Re: some questions: : working on re-authentication from Alastair Campbell on 2017-12-24 (w3c-wai-gl@w3.org from October to December 2017)

From: Alastair Campbell <acampbell@nomensa.com>
Date: Sun, 24 Dec 2017 08:06:31 +0000
To: Gregg Vanderheiden GPII <gregg@raisingthefloor.org>, lisa.seeman <lisa.seeman@zoho.com>
CC: Michael Gower <michael.gower@ca.ibm.com>, John Foliot <john.foliot@deque.com>, "w3c-waI-gl@w3. org" <w3c-wai-gl@w3.org>
Message-ID: <DB6PR0901MB091967A3702BB87AFF7304FCB9000@DB6PR0901MB0919.eurprd09.prod.outlook.>

> as worded - the logic is circular.

I don’t understand why you think that?

> the "if not block” should be a technique not a requirement or exception.

Some sites intentionally block user-agents from filing in form fields, how would you phrase it? As far as I can tell, we have to provide a short list of things that we except from the no-recal/transcribe requirement in order to both help users, and make it feasiable.


  *   have to give personal (very personal) info to every tom dick and harry website

You know you can use username/passsword? How is that different from every site now? There is a short list of items we can rely on people entering (bypassing the no-recall/transcribe requirement). Those should not be the only method, they are part of alternative methods.


  *   you need to use biometrics  — and the author of a webpage cannot know if biometrics are available on the other end ( and in fact they are NOT available on the other end much of the time)

You don’t have to use biometrics, but if a site setup that facility, it would know it was available. It would work on a per-account basis, so as long as the user can enter their username (or equivalent) identifying information, the site can provide the 2nd factor they have setup.

-Alastair

Received on Sunday, 24 December 2017 08:07:03 UTC