RE: Call for Consensus (CFC): Updated Comments on review of a Web Authentication Specification

I have not read the specification, but I think the following observation is independent of it.

Responding to comment 1 below on biometrics, note EN 301 549, section 5.3 (“Biometrics”).

Note also the U.S. regulations, Appendix C to 36 CFR Part 1194, paragraph 403 (“Biometrics”).

I think these provisions have the same effect, if I’m reading correctly. I can live with the CfC as is, but I wanted to note the additional supporting references.

From: Becky Gibson <>
Sent: Wednesday, 27 January 2021 15:52
To: Accessible Platform Architectures Administration <>
Subject: Call for Consensus (CFC): Updated Comments on review of a Web Authentication Specification


This is a Call for Consensus (CfC) to the Accessible Platform Architectures (APA) Working Group testing for agreement on an updated formal comment to Web Authentication: An API for accessing Public Key Credentials Level 2 W3C Candidate Recommendation Snapshot.<>.

The document was authored by The Web Authentication Working Group (<>). An accessibility review was requested of the APA as part of our role in performing horizontal review of W3C documents for accessibility concerns.

It was reviewed by APA member Paul Grenier who proposed the following comment (<>):
I have concerns that could be best summarized in a new section "Accessibility Considerations" which could follow "Security Considerations" or "Privacy Considerations" in document order. References to timing considerations should be updated to reference this new subheading. See editor's draft https:/<>. Additionally, based on theaccessibility topics below, notes could be added to the appropriate sections (e.g., registration).

Proposed topics for "Accessibility Considerations":
1. Public key credentials should avoid using a single biometric factor. We would also like to call your attention to the W3C Note, Inaccessibility of CAPTCHA, Alternatives to Visual Turing Tests on the Web (<>).
2. Registration should provide affordances for users to complete authorization gestures correctly. This could involve naming the authenticator, choosing a picture to associate with the device, or entering freeform text instructions.
3. Ceremonies that rely on timing must follow WCAG Guideline 2.2 Enough Time (<>).

***Action to Take***

This CfC is now open for objection, comment, as well as statements of support via email. Silence will be interpreted as support, though messages of support are certainly welcome.

If you object to this proposed action, or have comments concerning this proposal, please respond by replying on list to this message no later than Monday February 1, 2021 23:59 (Midnight) Boston Time.

NOTE: This Call for Consensus is being conducted in accordance with the APA Decision Policy published at:<>

Becky & Janina
co-chairs APA Working Group

Becky Gibson | Sr. Accessibility Strategist<><>
Pronouns: she/her/hers

Janina Sajka<>

Linux Foundation Fellow
Executive Chair, Accessibility Workgroup:<>

The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
Co-Chair, Accessible Platform Architectures<>

Becky Gibson | Sr. Accessibility Strategist<><>
Pronouns: she/her/hers


This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.

Thank you for your compliance.


Received on Wednesday, 27 January 2021 21:16:41 UTC