ba3c75b21d14b8d2980c99684d1c2.tar.bz2
docs-996ce432b49ba3c75b21d14b8d2980c99684d1c2.zip
moving Anastasis docu to Anastasis, fixing inconsistent licensing statements
Diffstat (limited to 'design-documents/006-anastasis-ux.rst')
-rw-r--r--design-documents/006-anastasis-ux.rst318
1 files changed, 0 insertions, 318 deletions
diff --git a/design-documents/006-anastasis-ux.rst b/design-documents/006-anastasis-ux.rst
deleted file mode 100644
index 17839bdb..00000000
--- a/design-documents/006-anastasis-ux.rst
+++ /dev/null
@@ -1,318 +0,0 @@
-Design Doc 006: Anastasis User Experience
-#########################################
-
-Summary
-=======
-
-This document describes the recommended way of implementing the user experience
-of setting up and making use of :doc:`../anastasis` account recovery.
-
-Motivation
-==========
-
-Wallet state consisting of digital cash, transaction history etc. should not be lost.
-Taler provides a backup mechanism to prevent that.
-As an additional protection measure Anastasis can be used to provide access to the backup,
-even if all devices and offline secrets have been lost.
-
-Access to the backup key is shared with escrow providers that can be chosen by the user.
-
-Setup Steps
-===========
-
-.. graphviz::
-
- digraph G {
- rankdir=LR;
- nodesep=0.5;
- settings [
- label = "Backup\nSettings";
- shape = oval;
- ];
- backup_is_setup [
- label = "Backup\nsetup?";
- shape = diamond;
- ];
- provide_id [
- label = "Provide\nIdentification";
- shape = rectangle;
- ];
- select_auth [
- label = "Select\nAuthentication Methods";
- shape = rectangle;
- ];
- provide_auth [
- label = "Provide\nAuthentication Data";
- shape = rectangle;
- ];
- select_providers [
- label = "Select\nService Providers";
- shape = rectangle;
- ];
- review_policy [
- label = "Review Recovery Policy";
- shape = rectangle;
- ];
- edit_policy [
- label = "Edit Recovery Policy";
- shape = rectangle;
- ];
- pay [
- label = "Confirm Payment";
- shape = oval;
- ];
- settings -> backup_is_setup;
- backup_is_setup -> provide_id [label="Yes: Setup Recovery"];
- backup_is_setup -> settings [label="No"];
- provide_id -> select_auth;
- select_auth -> provide_auth;
- provide_auth -> select_auth;
- select_auth -> select_providers;
- select_providers -> select_auth;
- select_providers -> review_policy;
- review_policy -> edit_policy;
- edit_policy -> review_policy;
- review_policy -> pay;
- }
-
-Entry point: Settings
----------------------
-
-The app settings should have a section for Anastasis using a different more
-universally understood name like Wallet Recovery.
-
-The section should have an option to setup Anastasis initially. This option
-should be disabled as long as no backup has been set up. The section could
-maybe be integrated into the backup settings.
-
-.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/menu.png
- :width: 800
-.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/settings.png
- :width: 800
-.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/backupsettings.png
- :width: 800
-
-Providing Identification
-------------------------
-
-Instead of a forgettable freely chosen user name, Anastasis collects various
-static information from the user to generate a unique user identifier from
-that. Examples for such identifier would be a concatenation of the full name
-of the user and their social security or passport number(s).
-
-The information that can reasonably used here various from cultural context
-and jurisdiction. Therefore, one idea is to start by asking for continent and
-then the country of primary legal residence, and then continue from there with
-country-specific attributes (and also offer a stateless person option).
-
-Special care should be taken to avoid that information can later be provided
-ambiguously thus changing the user identifier and not being able to restore
-the user's data. This can be typographic issues like someone providing
-"Seestr." and later "Seestrasse" or "Seestraße" or "seestrasse". But it can
-also be simple typos that we can only prevent in some instances like when
-checking checksums in passport numbers.
-
-The user should be made aware that this data will not leave the app and that
-it is only used to compute a unique identifier that can not be forgotten.
-
-If possible, we should guide the user in the country selection by accessing
-permission-less information such as the currently set language/locale and the
-country of the SIM card. But nothing invasive like the actual GPS location.
-
-.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/userid.png
- :width: 800
-
-Add Authentication Methods
---------------------------
-
-After creating a unique identifier, the user can chose one or more
-:ref:`anastasis-auth-methods` supported by Anastasis.
-
-When selecting a method, the user is already asked to provide the information
-required for the recovery with that method. For example, a photo of
-themselves, their phone number or mailing address.
-
-The user interface validates that the inputs are well-formed, and refuses
-inputs that are clearly invalid. Where possible, it pre-fills the fields with
-sane values (phone number, e-mail addresses, country of residence).
-
-.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/truth.png
- :width: 800
-.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/addtruth.png
- :width: 800
-.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/addtruthmail.png
- :width: 800
-
-
-Confirm/Change Service Providers
---------------------------------
-
-From the dialog where the user is adding authentication methods, the user can
-optionally jump to a side-action with list of available providers (and their
-status) and possibly add additional providers that are not included in the
-default list provided by the wallet.
-
-.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/policy.png
- :width: 800
-.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/addpolicy.png
- :width: 800
-.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/addpolicymethod.png
- :width: 800
-
-
-Defining Recovery Options
--------------------------
-
-After mapping authentication methods to providers, the user needs select which
-combinations are sufficient to recover the secret. Here, the system
-pre-computes a reasonably sane allocation, for small ``n`` the default could
-be ``n-1`` out of ``n``.
-
-We should propose a mapping of authentication methods to providers by
-minimizing cost (tricky: sign-up vs. recovery costs, different currencies) and
-distributing the selected authentication methods across as many providers as
-possible.
-
-The user should be able to change the proposed default selection
-and add more than one provider to each chosen method.
-
-Using Anastatis providers usually is not free. From here on, the UI should
-show estimated recurring costs (yearly) and the cost of recovery. These costs
-should get updated with each user action affecting those costs such as
-when the user reconfigures the policies.
-
-
-Pay for Setup
--------------
-
-As the last step when all information has been properly provided, the user is
-asked to pay for the service with the regular wallet payment confirmation
-screen.
-
-
-Show Service Status After Setup
-===============================
-
-TODO
-
-Recovery Steps
-==============
-
-.. graphviz::
-
- digraph G {
- rankdir=LR;
- nodesep=0.5;
- settings [
- label = "Restore from Backup";
- shape = oval;
- ];
- provide_id [
- label = "Provide\nIdentification";
- shape = rectangle;
- ];
- select_challenge [
- label = "Select\nAuthentication Challenge";
- shape = rectangle;
- ];
- satisfy_challenge [
- label = "Enter\nChallenge Response";
- shape = rectangle;
- ];
- pay [
- label = "Confirm Payment";
- shape = oval;
- ];
- finished [
- label = "Success";
- shape = rectangle;
- ];
- settings -> provide_id;
- provide_id -> settings [label="Back"];
- provide_id -> select_challenge;
- select_challenge -> provide_id [label="Back"];
- select_challenge -> satisfy_challenge;
- select_challenge -> pay;
- satisfy_challenge -> pay;
- pay -> satisfy_challenge;
- satisfy_challenge -> select_challenge;
- pay -> finished;
- satisfy_challenge -> finished;
- }
-
-
-Entry point: Settings
----------------------
-
-Like the backup, the recovery option should be available via
-the App settings.
-
-The section should have an option to recover from backup. If a previous
-recovery was not completed, the interaction should resume from that previous
-checkpoint instead of from the beginning.
-
-
-.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/menu.png
- :width: 800
-.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/settings.png
- :width: 800
-.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/backupsettings.png
- :width: 800
-
-
-Providing Identification
-------------------------
-
-The first dialog(s) during recovery should be identical to the first dialog
-during backup: the user is asked to select a continent, country of residence
-and then to provide country-specific inputs for identification.
-
-.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/userid.png
- :width: 800
-
-Select Authentication Challenge
--------------------------------
-
-If Anastasis could recover the recovery document via any provider, it should
-show a dialog allowing the user to select one of the open challenges, and
-highlight which challenges still need to be satisfied for the various policies.
-
-Additionally, the specific provider and recovery document version should be shown.
-The user should be able to change the provider or recovery document version,
-resulting in a switch of the recovery document and policies. If the user has
-already satisfied some challenges of the current recovery document, switching to a
-different recovery document should only be done after a confirmation pop-up dialog
-warning the user that the existing progress will be lost.
-
-When selecting a challenge, the user may be asked to confirm making a payment
-for this challenge if the provider requires payment.
-
-
-Payment
--------
-
-Typcially, this would be the canonical wallet payment confirmation dialog.
-
-However, in the case of a security question, the payment confirmation should
-be combined with the dialog where the user enters the security answer (so
-instead of an ``Ok`` button, text showing the amount due and ``Pay`` should be
-used -- except of course if the security question challenge is free of
-charge).
-
-
-Enter Challenge Response
-------------------------
-
-If the challenge was not a security question, the dialog to enter the security
-code (PIN/TAN) should open after payment. The security code field should have
-a prefix ``A-``. However, the user should be able to enter both only the
-numeric code, or the full code with the ``A-`` prefix (or ideally, the user
-cannot delete the pre-filled ``A-`` text).
-
-
-Success
--------
-
-The user is informed about the successful recovery. We may want to do this
-as part of a separate screen, or simply with a notification bar in the
-main wallet screen.