summaryrefslogtreecommitdiff
path: root/design-documents
diff options
context:
space:
mode:
authorTorsten Grote <t@grobox.de>2020-05-28 15:50:04 -0300
committerTorsten Grote <t@grobox.de>2020-05-28 15:50:04 -0300
commitbf3edadb156997de7ee36466db65bacc9c6ad99e (patch)
treea6c0127cbfc5dacc3acf6017346042dd3880cbf4 /design-documents
parent38099c07f134cc00f8ec942fe0c3794435404f85 (diff)
downloaddocs-bf3edadb156997de7ee36466db65bacc9c6ad99e.tar.gz
docs-bf3edadb156997de7ee36466db65bacc9c6ad99e.tar.bz2
docs-bf3edadb156997de7ee36466db65bacc9c6ad99e.zip
Add design doc 6 for anastasis UX
Diffstat (limited to 'design-documents')
-rw-r--r--design-documents/006-anastasis-ux.rst180
-rw-r--r--design-documents/index.rst1
2 files changed, 181 insertions, 0 deletions
diff --git a/design-documents/006-anastasis-ux.rst b/design-documents/006-anastasis-ux.rst
new file mode 100644
index 00000000..9921f994
--- /dev/null
+++ b/design-documents/006-anastasis-ux.rst
@@ -0,0 +1,180 @@
+Design Doc 006: Anastasis User Experience
+#########################################
+
+Summary
+=======
+
+This document describes the recommended way of implementing the user experience
+of setting up and making use of :doc:`../anastasis` account recovery.
+
+Motivation
+==========
+
+Wallet state consisting of digital cash, transaction history etc. should not be lost.
+Taler provides a backup mechanism to prevent that.
+As an additional protection measure Anastasis can be used to provide access to the backup,
+even if all devices and offline secrets have been lost.
+
+Access to the backup key is shared with escrow providers that can be chosen by the user.
+
+Setup Steps
+===========
+
+.. graphviz::
+
+ digraph G {
+ rankdir=LR;
+ nodesep=0.5;
+ settings [
+ label = "Backup\nSettings";
+ shape = oval;
+ ];
+ backup_is_setup [
+ label = "Backup\nsetup?";
+ shape = diamond;
+ ];
+ provide_id [
+ label = "Provide\nIdentification";
+ shape = rectangle;
+ ];
+ select_auth [
+ label = "Select\nAuthentication Methods\n\nProvide\nAuthentication Data";
+ shape = rectangle;
+ ];
+ select_providers [
+ label = "Select\nService Providers";
+ shape = rectangle;
+ ];
+ threshold [
+ label = "Define\nRecovery Threshold";
+ shape = rectangle;
+ ];
+ pay [
+ label = "Payment";
+ shape = oval;
+ ];
+ settings -> backup_is_setup;
+ backup_is_setup -> provide_id [label="Yes: Setup Recovery"];
+ backup_is_setup -> settings [label="No"];
+ provide_id -> select_auth;
+ select_auth -> select_providers;
+ select_providers -> threshold;
+ threshold -> pay;
+ }
+
+Entry point: Settings
+---------------------
+
+The app settings should have a section for Anastasis
+using a different more universally understood name
+like Wallet Recovery.
+
+The section should have an option to setup Anastasis initially.
+This option should be disabled as long as no backup has been set up.
+The section could maybe be integrated into the backup settings.
+
+.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/menu.png
+ :width: 800
+.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/settings.png
+ :width: 800
+.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/backupsettings.png
+ :width: 800
+
+Providing Identification
+------------------------
+
+Instead of a forgettable freely chosen user name,
+Anastasis collects various static information from the user
+to generate a unique user identifier from that.
+Examples for such identifier would be a concatenation
+of the full name of the user and their social security or passport number(s).
+
+The information that can reasonably used here various from cultural context and jurisdiction.
+Therefore, one idea is to start by asking for continent
+and then the country of primary legal residence,
+and then continue from there with country-specific attributes
+(and also offer a stateless person option).
+
+Special care should be taken to avoid that information can later be provided ambiguously
+thus changing the user identifier and not being able to restore the user's data.
+This can be typographic issues like someone providing "Seestr."
+and later "Seestrasse" or "Seestraße" or "seestrasse".
+But it can also be simple typos that we can only prevent in some instances
+like when checking checksums in passport numbers.
+
+The user should be made aware that this data will not leave the app
+and that it is only used to compute a unique identifier that can not be forgotten.
+
+If possible, we should guide the user in the country selection
+by accessing permission-less information such as the currently set language/locale
+and the country of the SIM card.
+But nothing invasive like the actual GPS location.
+
+.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/userid.png
+ :width: 800
+
+Select Authentication Methods
+-----------------------------
+
+After creating a unique identifier,
+the user can chose one or more :ref:`anastasis-auth-methods`
+supported by Anastasis.
+
+Ideally when selecting a method,
+the user is already asked to provide the information
+required for the recovery with that method.
+For example, a photo of themselves, their phone number or mailing address.
+
+.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/truth.png
+ :width: 800
+.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/addtruth.png
+ :width: 800
+.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/addtruthmail.png
+ :width: 800
+
+
+Confirm/Change Service Providers
+--------------------------------
+
+Taler should propose a mapping of authentication methods to providers
+by minimizing cost (tricky: sign-up vs. recovery costs)
+and distributing the selected authentication methods across as many providers as possible.
+
+The user should be able to change the proposed default selection
+and add more than one provider to each chosen method.
+
+It should also be possible to add providers
+that are not included in the default list provided by the wallet.
+
+.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/policy.png
+ :width: 800
+.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/addpolicy.png
+ :width: 800
+.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/addpolicymethod.png
+ :width: 800
+
+Defining Recovery Threshold
+---------------------------
+
+After mapping authentication methods to providers,
+the user needs select which combinations are sufficient to recover the secret.
+The default could be ``n-1`` out of ``n``.
+
+Maybe the `Dark Crystal UI Recommendations <https://dark-crystal-javascript.gitlab.io/ui-recommendations/>`__
+can be an inspiration here.
+
+Pay for Setup
+-------------
+
+As the last step when all information has been properly provided,
+the user is asked to pay for the service with the regular wallet payment confirmation screen.
+
+Show Service Status After Setup
+===============================
+
+TODO
+
+Recovery Steps
+==============
+
+TODO
diff --git a/design-documents/index.rst b/design-documents/index.rst
index 590cd451..37f81bd4 100644
--- a/design-documents/index.rst
+++ b/design-documents/index.rst
@@ -15,3 +15,4 @@ and protocol.
003-tos-rendering
004-wallet-withdrawal-flow
005-wallet-backup-sync
+ 006-anastasis-ux