W3C home > Mailing lists > Public > public-comments-wcag20@w3.org > December 2007

Re: Your comments on WCAG 2.0 Public Working Draft of May, 2007

From: Loretta Guarino Reid <lorettaguarino@google.com>
Date: Tue, 11 Dec 2007 16:19:26 -0800
Message-ID: <824e742c0712111619k66f13b2ewc5866f9b6f3834dd@mail.gmail.com>
To: yukie.motomiya.zm@hitachi.com
Cc: public-comments-WCAG20@w3.org

The working group believes there is sufficient flexibility in the options to
permit authors both to address security concerns and to provide support for
people with disabilities. We agree that it requires careful thought and design
to balance  these concerns. We recommend performing user testing with people
with disabilities to confirm that an effective balance has been reached.

Regards,

Loretta Guarino Reid, WCAG WG Co-Chair
Gregg Vanderheiden, WCAG WG Co-Chair
Michael Cooper, WCAG WG Staff Contact

On behalf of the WCAG Working Group


> >----------------------------------------------------------
> >Comment 3: Time Limit for Security/Access Control
> >Source: http://lists.w3.org/Archives/Public/public-comments-wcag20/2007Jun/0285.html
> >(Issue ID: 2114)
> >----------------------------
> >Original Comment:
> >----------------------------
> >
> >There can be the time limit for:
> >
> >- the security reasons
> >
> >- the access control(system/network performance management)
> >
> >
> >
> >If the users are not allowed to turn off, adjust, and/or extend the
> >time limit in such cases, what should the authors do? These cases also
> >should be the exception.
> >
> >Proposed Change:
> >Add the followings to GL 2.2.1
> >
> > - Security Exception: the time limit is  required for the security
> >reason, and no alternative to the time limit is possible; or
> >
> > - Access Control Exception: the time limit is  required for the
> >system/network performance management, and no alternative to the time
> >limit is possible.
> >
> >---------------------------------------------
> >Response from Working Group:
> >---------------------------------------------
> >
> >Those situations were kept in mind when the current language was
> >crafted. Use of time limits for security concerns relates to not
> >leaving a terminal open. By asking if the user needs more time, you
> >know that they are still present. So the extend provision would allow
> >security concerns to be met.
> >
> >RE Access Control Exception:   There is a limit on the number of times
> >a person can extend.  So access is eventually returned.  If the
> >exception were allowed, then people who need 5 or 10 times more time
> >to complete would never be able to.  The number of people who would be
> >sitting on their terminals requesting more time at each time out is
> >small enough that that it should not cause any problem in overall use
> >of system resources.
> >
>
> >---------------------------------------------
> >My Comment:
> >---------------------------------------------
> I understand you standing point.
> But there still is a issue to be solved.
>
> I wonder how we can check if a person in front of the terminal is the one who logged-in.
> To extend the time limit, a person is asked to enter a password or something which identifies himself/herself?
>
> I know it causes the problem to people who need to extend the time limit.
> Because this action itself needs time and it consumes the time given to them from the system...
>
> This kind of discussion happens quite often at the meeting with the clients from financial field.
> When we are asked to make their web site meet level A, this SC will be a problem to us.
Received on Wednesday, 12 December 2007 00:20:05 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:11:09 UTC