However, the push service is still exposed to the metadata of messages sent by an application server to a user agent over a push subscription. This includes the timing, frequency and size of messages. Other than changing push services, which user agents may disallow, the only known mitigation is to increase the apparent message size by padding. There is no guarantee that a push message was sent by an application server having the same origin as the web application. The application server is able to share the details necessary to use a push subscription with a third party at its own discretion. The following requirements are intended to protect the privacy and security of the user as far as possible, and subject to meeting that goal, to protect the integrity of the application server's communication with the user. User agents MUST NOT provide Push API access to web applications without the express permission of the user.
User agents MUST acquire consent for permission through a user interface for each call to the subscribe() method, unless a previous permission grant has been persisted, or a prearranged trust relationship applies. Permissions that are preserved beyond the current browsing session MUST be revocable. The Push API may have to wake up the Service Worker associated with the service worker registration in order to run the developer-provided event handlers. This can cause resource usage, such as network traffic, that the user agent SHOULD attribute to the web application that created the push subscription. The user agent MAY consider the PushSubscriptionOptions when acquiring permission or determining the permission status. When a permission is revoked, the user agent MAY fire the "pushsubscriptionchange" event for subscriptions created with that permission, with the service worker registration associated with the push subscription as registration, a PushSubscription instance representing the push subscription as oldSubscription, and null as newSubscription. The user agent MUST deactivate the affected subscriptions in parallel. When a service worker registration is unregistered, any associated push subscription MUST be deactivated. The push endpoint MUST NOT expose information about the user to be derived by actors other than the push service, such as the user's device, identity or location. The push endpoint of a deactivated push subscription MUST NOT be reused for a new push subscription. This prevents the creation of a persistent identifier that the user cannot remove. This also prevents reuse of the details of one push subscription to send push messages to another push subscription. User agents MUST implement the Push API to only be available in a secure context. This provides better protection for the user against man-in-the-middle attacks intended to obtain push subscription data. Browsers may ignore this rule for development purposes only.
Kwanzaa, a seven-day holiday that celebrates African-American heritage, is the brainchild of Dr. Maulana Karenga, a professor of Africana Studies at California State University Long Beach. Karenga created Kwanzaa as a way to help African-Americans remember their roots and also to foster unity during a time of incredible racial strife. Karenga, a controversial figure in the black power movement, openly opposed Christian beliefs and originally declared that Kwanzaa should be an anti-Christmas of sorts. Each of the seven days represents one of the seven principles of Kwanzaa, or nguzo saba. There are also seven symbols of Kwanzaa, which celebrants display prominently in their homes throughout the holiday. The colors of Kwanzaa are red, black and green -- the colors of the Pan-African flag, which symbolizes unity among African people all over the world. Black represents the people, red their blood and green the earth and the future. Kwanzaa is, of course, a festive time; it has all the feasting and celebrating you'd expect from a weeklong holiday, but it's also an occasion for reflection, conversation, contemplation and camaraderie.
And although it's a relatively young holiday, it has its fair share of very specific, detailed traditions. So, if you don't know your vibunzi from your mishumaa saba, this is a good place to start! We'll start off with the foundation of Kwanzaa: the seven principles. Each day of Kwanzaa represents one of the seven principles, or nguzo saba. Taken together, the seven principles make up kawaida, a Swahili term for tradition and reason. During the evening candlelighting (which we'll talk about in more detail on the next page), everyone in the group explains what the day's principles means to them and how they tried to apply it that day. There might be an activity based on the principle, like a project, a musical performance or a poetry reading. The answer to the question "Habari gani?" (Swahili for "what's the news?") is always the name of that day's principle. When Kwanzaa started, the intention was -- as a part of the kujichagulia principle of self-determination -- to keep it separate from non-African holidays.
But over the years, more and more African-American families have begun celebrating Kwanzaa along with Christmas and New Year's. Why all the Swahili? There are hundreds of African languages, but Dr. Karenga chose to use Swahili for Kwanzaa terms because it's the most widely spoken language on the continent. Along with the seven principles of Kwanzaa come the seven symbols. Mkeka (mat): The mkeka is woven from a traditional African material, probably straw, kente (a silk and cotton blend) cloth or mud (cotton fabric dyed using mud) cloth. Mazao (crops): The fruits, vegetables and nuts laid on the mkeka symbolize work, the harvest and the nourishment of the tribe. Vibunzi (ear of corn): Corn represents fertility and community child-rearing. Each child in the family is represented by an ear of corn on the mkeka (if there's more than one ear, the group is called a mihindi). If there aren't any kids in the household, two ears of corn are still placed to show that everyone is responsible for the community's children.
|