From bf3edadb156997de7ee36466db65bacc9c6ad99e Mon Sep 17 00:00:00 2001
From: Torsten Grote <t@grobox.de>
Date: Thu, 28 May 2020 15:50:04 -0300
Subject: Add design doc 6 for anastasis UX

---
 design-documents/006-anastasis-ux.rst | 180 ++++++++++++++++++++++++++++++++++
 1 file changed, 180 insertions(+)
 create mode 100644 design-documents/006-anastasis-ux.rst

(limited to 'design-documents/006-anastasis-ux.rst')

diff --git a/design-documents/006-anastasis-ux.rst b/design-documents/006-anastasis-ux.rst
new file mode 100644
index 00000000..9921f994
--- /dev/null
+++ b/design-documents/006-anastasis-ux.rst
@@ -0,0 +1,180 @@
+Design Doc 006: Anastasis User Experience
+#########################################
+
+Summary
+=======
+
+This document describes the recommended way of implementing the user experience
+of setting up and making use of :doc:`../anastasis` account recovery.
+
+Motivation
+==========
+
+Wallet state consisting of digital cash, transaction history etc. should not be lost.
+Taler provides a backup mechanism to prevent that.
+As an additional protection measure Anastasis can be used to provide access to the backup,
+even if all devices and offline secrets have been lost.
+
+Access to the backup key is shared with escrow providers that can be chosen by the user.
+
+Setup Steps
+===========
+
+.. graphviz::
+
+   digraph G {
+       rankdir=LR;
+       nodesep=0.5;
+       settings [
+           label = "Backup\nSettings";
+           shape = oval;
+       ];
+       backup_is_setup [
+           label = "Backup\nsetup?";
+           shape = diamond;
+       ];
+       provide_id [
+           label = "Provide\nIdentification";
+           shape = rectangle;
+       ];
+       select_auth [
+           label = "Select\nAuthentication Methods\n\nProvide\nAuthentication Data";
+           shape = rectangle;
+       ];
+       select_providers [
+           label = "Select\nService Providers";
+           shape = rectangle;
+       ];
+       threshold [
+           label = "Define\nRecovery Threshold";
+           shape = rectangle;
+       ];
+       pay [
+           label = "Payment";
+           shape = oval;
+       ];
+       settings -> backup_is_setup;
+       backup_is_setup -> provide_id [label="Yes: Setup Recovery"];
+       backup_is_setup -> settings [label="No"];
+       provide_id -> select_auth;
+       select_auth -> select_providers;
+       select_providers -> threshold;
+       threshold -> pay;
+   }
+
+Entry point: Settings
+---------------------
+
+The app settings should have a section for Anastasis
+using a different more universally understood name
+like Wallet Recovery.
+
+The section should have an option to setup Anastasis initially.
+This option should be disabled as long as no backup has been set up.
+The section could maybe be integrated into the backup settings.
+
+.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/menu.png
+  :width: 800
+.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/settings.png
+  :width: 800
+.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/backupsettings.png
+  :width: 800
+
+Providing Identification
+------------------------
+
+Instead of a forgettable freely chosen user name,
+Anastasis collects various static information from the user
+to generate a unique user identifier from that.
+Examples for such identifier would be a concatenation
+of the full name of the user and their social security or passport number(s).
+
+The information that can reasonably used here various from cultural context and jurisdiction.
+Therefore, one idea is to start by asking for continent
+and then the country of primary legal residence,
+and then continue from there with country-specific attributes
+(and also offer a stateless person option).
+
+Special care should be taken to avoid that information can later be provided ambiguously
+thus changing the user identifier and not being able to restore the user's data.
+This can be typographic issues like someone providing "Seestr."
+and later "Seestrasse" or "Seestraße" or "seestrasse".
+But it can also be simple typos that we can only prevent in some instances
+like when checking checksums in passport numbers.
+
+The user should be made aware that this data will not leave the app
+and that it is only used to compute a unique identifier that can not be forgotten.
+
+If possible, we should guide the user in the country selection
+by accessing permission-less information such as the currently set language/locale
+and the country of the SIM card.
+But nothing invasive like the actual GPS location.
+
+.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/userid.png
+  :width: 800
+
+Select Authentication Methods
+-----------------------------
+
+After creating a unique identifier,
+the user can chose one or more :ref:`anastasis-auth-methods`
+supported by Anastasis.
+
+Ideally when selecting a method,
+the user is already asked to provide the information
+required for the recovery with that method.
+For example, a photo of themselves, their phone number or mailing address.
+
+.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/truth.png
+  :width: 800
+.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/addtruth.png
+  :width: 800
+.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/addtruthmail.png
+  :width: 800
+
+
+Confirm/Change Service Providers
+--------------------------------
+
+Taler should propose a mapping of authentication methods to providers
+by minimizing cost (tricky: sign-up vs. recovery costs)
+and distributing the selected authentication methods across as many providers as possible.
+
+The user should be able to change the proposed default selection
+and add more than one provider to each chosen method.
+
+It should also be possible to add providers
+that are not included in the default list provided by the wallet.
+
+.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/policy.png
+  :width: 800
+.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/addpolicy.png
+  :width: 800
+.. image:: https://git.taler.net/anastasis.git/plain/doc/wireframe/png-export/addpolicymethod.png
+  :width: 800
+
+Defining Recovery Threshold
+---------------------------
+
+After mapping authentication methods to providers,
+the user needs select which combinations are sufficient to recover the secret.
+The default could be ``n-1`` out of ``n``.
+
+Maybe the `Dark Crystal UI Recommendations <https://dark-crystal-javascript.gitlab.io/ui-recommendations/>`__
+can be an inspiration here.
+
+Pay for Setup
+-------------
+
+As the last step when all information has been properly provided,
+the user is asked to pay for the service with the regular wallet payment confirmation screen.
+
+Show Service Status After Setup
+===============================
+
+TODO
+
+Recovery Steps
+==============
+
+TODO
-- 
cgit v1.2.3