Re: review of User Interface Security Directives for Content Security Policy from Janina Sajka on 2014-06-19 (public-pfwg@w3.org from June 2014)

From: Janina Sajka <janina@rednote.net>
Date: Wed, 18 Jun 2014 22:55:05 -0400
To: Cynthia Shelly <cyns@microsoft.com>
Cc: James Nurthen <james.nurthen@oracle.com>, "public-pfwg@w3.org" <public-pfwg@w3.org>
Message-ID: <20140619025505.GD7354@concerto.rednote.net>

During our telecon today we resolved to include this comment in our comments on this draft.

Janina

Cynthia Shelly writes:
> That concerns me as well.  Anyone else have thoughts?
> 
> From: James Nurthen [mailto:james.nurthen@oracle.com]
> Sent: Wednesday, June 11, 2014 12:16 PM
> To: public-pfwg@w3.org
> Subject: Re: review of User Interface Security Directives for Content Security Policy
> 
> The whole section 14 throws up a flag for me as it is stated that it is non-normative. The fact that there are normative sounding statements in a non-normative section sounds like an issue we should raise to me.
> 
> Regards,
> James
> On 6/10/2014 1:18 PM, Cynthia Shelly wrote:
> User Interface Security Directives for Content Security Policy
> http://www.w3.org/TR/2014/WD-UISecurity-20140318/
> 
> There is a section on accessibility technologies (14.1) which touches on interoperability with assistive technolgies. I'm not familiar enough with the technology behind this spec to be able to determine if these cases have been handled.  More detail in 14.1, and perhaps some examples, would be welcome.
> 
> Some questions for the working group:
> 
> 1)      Would an app using UI Security Directives be able to be operated by a cloud-based screen reader, such as Web Anywhere, which wraps a frame around all content it reads?  http://webanywhere.cs.washington.edu/
> 
> 2)      Will the input protection heuristic work when a screen magnifier, such as Windows Magnifier or ZoomText is running on the machine?
> 
> 3)      How will browser zooming impact the input protection heuristic?  What if the zoom occurs during the user interaction?
> 
> 4)      Some assistive technology simulates mouse actions.  How will this impact UI Event Handling?
> 
> 5)      Some assistive technology simulates user actions via platform accessibility APIs.  How will this impact UI Event Handling?
> 
> 6)      Some assistive technology simulates user actions via the DOM.  How will this impact UI Event Handling?
> 
> --
> Regards, James
> 
> [Oracle]<http://www.oracle.com>
> James Nurthen | Principal Engineer, Accessibility
> Phone: +1 650 506 6781<tel:+1%20650%20506%206781> | Mobile: +1 415 987 1918<tel:+1%20415%20987%201918>
> Oracle Corporate Architecture
> 500 Oracle Parkway | Redwood City, CA 94065
> [Green              Oracle]<http://www.oracle.com/commitment>Oracle is committed to developing practices and products that help protect the environment




-- 

Janina Sajka,	Phone:	+1.443.300.2200
			sip:janina@asterisk.rednote.net
		Email:	janina@rednote.net

Linux Foundation Fellow
Executive Chair, Accessibility Workgroup:	http://a11y.org

The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
Chair,	Protocols & Formats	http://www.w3.org/wai/pf
	Indie UI			http://www.w3.org/WAI/IndieUI/

Received on Thursday, 19 June 2014 02:55:45 UTC