Re: Voluntary (and non-) Standards (was: Support for Verifiable Claims)

Tantek wrote:

> ...what successful examples can you cite of W3C created standards
involving trust (or anything else) that "agencies" subsequently
adopted? Whether from public demand or other motivation. I have seen
no evidence to support this "if ... then" hypothesis.

Hi Tantek,

WCAG 2.0 (and previously WCAG 1.0). WCAG 2.0 was also subsequently adopted
and approved as an ISO standard: ISO/IEC 40500:2012

WCAG has been adopted as "the" web accessibility standard in multiple
countries [1], and is currently also being cited by the US Department of
Justice [2] [3] as to "how" to meet (implied) ADA conformance of web
content.

The US Department of Transportation has also amended the Air Carrier Access
Act of 1986 (aka ACAA ) to state: "Websites are required to meet the
standards for accessibility contained in the widely accepted Website
Content Accessibility Guidelines (WCAG)" [4]

All of these activities have happened post publication of the WCAG 2.0.
Recommendation.

Finally, speaking on behalf of Deque, as a leading web accessibility
software and services provider, we advise our clients that the
"international benchmark" for web accessibility is WCAG 2.0 (A, AA) that
they (our clients) should be aiming for (with or without a legal mandate to
do so).

**********

FWIW, from an accessibility perspective, we believe that verifiable claims
technology will also serve as a critical component for Persons With
Disabilities in emergent activities such as the GIII Initiative [5] and
"Prosperity4All" [6], where the ability to verify "you are you" and more
importantly establish a secure online 'persona' complete with sensitive
(private) health and medical information that can be used to customize
digital experiences for each individual is critical. For this reason there
are already a number of accessibility experts involved in the verifiable
claims and web-payments activities at the W3C, and personally speaking, it
appears that for this issue there is in part a chicken and egg problem,
where I would suggest that the W3C can and should take a standardization
leadership position as opposed to a "document what there is" perspective.

JF



1: https://www.w3.org/WAI/Policy/

2: https://www.gpo.gov/fdsys/pkg/FR-2016-05-09/pdf/2016-10464.pdf    BUT,
see here:
http://www.adatitleiii.com/2016/05/attention-public-accommodations-dojs-recent-rulemaking-action-for-state-and-local-government-websites-reveals-its-current-thinking-on-web-accessibility/

3: https://www.ada.gov/greyhound/greyhound_cd.html#_ftn1

4:
https://www.transportation.gov/briefing-room/new-dot-rules-make-flying-easier-passengers-disabilities

5: http://gpii.net/

6: http://www.prosperity4all.eu/about-p4a/





On Thu, Dec 8, 2016 at 3:27 PM, Tantek Çelik <tantek@cs.stanford.edu> wrote:

> tl;dr: Who verifies the claims of the Verified Claims advocates?
>
> (motivation) If Verified Claims advocates can't be bothered to provide
> simple URL citations to verify their claims, why would anyone bother
> with anything more complex?
>
> (dogfooding) If you're not living breathing the behaviors you're
> advocating, why should anyone take advocations of (formalized versions
> of) those behaviors seriously?
>
>
> Longer:
>
>
> Not picking on you in particular Gray, because this is an endemic
> problem that I have seen in pretty much all Verified Claims (CG/WG)
> discussions.
>
> Lots of claims made in the prose of such messages/emails, usually zero
> citations to verify those claims. Manu is the notable exception, he
> usually provides quite a few citations for his points in his emails.
>
> So just as an example:
>
>
> On Wed, Dec 7, 2016 at 8:35 AM, Gray Taylor <gtaylor@conexxus.org> wrote:
> > Interesting thread on legal standing.  Right now, 9 states are wrestling
> with putting verifiable drivers licenses on mobile devices (the paper
> artifacts we use today are eminently fraud prone - just ask any college
> student).
>
> Which 9 states? Citations to .gov sites that can be used to verify
> this "9 states" claim? Or a citation to a summary thereof itself with
> citations for the specific states?
>
>
> >  In today's case, US State Department, DMV, Social Security
> Administration, County records, etc. all act as trusted service providers
> of the "paper and static ID" world; with great peril to the citizen as
> these artifacts can be stolen easily.  Their role won't change anytime soon.
>
> Presumably you're referring to passports, drivers licenses, social
> security cards, etc. and expecting (likely) that these examples are
> physically self-evident.
>
>
> > Conexxus' feeling is that we don't proscribe legal purview of verifiable
> claims, but create an eco-system by which the "watchers" in today's
> existential data world can choose reliable new technologies to continue
> their mandated mission; and on a basis of NOT conveying unnecessary and
> static PII, which is the Achilles heel of our online existence.  So the
> intent is to provide control over our own identities as a first order.
>
> Could you provide a public Conexxus URL that describes this
> "eco-system" goal in more detail?
>
>
> > If W3C creates a trusted environment framework, then the agencies will
> adopt them as a matter of public demand (IMHO this will be an escalating
> societal trend).
>
> This is a very shaky hypothesis, on multiple counts.
>
> First, agencies presumably adopt things without W3C involvement (e.g.
> whatever they have adopted today).
>
> Second, what successful examples can you cite of W3C created standards
> involving trust (or anything else) that "agencies" subsequently
> adopted? Whether from public demand or other motivation. I have seen
> no evidence to support this "if ... then" hypothesis.
>
>
> >  Each (global) jurisdiction will make its decision based on available
> technology and political aims v. the will of their people.
> >
> > Our retail industry does not want to know anything about you beyond "are
> you old enough to buy beer?" and can I capture the signature (read legal
> verification) of the TSP saying you are?  Certainly no business will stake
> their liquor license on a semi-trusted service provider, so the framework
> needs to authenticate the TSP as well.
>
> Presumably this is orthogonal or unrelated, as such businesses today
> seem to (anecdotally) only accept government issued IDs for "are you
> old enough". I would assume they will continue to do so, regardless of
> what tech happens to be in such IDs, and I'd doubt they'd accept
> non-govt issued IDs.
>
>
> > So long opinion, short, if we build it, they will come as needed ...
>
> build yes, just standardize no. And this discussion is about creating
> a working group to create a standard.
>
> Specifically, long experience has shown in W3C that "if we standardize
> it, they will come as needed" is a generally false assertion.
>
> More TR RECs (https://www.w3.org/TR/) than not have failed to gain any
> serious broad traction (web browsers and servers implement a small
> subset of W3C RECs, not to mention IETF RFCs). The number of obsolete,
> abandoned, etc. W3C RECs and IETF RFCs greatly outnumbers those in
> modern use. I don't have exact numbers, merely from personal analysis.
>
>
> <aside>
>
> The AB *is* working on a process for explicitly obsoleting abandoned
> RECs to start cleaning this up, in the hopes that eventually the RECs
> remaining are the ones that have actually be widely implemented,
> deployed, and are in use.
>
> We've started with a few examples to help us drive the necessary
> process changes:
> * https://www.w3.org/wiki/AB/2016_Priorities#Specifications_to_obsolete
>
> </aside>
>
>
> > who watches the watchers is the age-old question.
>
> who asks the claimers for citations for their claims?
>
> I'm going to keep asking for citations for claims until I see a
> cultural shift towards people who want Verified Claims as a technology
> providing URLs to substantiate their claims.
>
> I think everyone should adopt more of a [citation needed] practice,
> especially in this community.
>
> Tantek
>
>
> > -----Original Message-----
> > From: singer@apple.com [mailto:singer@apple.com]
> > Sent: Tuesday, December 6, 2016 4:34 PM
> > To: David Ezell <David_E3@VERIFONE.com>
> > Cc: Michael Champion <Michael.Champion@microsoft.com>; Gray Taylor <
> gtaylor@conexxus.org>; Manu Sporny <msporny@digitalbazaar.com>; Nate Otto
> <nate@badgealliance.org>; Stone, Matthew K <matt.stone@pearson.com>;
> Chris Wilson <cwilso@google.com>; Tantek Çelik <tantek@cs.stanford.edu>;
> Mark Nottingham <mnotting@akamai.com>; w3c-ac-forum@w3.org;
> public-webpayments-comments@w3.org; Richard Varn <rvarn@ets.org>;
> Drummond Reed <drummond@respectnetwork.com>; Nathan George <
> nathan.george@evernym.com>; Kerri Lemoie <kerri@openworksgrp.com>; David
> Chadwick <d.w.chadwick@kent.ac.uk>; Eric Korb <Eric.Korb@accreditrust.com>;
> Christopher Allen <ChristopherA@blockstream.com>; Phil Archer <
> phila@w3.org>; Linda Toth <ltoth@conexxus.org>; Jay Johnson <jay@qples.com>;
> Bob Burke <bburke@kou.pn>
> > Subject: Re: Voluntary (and non-) Standards (was: Support for Verifiable
> Claims)
> >
> >
> >> On Dec 6, 2016, at 14:15 , David Ezell <David_E3@VERIFONE.com> wrote:
> >>
> >> To the first point, I’m not sure what you mean by non-voluntary
> standards organizations:  ... I’m not sure this non-voluntary distinction
> is worth fretting about.
> >
> > Some standards organizations (notably ITU) are the result of treaties,
> and some (including ITU) produce standards that can later have the force of
> law behind them.   “X’s sold or made available in country Y must comply
> with standard Z.”
> >
> > As you say, it’s not strongly relevant, except that in this field, some
> of the use cases for verifiable claims also intersect with legal
> requirements (e.g. being required to check the age of someone before
> selling them certain products). We easily back into the ‘quis custodiet
> custodies?’ problem if we’re not careful (who watches the watchers?) and
> wonder “who is recognized legally as being able to prove the age of a
> customer?”.
> >
> >
> > David Singer
> > Manager, Software Standards, Apple Inc.
> >
>
>


-- 
John Foliot
Principal Accessibility Strategist
Deque Systems Inc.
john.foliot@deque.com

Advancing the mission of digital accessibility and inclusion

Received on Thursday, 8 December 2016 21:54:12 UTC