Topics

Proposals for precise rating and optional badges


Enos <temp4282138782@...>
 

Dear David and list,

I glued together some existing ideas and came up with two proposals, for implementing respectively precise rating and optional badges. Since at the moment this is not a priority, I only drop it here for possible later reference.

The rigidity of the current hierarchical system (or any other similar system with non-overlapping badges) is inherited from the use of paper. In our case BadgeApp can handle all the complexity, allowing us to trade some simplicity with what we need, for example user motivation.

Proposal 1: OPTIONAL BADGES.
Tag each requirement with IDs of *all* the optional badges it relates to
(e.g. TLS transport --> bronze, communication, encryption). After an application is rated, show a list of optional badges not yet achieved, starting with the one that is missing fewer requirements. For example, an application may only need the "TLS" requirement to achieve badge "secure communication". As a consequence, many users will consider meeting additional requirements to gain optional badges.

Proposal 2: PRECISE RATING.
Associate each requirement with a modifier, the more basic the requirement the higher the modifier (e.g. TLS transport --> +80%, input validation +25%, etc.). Associate hierarchical badges with thresholds and calculate the security of an application by chaining all modifiers. Any improvement would immediately affect the overall security rating, so users will be always and immediately rewarded and applications will be rated more precisely.

After coming up with a similar idea, I realized that there are already countless implementations out there, in the form of the most addictive drug of our times: RPG videogames. Millions of people spend hours of boring action with players they don't like just to find a piece of armor, to complete a set granting them arbitrary attack or defense bonuses. The following month the same set has become too small for their needs and the vicious circle starts again...

In our case a virtuous circle would lead to increased user engagement, more precise ratings and ultimately greater application security.


Kind Regards
--
Enos (away until 2015-09-29)


Trevor Vaughan
 

I'd play this game.

However, I'd like modifier Gems!

TLS -> Bronze
TLS + CRL -> +10
TLS + OCSP/SCVP -> +50

Etc...

On Mon, Sep 21, 2015 at 6:55 PM, Enos <temp4282138782@...> wrote:
Dear David and list,

I glued together some existing ideas and came up with two proposals, for implementing respectively precise rating and optional badges. Since at the moment this is not a priority, I only drop it here for possible later reference.

The rigidity of the current hierarchical system (or any other similar system with non-overlapping badges) is inherited from the use of paper. In our case BadgeApp can handle all the complexity, allowing us to trade some simplicity with what we need, for example user motivation.

Proposal 1: OPTIONAL BADGES.
Tag each requirement with IDs of *all* the optional badges it relates to
(e.g. TLS transport --> bronze, communication, encryption). After an application is rated, show a list of optional badges not yet achieved, starting with the one that is missing fewer requirements. For example, an application may only need the "TLS" requirement to achieve badge "secure communication". As a consequence, many users will consider meeting additional requirements to gain optional badges.

Proposal 2: PRECISE RATING.
Associate each requirement with a modifier, the more basic the requirement the higher the modifier (e.g. TLS transport --> +80%, input validation +25%, etc.). Associate hierarchical badges with thresholds and calculate the security of an application by chaining all modifiers. Any improvement would immediately affect the overall security rating, so users will be always and immediately rewarded and applications will be rated more precisely.

After coming up with a similar idea, I realized that there are already countless implementations out there, in the form of the most addictive drug of our times: RPG videogames. Millions of people spend hours of boring action with players they don't like just to find a piece of armor, to complete a set granting them arbitrary attack or defense bonuses. The following month the same set has become too small for their needs and the vicious circle starts again...

In our case a virtuous circle would lead to increased user engagement, more precise ratings and ultimately greater application security.


Kind Regards
--
Enos (away until 2015-09-29)
_______________________________________________
CII-badges mailing list
CII-badges@...
https://lists.coreinfrastructure.org/mailman/listinfo/cii-badges



--
Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699

-- This account not approved for unencrypted proprietary information --


Enos <temp4282138782@...>
 

Trevor Vaughan wrote:

I'd play this game.

However, I'd like modifier Gems!
Don't look at me, I'm not the one who will be eventually tasked to hide all that magic under BadgeApp's UI ;-).


TLS -> Bronze
TLS + CRL -> +10
TLS + OCSP/SCVP -> +50
Interactions do refine ratings, but to better reflect reality how about having them also % and asymptotic? (basic requirements weighted more)

TLS + CRL -> +10%
TLS + OCSP/SCVP -> +12%

Applications meeting all basic requirements would then be rated more than those meeting many fancy requirements but missing a basic one. Or, once having some applications in the DB, they could be manually rated and then an AI algorithm could be run to find the best modifiers.

Anyway I'd personally keep this fancy thread well away from the current branch at least for the next few months... "Premature optimization is the root of all evil"!


Kind Regards
--
Enos (away until 2015-09-29... starting now)