W3C home > Mailing lists > Public > public-cognitive-a11y-tf@w3.org > June 2014

RE: security protocols and cognative

From: Rochford, John <john.rochford@umassmed.edu>
Date: Sun, 1 Jun 2014 13:08:45 +0000
To: "lisa.seeman" <lisa.seeman@zoho.com>
CC: public-cognitive-a11y-tf <public-cognitive-a11y-tf@w3.org>
Message-ID: <55BD19D83AA2BE499FBE026983AB2B58359DD5E2@ummscsmbx01.ad.umassmed.edu>
Lisa and All,

It seems to me that the only part of Section 15 we should consider for impact on people with cognitive disabilities is the following.

“Real-time measures in the application might include requiring completion of a CAPTCHA [CAPTCHA-Wikipedia] or responding to an out-of-band confirmation when the UI Security heuristic is triggered.”

I say that because the rest of Section 15 references back-end features which, presumably, people with cognitive disabilities would not experience.

Do you concur?

John

John Rochford
UMass Medical School/E.K. Shriver Center
Director, INDEX Program; Instructor, Family Medicine & Community Health
http://www.DisabilityInfo.org

Twitter: @ClearHelper

From: lisa.seeman [mailto:lisa.seeman@zoho.com]
Sent: Wednesday, May 28, 2014 12:37 PM
To: lisa.seeman
Cc: public-cognitive-a11y-tf
Subject: Re: security protocols and cognative

Specifically we should look at section 15


Implementation Considerations for Resource Authors

This section is non-normative.

When possible, resource authors SHOULD make use of violation reports and the unsafe attribute to apply additional security measures in the application or during back-end processing. Real-time measures in the application might include requiring completion of a CAPTCHA [CAPTCHA-Wikipedia<http://www.w3.org/TR/2014/WD-UISecurity-20140318/#bib-CAPTCHA-Wikipedia>] or responding to an out-of-band confirmation when the UI Security heuristic is triggered. Example back-end measures might include increasing a fraud risk score for individual actions that trigger or targets accounts/resources that frequently trigger UI Security heuristics. To be able to do this effectively, it is likely necessary to encode into the report-uri a unique identifier that can be correlated to the authenticated user and the action they are taking.

All the best

Lisa Seeman

Athena ICT Accessibility Projects <http://accessibility.athena-ict.com/default.shtml>
LinkedIn<http://il.linkedin.com/in/lisaseeman/>, Twitter<https://twitter.com/SeemanLisa>



---- On Wed, 28 May 2014 19:26:36 +0300 lisa.seeman<lisa.seeman@zoho.com<mailto:lisa.seeman@zoho.com>> wrote ----

Can we review security protocols for PF to see about the impact with cognitive.

http://www.w3.org/TR/2014/WD-UISecurity-20140318/


All the best

Lisa Seeman

Athena ICT Accessibility Projects<http://accessibility.athena-ict.com/default.shtml>
LinkedIn<http://il.linkedin.com/in/lisaseeman/>, Twitter<https://twitter.com/SeemanLisa>


Received on Sunday, 1 June 2014 13:09:12 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:01:19 UTC