RE: Notes on the latest CAPTCHA Note draft

I can perform such a reorganization of section 2 and commit it to a Git branch, if others would like to review it in that form.

-----Original Message-----
From: White, Jason J <jjwhite@ets.org>
Sent: Thursday, May 9, 2019 5:41 PM
To: Janina Sajka <janina@rednote.net>
Cc: public-rqtf@w3.org
Subject: Re: Notes on the latest CAPTCHA Note draft

Yes, exactly.

On 5/9/19, 16:08, "Janina Sajka" <janina@rednote.net> wrote:

    OK, so the fingerprint, or the face recognition occurs entirely on the
    device. If the device is satisfied, that triggers some kind of encrypted
    upstream connection which accepts the device's trustworthiness and
    accepts that a biometric identification has been locally satisfied, so
    no login need be prompted.

    That sounds like stand-alone to me.

    White, Jason J writes:
    > My understanding is that biometrics are generally handled entirely on the authentication device, and that biometric data are never transmitted to a server. The client/server interaction is via a cryptographic authentication protocol such as the recently released Web Authentication specification.
    >
    > If the authenticating device is considered trustworthy, then the authentication attempt is allowed to succeed.
    >
    > I might be wrong, of course; input from those with experience in this area would be appreciated. Note that this section is inherited from the 2005 version of the document. It might be better to replace it with more general material, now that the Web Authentication specification is available:
    > https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FTR%2Fwebauthn%2F&amp;data=02%7C01%7Cjjwhite%40ets.org%7C3832aa14e0b048b9b19c08d6d4c72998%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636930349196957396&amp;sdata=LxsgbUk7B5V%2FQPMZxg8H12HDDS2ykISfNXETNEwQJrc%3D&amp;reserved=0

    >
    > On 5/9/19, 14:13, "Janina Sajka" <janina@rednote.net> wrote:
    >
    >     Good question about locating biometrics, Jason.
    >
    >     How shall we decide? Is it just the device that registers the
    >     fingerprint? Or is some signature uploaded to Google or Apple? How does
    >     it work? I frankly don't know, but I think the answer will tell us how
    >     to locate our biometric section.
    >
    >     Janina
    >
    >     White, Jason J writes:
    >     > Thank you for thoughtful comments, Janina.
    >     >
    >     > Subdivision may not be the best choice: grouping the items together, and noting the fact in the introductory text of the section, may well be sufficient to make the point clear.
    >     >
    >     > How shall we handle the biometrics issue?
    >     >
    >     > On 5/9/19, 13:27, "Janina Sajka" <janina@rednote.net> wrote:
    >     >
    >     >     Hi, Jason:
    >     >
    >     >     I'm certainly open to moving sections around. We've already done some of
    >     >     that in the past, and can certainly do more if it makes sense.
    >     >
    >     >     The only breakdown we've specified is stand-alone vs. multi-party.
    >     >     We' could further subdivide, if that seems reasonable. But, I'm not yet
    >     >     convinced we should try for further subdivision.
    >     >
    >     >     Janina
    >     >
    >     >     White, Jason J writes:
    >     >     > Here are my notes upon a perusal of the latest draft.
    >     >     >
    >     >     >
    >     >     >   1.  Sections 2.6 (Logic Puzzles) and 2.7 (Image and Video) are both implementations of a CAPTCHA challenge. Should they accordingly be moved to appear after section 2.2 (“Sound Output”), to bring together all of the CAPTCHA techniques discussed in section 2? Note also that 2.3 (biometrics), 2.4 (limited use accounts), and 2.5 (non-interactive checks), used individually or in combination with each other, do not involve any kind of CAPTCHA challenge.
    >     >     >   2.  Unless there’s work in a branch of which I’m unaware, it appears that we haven’t clarified the role of biometrics (section 2.3) in relation to CAPTCHA – and this is the subject of an open issue. I recall our discussing it at an RQTF meeting, but I don’t remember there being an agreed upon solution.
    >     >     >   3.  The rest of my comments are editorial, but I plan to undertake an editorially-focused reading of the draft when it’s closer to publication.
    >     >     >
    >     >     >
    >     >     > ________________________________
    >     >     >
    >     >     > This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.
    >     >     >
    >     >     >
    >     >     > Thank you for your compliance.
    >     >     >
    >     >     > ________________________________
    >     >
    >     >     --
    >     >
    >     >     Janina Sajka
    >     >
    >     >     Linux Foundation Fellow
    >     >     Executive Chair, Accessibility Workgroup:https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fa11y.org&amp;data=02%7C01%7Cjjwhite%40ets.org%7Ca3ee0e23f7704f72721a08d6d4a38d42%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636930196259944542&amp;sdata=8S32MZ%2BaQOT8Grfcpd96F4tVIJOOEBQfDFLOv1A3bOg%3D&amp;reserved=0

    >     >
    >     >     The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
    >     >     Chair, Accessible Platform Architectureshttps://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org%2Fwai%2Fapa&amp;data=02%7C01%7Cjjwhite%40ets.org%7Ca3ee0e23f7704f72721a08d6d4a38d42%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636930196259944542&amp;sdata=5rO9qlObFcbR5%2Fybfjl54TondI2rQmyUs44dSNFgq1g%3D&amp;reserved=0

    >     >
    >     >
    >     >
    >     >
    >     > ________________________________
    >     >
    >     > This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.
    >     >
    >     >
    >     > Thank you for your compliance.
    >     >
    >     > ________________________________
    >
    >     --
    >
    >     Janina Sajka
    >
    >     Linux Foundation Fellow
    >     Executive Chair, Accessibility Workgroup:https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fa11y.org&amp;data=02%7C01%7Cjjwhite%40ets.org%7C7f85526796134c79f04b08d6d4a9fa9b%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636930223851799767&amp;sdata=mVeP1yx%2FxOd2nDoWUOdcWjsZnQvjXbx6gJ9hMpW2acs%3D&amp;reserved=0

    >
    >     The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
    >     Chair, Accessible Platform Architectureshttps://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org%2Fwai%2Fapa&amp;data=02%7C01%7Cjjwhite%40ets.org%7C7f85526796134c79f04b08d6d4a9fa9b%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636930223851799767&amp;sdata=KiNZmMjeClRtH8VusTWHa8uuRsrCqJTWhqcxy57%2FbC0%3D&amp;reserved=0

    >
    >
    >
    >
    > ________________________________
    >
    > This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.
    >
    >
    > Thank you for your compliance.
    >
    > ________________________________

    --

    Janina Sajka

    Linux Foundation Fellow
    Executive Chair, Accessibility Workgroup:https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fa11y.org&amp;data=02%7C01%7Cjjwhite%40ets.org%7C3eef486c934247c864b908d6d4ba18e6%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636930293087269017&amp;sdata=i4quzlMCtUwq5Oc5Dq9YtL5lG1Qsx4K9dne7VGanR7c%3D&amp;reserved=0


    The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
    Chair, Accessible Platform Architectureshttps://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org%2Fwai%2Fapa&amp;data=02%7C01%7Cjjwhite%40ets.org%7C3eef486c934247c864b908d6d4ba18e6%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636930293087269017&amp;sdata=F1CMkVup2DUQ%2BracD0zv65tAr6aWab4LRc4viuAaq3A%3D&amp;reserved=0





________________________________

This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.


Thank you for your compliance.

________________________________

________________________________

This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.


Thank you for your compliance.

________________________________

Received on Friday, 10 May 2019 13:10:23 UTC