Re: some questions: : working on re-authentication

I'm not following you, Alastair. As long as they stay consistent with 
whatever name they assign the input, if they don't disable the autofill 
property, it should allow the user to save it and reuse it, right?

But in addition to that, are we not wanting to specify that the web author 
does not disallow paste?

Michael Gower
IBM Accessibility
Research

1803 Douglas Street, Victoria, BC  V8T 5C3
gowerm@ca.ibm.com
voice: (250) 220-1146 * cel: (250) 661-0098 *  fax: (250) 220-8034



From:   Alastair Campbell <acampbell@nomensa.com>
To:     "lisa.seeman" <lisa.seeman@zoho.com>, Michael Gower 
<michael.gower@ca.ibm.com>
Cc:     John Foliot <john.foliot@deque.com>, WCAG <w3c-wai-gl@w3.org>
Date:   2017-12-21 07:42 AM
Subject:        Re: some questions: : working on re-authentication



Can we include it as “site specific ID” or something similar?
 
That could be a credit-card number for a bank, or another ID code.
 
That is trickier to include from an autofill point of view though, there 
is not much a site can do to support autofill unless there is a standard 
attribute for it.
 
The right place to fix that is in “Contextual Information” though, this 
one needs to be focused on not requiring certain user-actions.
 
Regarding PINs, that’s a sort of password, perhaps if a site uses an ID 
number and PIN (like my bank does as 1st factor) they could be marked as 
username/password with autofill metadata?
 
We could add a note to that effect?
 
-Alastair
 
 
From: "lisa.seeman" 
 
I will add identification number back in
However this does mean that it  would be better to support automatic entry 
rather then "not block it"
 
Can you explain the problem again with asking people to support automatic 
entry for the exception.
 
All the best

Lisa Seeman

LinkedIn, Twitter

 

---- On Thu, 21 Dec 2017 16:36:44 +0200 Michael Gower<
michael.gower@ca.ibm.com> wrote ---- 
I think you have to have "identification number" in there somewhere. There 
are a ton of processes in every enterprise I've worked in, as well as 
government, that require me to enter an employee ID or SIN as my primary 
identifier. Most banks use a bank card number as a determinant in a 
2-factor process.

Michael Gower
IBM Accessibility
Research

1803 Douglas Street, Victoria, BC  V8T 5C3
gowerm@ca.ibm.com
voice: (250) 220-1146 * cel: (250) 661-0098 *  fax: (250) 220-8034



From:        Alastair Campbell <acampbell@nomensa.com>
To:        "lisa.seeman" <lisa.seeman@zoho.com>
Cc:        WCAG <w3c-wai-gl@w3.org>, John Foliot <john.foliot@deque.com>
Date:        2017-12-21 04:18 AM
Subject:        Re: some questions: : working on re-authentication

 
Hi Lisa,
 
(John – question for you below.)
 
For this:
- authentication process can rely on the user or user-agent entering 
personal identification information such as name, username, password, and 
email address if the web content consistently supports automatic entry.
 
> Automatic entry of user information can not work because autocomplete 
and the name is not set . It is not quite blocking the user agent rather 
they are not supported. 
 
 
If the username/password (or other) inputs pass 1.3.1. (info & 
relationships) and 4.1.2 (role/name/value) then user-agents currently 
support automatic entry unless the site actively blocks it. 
 
Also, there would also be overlap with the new SC that requires the 
autofill attributes, which I think includes username and current-password? 
(JF– have they been kept in the list?)
Therefore, I would like to revert that change to avoid overlap with other 
SCs.
 
 
> Also if transcribe follows the dictionary definition we can just clarify 
what we mean in the understanding section. Is that Ok?
 
I think that would be best.
 
Cheers,
 
-Alastair