W3C home > Mailing lists > Public > public-rqtf@w3.org > March 2019

Re: New open issues in response to draft note on CAPTCHA

From: White, Jason J <jjwhite@ets.org>
Date: Mon, 11 Mar 2019 13:29:06 +0000
To: Janina Sajka <janina@rednote.net>
CC: "public-rqtf@w3.org" <public-rqtf@w3.org>
Message-ID: <F9274B0D-F0B6-4FE7-BB13-78D7DCAEFFED@ets.org>
Thank you, Janina. A further aspect of the biometrics issue is that, to the best of my knowledge, the biometric data are not shared directly with the party requesting authentication. They are, instead, processed locally by the user's device, and the authentication itself takes place via cryptographic protocols.

I'll readily admit that I am not acquainted with the details.

´╗┐On 3/11/19, 09:17, "Janina Sajka" <janina@rednote.net> wrote:

    Thanks, Jason.

    As I continue to consider the comment we received, I believe we're being
    asked to say more about further developments in biometrics. Possible
    plain language example is that fingerprint sensors could validate not
    only a pattern match in the ridges and valleys that constitute the
    traditional fingerprint, but also the presence of a pulse and, blood
    flow, and body heat. These would not be available should someone create
    a mold from fingerprints left on objects.

    I think that's one aspect of the post.


    Perhaps even more interesting is his pointer to work attempting to

    enhance privacy while supporting noninteractive authentication. He gives
    this pointer while suggesting this is just one scheme among several:

    https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprivacypass.github.io&amp;data=02%7C01%7Cjjwhite%40ets.org%7C6113ff19599f4f19621108d6a623f1ef%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636879070652445009&amp;sdata=zp2oRRpiFffSNburYtGrzFI5CaPOZOVbmRa9vX3ZGgk%3D&amp;reserved=0


    I wonder whether we need do much more than note people are working on
    such things, and that noninteractive mechanisms that also protect
    individual privacy would be welcome.


    The mechanism at the above URI seems different from reCAPTCHA V. 2 in
    that it isn't analyzing how users interact with their devices.

    That's as far as I've gotten with these latest comments. I welcome
    further discussion. Perhaps, should we find we need to say more, we
    might need a consult from W3C privacy or authentication people.

    Janina

    White, Jason J writes:
    > I'll add these issues to our agenda for next week's meeting. All Task Force participants are welcome to review and comment on the list in the meantime.
    >
    > On 3/8/19, 19:50, "Janina Sajka" <janina@rednote.net> wrote:
    >
    >     Thanks for the heads up, Jason. Yes, I do see three substantive comments
    >     from the same poster in the past day or so. I find his writing a bit
    >     hard to grok, but it seems there are some good points. We'll need to
    >     study these and discuss.
    >
    >     You may be correct about another publication round.
    >
    >     Janina
    >
    >     White, Jason J writes:
    >     > Dear colleagues,
    >     >
    >     > Please note that new issues have been opened on GitHub containing public comments on our "CAPTCHA" draft.
    >     >
    >     > All of the issues can be reviewed here:
    >     > https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fapa%2Fissues&amp;data=02%7C01%7Cjjwhite%40ets.org%7C6113ff19599f4f19621108d6a623f1ef%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636879070652445009&amp;sdata=QUNVCNGArUmavWsV4S8t1W2HW2M9swnHYiTkkyS7bFE%3D&amp;reserved=0
    >     >
    >     >
    >     > ________________________________
    >     >
    >     > This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.
    >     >
    >     >
    >     > Thank you for your compliance.
    >     >
    >     > ________________________________
    >
    >     --
    >
    >     Janina Sajka
    >
    >     Linux Foundation Fellow
    >     Executive Chair, Accessibility Workgroup:https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fa11y.org&amp;data=02%7C01%7Cjjwhite%40ets.org%7Cc0ad0d4027d44575d02908d6a429447f%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636876894492439672&amp;sdata=YH2YalHc9NB7v9dCpw4v3li%2FjLMnNsosdydjrxgZ%2Bs4%3D&amp;reserved=0
    >
    >     The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
    >     Chair, Accessible Platform Architectureshttps://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org%2Fwai%2Fapa&amp;data=02%7C01%7Cjjwhite%40ets.org%7Cc0ad0d4027d44575d02908d6a429447f%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636876894492439672&amp;sdata=uvt%2BD2YXgp0qDm0Pn4xreJwdSKI16QtMcSr9RnZNrRk%3D&amp;reserved=0
    >
    >
    >
    >
    >
    > ________________________________
    >
    > This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.
    >
    >
    > Thank you for your compliance.
    >
    > ________________________________

    --

    Janina Sajka

    Linux Foundation Fellow
    Executive Chair, Accessibility Workgroup:https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fa11y.org&amp;data=02%7C01%7Cjjwhite%40ets.org%7C6113ff19599f4f19621108d6a623f1ef%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636879070652445009&amp;sdata=zeqBIzZCDyPe%2FZ4Kxh2tvenq5O9OWxaB6yrPw9HwpRs%3D&amp;reserved=0

    The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
    Chair, Accessible Platform Architectureshttps://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org%2Fwai%2Fapa&amp;data=02%7C01%7Cjjwhite%40ets.org%7C6113ff19599f4f19621108d6a623f1ef%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636879070652445009&amp;sdata=bXbOMlqBA3PpWWHOmUYVWHCnU5Mgzpa4o2rBFk7rsrY%3D&amp;reserved=0




________________________________

This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.


Thank you for your compliance.

________________________________
Received on Monday, 11 March 2019 13:29:33 UTC

This archive was generated by hypermail 2.3.1 : Monday, 11 March 2019 13:29:34 UTC