UX of Accepting Connections

Current UX Flow


Bob-->Alice: Invitation
Note right of Alice: Present UX to Alice\nto accept or ignore
Alice->Bob: Request
Bob->Alice: Response
Alice->Bob: Complete

Problems

  • Good UX wants things like a name, image, etc.
  • Phishing attacks are quite easy without verifiable information
  • Adding worthwhile information prior to asking user helps experience
  • Invitations will be need to be frequently ammended as we produce better options for providing initial trust.
  • Info within invitations is often passed in the clear.
  • Our mental model is flawed.

Solutions

  • Move accept UX to after the exchange of DIDs
  • Presentation of good info can now happen over secure channel
  • Evolution of trust establishment can occur within rich protocols.
  • User now has verifiable, phishing proof information to use in making decision.

Potential UX Flow


Bob-->Alice: Invitation

Alice->Bob: Request
Bob->Alice: Response
Alice->Bob: Complete
Alice->Bob: Please send basis for trust
Bob->Alice: Reasons you should trust me
Note right of Alice: Present UX to Alice\nto accept or ignore

Possible Reasons for Trust

  • VC of business name and image from trustable source. (Ideal)
  • Verified domain using Well Known DID Configuration. (Doable now)
  • Proof of email or phone number control.
  • Proof of social media channel control.

Work required

  • Agents classifying new connections as 'pending' prior to verification
  • Work on 'trust basis' protocols.

Questions

  • Can we move there gradually?
  • Should we wait for DIDComm v2?
  • Do agent UXs need to align?
Select a repo