Re: Can you confirm if you want the sensitive data exception for timeouts from Andrew Kirkpatrick on 2017-05-08 (w3c-wai-gl@w3.org from April to June 2017)

From: Andrew Kirkpatrick <akirkpat@adobe.com>
Date: Mon, 8 May 2017 18:08:25 +0000
To: Greg Lowney <gcl-0039@access-research.org>, Gregg C Vanderheiden <greggvan@umd.edu>
CC: lisa.seeman <lisa.seeman@zoho.com>, "w3c-waI-gl@w3. org" <w3c-wai-gl@w3.org>
Message-ID: <BC4BDB22-E086-438B-A89A-6C8BDD643DE8@adobe.com>
Given that it seems like we don’t need an exception, I have a suggested rewording for what we have now - https://github.com/w3c/wcag21/issues/14#issuecomment-299944440


Thanks,
AWK

Andrew Kirkpatrick
Group Product Manager, Accessibility
Adobe

akirkpat@adobe.com
http://twitter.com/awkawk


From: Greg Lowney <gcl-0039@access-research.org<mailto:gcl-0039@access-research.org>>
Date: Monday, May 8, 2017 at 14:18
To: Gregg Vanderheiden <greggvan@umd.edu<mailto:greggvan@umd.edu>>
Cc: "lisa.seeman@zoho.com<mailto:lisa.seeman@zoho.com>" <lisa.seeman@zoho.com<mailto:lisa.seeman@zoho.com>>, WCAG <w3c-wai-gl@w3.org<mailto:w3c-wai-gl@w3.org>>
Subject: Re: Can you confirm if you want the sensitive data exception for timeouts
Resent-From: WCAG <w3c-wai-gl@w3.org<mailto:w3c-wai-gl@w3.org>>
Resent-Date: Monday, May 8, 2017 at 13:18

Gregg, that is correct: I was suggesting we not have any exception for sensitive data, but make that explicit in the supporting documents.

(Note, however, that my other two recommendations for wording changes still stand: that we harmonize the "submitted" wording in first and last clauses, and that the first address " length of time or inactivity".)

    Greg

-------- Original Message --------
Subject: Re: Can you confirm if you want the sensitive data exception for timeouts
From: Gregg C Vanderheiden <greggvan@umd.edu><mailto:greggvan@umd.edu>
To: Greg Lowney <gcl-0039@access-research.org><mailto:gcl-0039@access-research.org>
Cc: "lisa.seeman" <lisa.seeman@zoho.com><mailto:lisa.seeman@zoho.com>, "w3c-waI-gl@w3. org"<mailto:w3c-waI-gl@w3.org> <w3c-wai-gl@w3.org><mailto:w3c-wai-gl@w3.org>
Date: 5/7/2017 7:52 PM
Just for clarity…

If you need an exception — it MUST be in the SC.

The UNDERSTANDING document can only explain what the SC says and why it says it.  You cannot add an exception in the understanding doc — or say that you don’t intent it to apply to some cases.      If it isnt an exception then it passes or fails.  There are no other options


I THINK Greg is suggesting that there SHOULD be no exception.  And that is fine.   But then if A or B cannot be done for a site as outlined by Greg — then it will fail.


g

Gregg C Vanderheiden
greggvan@umd.edu<mailto:greggvan@umd.edu>




On May 5, 2017, at 2:25 AM, Greg Lowney <gcl-0039@access-research.org<mailto:gcl-0039@access-research.org>> wrote:

I brought up the case because I felt we should make an explicit decision about it, but my preference is to not include an exception in the SC, and instead to add wording to the Understanding document explaining the rationale as you stated it: if any data cannot be saved, whether to security or other reasons, they need to either warn about the timeout ahead of time or make the timeout period extremely long.

Speaking of which, the Understanding document should also explain why we don't offer the alternative approach of prompting the user at the end of the timeout period with an option to extend.

    Greg

-------- Original Message --------
Subject: Can you confirm if you want the sensitive data exception for timeouts
From: lisa.seeman <lisa.seeman@zoho.com><mailto:lisa.seeman@zoho.com>
To: W3c-Wai-Gl-Request@W3. Org <w3c-wai-gl@w3.org><mailto:w3c-wai-gl@w3.org>
Date: 5/4/2017 7:57 PM
Hi Folks

on yesterdays call people asked to we'll add the sensitive data exception so that we do not  force people to keep sensitive data

However we don't force them to keep the data, it's just that if they don't they need to provide a warning about any timeout period.

People need to know how long they have to fill out the form. I do not think that goes away just becuse the data is sensitive.


Unfortunately the Que was closed and I could not comment, so I am not sure how to proceed here

Do we want  the sensitive data exception?

Also can anyone suggest wording for sensitive data that will not create a huge loophole for everything?

what I have so far is :
sensitive information - information that can put users at risk


issue on github is : https://github.com/w3c/wcag21/issues/14<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fwcag21%2Fissues%2F14&data=02%7C01%7C%7C3a3fb82d64574d8fa24d08d496366440%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636298607740398823&sdata=XINPmIajcTJ1QRTTxsT%2BBdBUVbWLs1roXXEaXnnDH94%3D&reserved=0>

All the best

Lisa Seeman

LinkedIn<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fil.linkedin.com%2Fin%2Flisaseeman%2F&data=02%7C01%7C%7C3a3fb82d64574d8fa24d08d496366440%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636298607740398823&sdata=0z139W2V1BwNpuB5AsUPUg03gz2BOWKaSCngyXMSECI%3D&reserved=0>, Twitter<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2FSeemanLisa&data=02%7C01%7C%7C3a3fb82d64574d8fa24d08d496366440%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636298607740398823&sdata=esPMgjDOsqi%2FxWb2A951%2FiAIExedx9ONbMWQ1ApEyMQ%3D&reserved=0>
Received on Monday, 8 May 2017 18:09:07 UTC