Need more information Re: ACTION-1536: Some comments on the mixed content spec

Here's a response on the PFWG feedback to Mixed Content, requesting 
changing a SHOULD to a MUST.

https://lists.w3.org/Archives/Member/wai-liaison/2014Dec/0010.html

Basically, they don't know how they will define AAPI mappings and test 
for it. I think we need to provide concrete guidance to them on that, or 
otherwise we might have to back off on the SHOULD-to-MUST request. Can 
anybody provide the concrete guidance needed? I don't have enough depth 
on AAPIs to do so myself.

Michael

On 11/12/2014 9:58 AM, Michael Cooper wrote:
> There was quick turnaround on the comment filed on mixed content. They 
> ask if the following edits meet our request:
>
> https://github.com/w3c/webappsec/commit/27ce69afce3e60f8eda186337cc2603f16d2a8e6
>
> Sent in the message:
>
> https://lists.w3.org/Archives/Member/wai-liaison/2014Dec/0005.html
>
> I would summarize the edit as removing explicit mention of *visual* 
> indicators - just using more agnostic language about how the indicator 
> works - and putting in a note that features need to work with AAPIs.
>
> Thoughts? Should we accept this disposition of the comment, or request 
> further edits?
>
> Michael
>
> On 10/12/2014 12:34 PM, Shane McCarron wrote:
>> I have briefly reviewed the Mixed Content specification [1].  During 
>> that review I noticed the following:
>>
>> 1) Section 4.3 - UI Requirements
>>
>> There is a requirement that the UI have a visual indication as to 
>> whether the connection is secure or not:
>>
>>
>>     If a request for optionally blockable passive resources which are
>>     mixed content is not treated as active content (per requirement
>>     #3 above), then the user agent MUST NOT provide the user with a
>>     visible indication that the top-level browsing context which
>>     loaded that resource is secure (for instance, via a green lock
>>     icon). The user agent SHOULD instead display a visible indication
>>     that mixed content is present.
>>
>>
>> I imagine we want an additional requirement that the indication is 
>> also available to ATs - assuming we are comfortable making 
>> requirements that are outside of the viewport.
>>
>> 2) Section 4.4 - User Controls
>>
>> They have some MAY statements about user agents offering controls to 
>> limit exposure to blockable passive content and active mixed 
>> content.  Such controls need to be available to the AT as well.
>>
>>
>> That's all I saw that I think is A11Y relevant.
>>
>> -- 
>> Shane McCarron
>> Managing Director, Applied Testing and Technology, Inc.
>

Received on Thursday, 18 December 2014 16:23:13 UTC