However, the push service is still exposed to the metadata of messages sent by an application server to a user agent over a push subscription. This includes the timing, frequency and size of messages. Other than changing push services, which user agents may disallow, the only known mitigation is to increase the apparent message size by padding. There is no guarantee that a push message was sent by an application server having the same origin as the web application. The application server is able to share the details necessary to use a push subscription with a third party at its own discretion. The following requirements are intended to protect the privacy and security of the user as far as possible, and subject to meeting that goal, to protect the integrity of the application server's communication with the user. User agents MUST NOT provide Push API access to web applications without the express permission of the user. User agents MUST acquire consent for permission through a user interface for each call to the subscribe() method, unless a previous permission grant has been persisted, or a prearranged trust relationship applies.
Permissions that are preserved beyond the current browsing session MUST be revocable. The Push API may have to wake up the Service Worker associated with the service worker registration in order to run the developer-provided event handlers. This can cause resource usage, such as network traffic, that the user agent SHOULD attribute to the web application that created the push subscription. The user agent MAY consider the PushSubscriptionOptions when acquiring permission or determining the permission status. When a permission is revoked, the user agent MAY fire the "pushsubscriptionchange" event for subscriptions created with that permission, with the service worker registration associated with the push subscription as registration, a PushSubscription instance representing the push subscription as oldSubscription, and null as newSubscription. The user agent MUST deactivate the affected subscriptions in parallel. When a service worker registration is unregistered, any associated push subscription MUST be deactivated. The push endpoint MUST NOT expose information about the user to be derived by actors other than the push service, such as the user's device, identity or location. The push endpoint of a deactivated push subscription MUST NOT be reused for a new push subscription. This prevents the creation of a persistent identifier that the user cannot remove. This also prevents reuse of the details of one push subscription to send push messages to another push subscription. User agents MUST implement the Push API to only be available in a secure context. This provides better protection for the user against man-in-the-middle attacks intended to obtain push subscription data. Browsers may ignore this rule for development purposes only.
Americans have the chance to affect the course of the United States by voting in elections, but what if you want a more hands-on opportunity? How can you convince the government that you've got the skills, knowledge and drive to join the team in the White House? That depends upon what you bring to the table, including your ambitions. There are three different kinds of job opportunities you can pursue at the White House: non-career positions, internships and career positions. Non-career positions are temporary. Once a new administration enters the White House, your term in that position will end. It's possible that the new president will keep you on staff, but you shouldn't count on it. An internship is an unpaid position. Instead of getting paid, an intern's compensation includes on-the-job experience and networking opportunities. Career positions are competitive, non-political jobs. When Obama became President-elect of the United States, his team of advisors launched the Web site to begin the process of choosing federal government appointees.
Assuming you want one of these non-career positions, you'll need to submit an expression of interest. The required information includes your name, address, phone number, citizenship status and your most recent employer (or school, if you're a student). After submitting your information, it's time to wait. The Obama-Biden Transition Project, which oversees the applications, will contact you within a few days with further instructions. When you receive the e-mail, you'll find a link to another Web site. This is where you'll get your first indication of what's in store for you. You'll have to fill out an online application that spans several online pages and asks for a lot of information. If you get through that phase, you'll have even more questions to answer -- some of these questions are of a very personal nature. In fact, some people consider the application process controversial and troublesome. Let's take a closer look at non-career positions and what the Obama administration wants to know about you before bringing you into the fold.
|