Update on review of http://www.w3.org/TR/2014/WD-UISecurity-20140318/

Comments from COGA added on http://www.w3.org/TR/2014/WD-UISecurity-20140318/

We would suggest changes to section 14 that:
 User agents SHOULD provide a means for the user to manually disable enforcement of the Input Protection Heuristic if it interferes with their chosen accessibility technologies.
1. SHOULD should be changed to MUST
2. Add a sentence that the mechanism for manually disable enforcement of the Input Protection Heuristic MUST be operable by assistive technolgies and by people with cognative disabilities who are able to understand the security risk.

In section 15 we would add:

2. Mechanisms for CAPTCHA and user verification should included options for people with different disabilities, including cognitive disabilities, people with impaired visual and auditory discrimination skills and for different modalities. For example, if  CAPTCHA or user verification  require  biometrics  a choice should be offered of what biometrics to use,  as people with different disabilities may be precluded from one or more  specific  biometric mechanism.
 Further when two step verification procedures are used any time limit is problem, and itshould not be dependent on the users short term memory or on the users ability to copy accurately.


All the best

Lisa Seeman

Athena ICT Accessibility Projects
LinkedIn, Twitter

Received on Tuesday, 3 June 2014 14:11:18 UTC