W3C home > Mailing lists > Public > public-apa-admin@w3.org > January 2021

RE: Call for Consensus (CFC): Updated Comments on review of a Web Authentication Specification

From: White, Jason J <jjwhite@ets.org>
Date: Thu, 28 Jan 2021 17:36:38 +0000
To: Janina Sajka <janina@rednote.net>
CC: Becky Gibson <becky@knowbility.org>, Accessible Platform Architectures Administration <public-apa-admin@w3.org>
Message-ID: <MN2PR07MB7181D15DAB573304D724424FABBA9@MN2PR07MB7181.namprd07.prod.outlook.com>
I just checked the CAPTCHA Note, and we do in fact cite both of them. The remaining question, then, is whether it would be better to cite those sources directly in the comment so that readers don't have to go via the CAPTCHA Note to discover the regulatory/policy implications of the issue - or, at least, we could allude to those implications.
To be clear, I am not necessarily arguing for a change to the comment text here and I can live with it as is.

-----Original Message-----
From: Janina Sajka <janina@rednote.net>
Sent: Thursday, 28 January 2021 11:55
To: White, Jason J <jjwhite@ets.org>
Cc: Becky Gibson <becky@knowbility.org>; Accessible Platform Architectures Administration <public-apa-admin@w3.org>
Subject: Re: Call for Consensus (CFC): Updated Comments on review of a Web Authentication Specification

Thanks, Jason. Gong strictly by memory at the moment ... I believe we reference both U.S. and E.U. regulations to this effect in our CAPTCHA
2019 W3C Note.

Best,

Janina

White, Jason J writes:
> I have not read the specification, but I think the following observation is independent of it.
>
> Responding to comment 1 below on biometrics, note EN 301 549, section 5.3 (“Biometrics”).
>
> Note also the U.S. regulations, Appendix C to 36 CFR Part 1194, paragraph 403 (“Biometrics”).
>
> I think these provisions have the same effect, if I’m reading correctly. I can live with the CfC as is, but I wanted to note the additional supporting references.
>
> From: Becky Gibson <becky@knowbility.org>
> Sent: Wednesday, 27 January 2021 15:52
> To: Accessible Platform Architectures Administration
> <public-apa-admin@w3.org>
> Subject: Call for Consensus (CFC): Updated Comments on review of a Web
> Authentication Specification
>
> Colleagues:
>
> This is a Call for Consensus (CfC) to the Accessible Platform Architectures (APA) Working Group testing for agreement on an updated formal comment to Web Authentication: An API for accessing Public Key Credentials Level 2 W3C Candidate Recommendation Snapshot.
> https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FTR%2Fwebauthn-2%2F&amp;data=04%7C01%7Cjjwhite%40ets.org%7Cc22f20caf584495f66e108d8c3ad7c7e%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C637474497182809806%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=1fmUiRfjo%2FpHwSz%2Fr5O%2BiiFEuS1a9tEcDaVQE4bRWBA%3D&amp;reserved=0<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FTR%2Fwebauthn-2%2F&amp;data=04%7C01%7Cjjwhite%40ets.org%7Cc22f20caf584495f66e108d8c3ad7c7e%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C637474497182809806%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=1fmUiRfjo%2FpHwSz%2Fr5O%2BiiFEuS1a9tEcDaVQE4bRWBA%3D&amp;reserved=0>.
>
> The document was authored by The Web Authentication Working Group (https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FWebauthn%2F&amp;data=04%7C01%7Cjjwhite%40ets.org%7Cc22f20caf584495f66e108d8c3ad7c7e%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C637474497182809806%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=B8nI%2BcLmy1WE%2F%2B4w1MqT15zeW8whBVz8SPEP3P%2BVZCE%3D&amp;reserved=0<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FWebauthn%2F&amp;data=04%7C01%7Cjjwhite%40ets.org%7Cc22f20caf584495f66e108d8c3ad7c7e%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C637474497182809806%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=B8nI%2BcLmy1WE%2F%2B4w1MqT15zeW8whBVz8SPEP3P%2BVZCE%3D&amp;reserved=0>). An accessibility review was requested of the APA as part of our role in performing horizontal review of W3C documents for accessibility concerns.
>
> It was reviewed by APA member Paul Grenier who proposed the following comment (https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.w3.org%2FArchives%2FPublic%2Fpublic-apa%2F2020Dec%2F0021.html&amp;data=04%7C01%7Cjjwhite%40ets.org%7Cc22f20caf584495f66e108d8c3ad7c7e%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C637474497182809806%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=lAOgqIdRulXr6oRJt%2FgrhJVQh8qK1GH%2F8BSeVAxUZvY%3D&amp;reserved=0<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.w3.org%2FArchives%2FPublic%2Fpublic-apa%2F2020Dec%2F0021.html&amp;data=04%7C01%7Cjjwhite%40ets.org%7Cc22f20caf584495f66e108d8c3ad7c7e%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C637474497182809806%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=lAOgqIdRulXr6oRJt%2FgrhJVQh8qK1GH%2F8BSeVAxUZvY%3D&amp;reserved=0>):
> I have concerns that could be best summarized in a new section "Accessibility Considerations" which could follow "Security Considerations" or "Privacy Considerations" in document order. References to timing considerations should be updated to reference this new subheading. See editor's draft https:/w3c.github.io/webauthn/<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fw3c.github.io%2Fwebauthn%2F&amp;data=04%7C01%7Cjjwhite%40ets.org%7Cc22f20caf584495f66e108d8c3ad7c7e%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C637474497182809806%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=YLThRGUydFdnvUPaQd6GDKG2vwSrEVbarqJLovqBMSI%3D&amp;reserved=0>. Additionally, based on theaccessibility topics below, notes could be added to the appropriate sections (e.g., registration).
>
> Proposed topics for "Accessibility Considerations":
> 1. Public key credentials should avoid using a single biometric factor. We would also like to call your attention to the W3C Note, Inaccessibility of CAPTCHA, Alternatives to Visual Turing Tests on the Web (https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FTR%2Fturingtest%2F&amp;data=04%7C01%7Cjjwhite%40ets.org%7Cc22f20caf584495f66e108d8c3ad7c7e%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C637474497182819843%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=DoH6mw06aiK26twWmuXnG0n9a%2BFdfKArwPHKvyExRRA%3D&amp;reserved=0<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FTR%2Fturingtest%2F&amp;data=04%7C01%7Cjjwhite%40ets.org%7Cc22f20caf584495f66e108d8c3ad7c7e%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C637474497182819843%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=DoH6mw06aiK26twWmuXnG0n9a%2BFdfKArwPHKvyExRRA%3D&amp;reserved=0>).
> 2. Registration should provide affordances for users to complete authorization gestures correctly. This could involve naming the authenticator, choosing a picture to associate with the device, or entering freeform text instructions.
> 3. Ceremonies that rely on timing must follow WCAG Guideline 2.2 Enough Time (https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FWAI%2FWCAG21%2FUnderstanding%2Fenough-time&amp;data=04%7C01%7Cjjwhite%40ets.org%7Cc22f20caf584495f66e108d8c3ad7c7e%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C637474497182819843%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=6d73UQDNmhB%2BQx3X%2FxGto%2B%2FKviS4WEG21mq7hC%2BcCbg%3D&amp;reserved=0<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FWAI%2FWCAG21%2FUnderstanding%2Fenough-time&amp;data=04%7C01%7Cjjwhite%40ets.org%7Cc22f20caf584495f66e108d8c3ad7c7e%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C637474497182819843%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=6d73UQDNmhB%2BQx3X%2FxGto%2B%2FKviS4WEG21mq7hC%2BcCbg%3D&amp;reserved=0>).
>
>
> ***Action to Take***
>
> This CfC is now open for objection, comment, as well as statements of support via email. Silence will be interpreted as support, though messages of support are certainly welcome.
>
> If you object to this proposed action, or have comments concerning this proposal, please respond by replying on list to this message no later than Monday February 1, 2021 23:59 (Midnight) Boston Time.
>
> NOTE: This Call for Consensus is being conducted in accordance with the APA Decision Policy published at:
> https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w

> 3.org%2FWAI%2FAPA%2Fdecision-policy&amp;data=04%7C01%7Cjjwhite%40ets.o
> rg%7Cc22f20caf584495f66e108d8c3ad7c7e%7C0ba6e9b760b34fae92f37e6ddd9e9b
> 65%7C0%7C0%7C637474497182819843%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLj
> AwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=
> IyJHtbfB2Wgu5oVea5xBUxQJ633YpnpFub%2FY%2FDBDzUA%3D&amp;reserved=0<http
> s://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.or
> g%2FWAI%2FAPA%2Fdecision-policy&amp;data=04%7C01%7Cjjwhite%40ets.org%7
> Cc22f20caf584495f66e108d8c3ad7c7e%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7
> C0%7C0%7C637474497182819843%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMD
> AiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=IyJH
> tbfB2Wgu5oVea5xBUxQJ633YpnpFub%2FY%2FDBDzUA%3D&amp;reserved=0>
>
> Becky & Janina
> co-chairs APA Working Group
>
> Becky Gibson | Sr. Accessibility Strategist
> Knowbility.org<https://nam01.safelinks.protection.outlook.com/?url=htt

> p%3A%2F%2Fknowbility.org%2F&amp;data=04%7C01%7Cjjwhite%40ets.org%7Cc22
> f20caf584495f66e108d8c3ad7c7e%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7
> C0%7C637474497182819843%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLC
> JQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=jpu8ddOk
> awKWX7W2Hc5WNKv9IYMFJzCaop6um4yqM8U%3D&amp;reserved=0>
> becky@knowbility.org<mailto:becky@knowbility.org>
> Pronouns: she/her/hers
>
> Janina Sajka
> https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flink

> edin.com%2Fin%2Fjsajka&amp;data=04%7C01%7Cjjwhite%40ets.org%7Cc22f20ca
> f584495f66e108d8c3ad7c7e%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C
> 637474497182819843%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjo
> iV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=Mm78Z3rXWblF9
> 6wyhcT7vjAm9NqWNYClC8kJTOTrEWY%3D&amp;reserved=0<https://nam01.safelin

> ks.protection.outlook.com/?url=https%3A%2F%2Flinkedin.com%2Fin%2Fjsajk
> a&amp;data=04%7C01%7Cjjwhite%40ets.org%7Cc22f20caf584495f66e108d8c3ad7
> c7e%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C637474497182819843%7C
> Unknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1h
> aWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=Mm78Z3rXWblF96wyhcT7vjAm9NqWNYClC8
> kJTOTrEWY%3D&amp;reserved=0>
>
> Linux Foundation Fellow
> Executive Chair, Accessibility Workgroup:    https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fa11y.org%2F&amp;data=04%7C01%7Cjjwhite%40ets.org%7Cc22f20caf584495f66e108d8c3ad7c7e%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C637474497182819843%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=fJ6x4gwYqt%2FPpvxGoGZR509FQjjnow8MGOsvYvS%2B72o%3D&amp;reserved=0<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fa11y.org%2F&amp;data=04%7C01%7Cjjwhite%40ets.org%7Cc22f20caf584495f66e108d8c3ad7c7e%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C637474497182819843%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=fJ6x4gwYqt%2FPpvxGoGZR509FQjjnow8MGOsvYvS%2B72o%3D&amp;reserved=0>
>
> The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
> Co-Chair, Accessible Platform Architectures    https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org%2Fwai%2Fapa&amp;data=04%7C01%7Cjjwhite%40ets.org%7Cc22f20caf584495f66e108d8c3ad7c7e%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C637474497182829720%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=ZCfVUjWhjiAvvgbFSqMTLa%2B52JMBP6YhQAERkCRihbk%3D&amp;reserved=0<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org%2Fwai%2Fapa&amp;data=04%7C01%7Cjjwhite%40ets.org%7Cc22f20caf584495f66e108d8c3ad7c7e%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C637474497182829720%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=ZCfVUjWhjiAvvgbFSqMTLa%2B52JMBP6YhQAERkCRihbk%3D&amp;reserved=0>
>
> Becky Gibson | Sr. Accessibility Strategist
> Knowbility.org<https://nam01.safelinks.protection.outlook.com/?url=htt

> p%3A%2F%2Fknowbility.org%2F&amp;data=04%7C01%7Cjjwhite%40ets.org%7Cc22
> f20caf584495f66e108d8c3ad7c7e%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7
> C0%7C637474497182829720%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLC
> JQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=%2FaRZm%
> 2B0y2YeoxulmSv169nv7Uj9GjBVhaawMSqTw%2Bt0%3D&amp;reserved=0>
> becky@knowbility.org<mailto:becky@knowbility.org>
> Pronouns: she/her/hers
>
>
>
>
> ________________________________
>
> This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.
>
>
> Thank you for your compliance.
>
> ________________________________

--

Janina Sajka
https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flinkedin.com%2Fin%2Fjsajka&amp;data=04%7C01%7Cjjwhite%40ets.org%7Cc22f20caf584495f66e108d8c3ad7c7e%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C637474497182829720%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=BIP5B0da0dpEsUgsF%2BlT6AxNs4PSJaFxBx9FDHVyMvc%3D&amp;reserved=0

Linux Foundation Fellow
Executive Chair, Accessibility Workgroup:https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fa11y.org%2F&amp;data=04%7C01%7Cjjwhite%40ets.org%7Cc22f20caf584495f66e108d8c3ad7c7e%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C637474497182829720%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=ztoqY5itLfd9mRhYkqhkO8GYIHESoB5Xu%2BSaalU5Esk%3D&amp;reserved=0

The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
Co-Chair, Accessible Platform Architectureshttps://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org%2Fwai%2Fapa&amp;data=04%7C01%7Cjjwhite%40ets.org%7Cc22f20caf584495f66e108d8c3ad7c7e%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C637474497182829720%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=ZCfVUjWhjiAvvgbFSqMTLa%2B52JMBP6YhQAERkCRihbk%3D&amp;reserved=0


________________________________

This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.


Thank you for your compliance.

________________________________
Received on Thursday, 28 January 2021 17:36:55 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:22:54 UTC