Re: Web Authentication evaluation from Janina Sajka on 2017-11-09 (public-apa@w3.org from November 2017)

From: Janina Sajka <janina@rednote.net>
Date: Wed, 8 Nov 2017 19:07:48 -0500
To: "Rochford, John" <john.rochford@umassmed.edu>
Cc: "lisa.seeman" <lisa.seeman@zoho.com>, public-cognitive-a11y-tf <public-cognitive-a11y-tf@w3.org>, public-rqtf@w3.org, W3C WAI Accessible Platform Architectures <public-apa@w3.org>
Message-ID: <20171109000748.GA23594@rednote.net>

Thanks, John.

I'm replying boh to thank you for the review from a COGA perspective,
but also to get your review into the RQTF and APA archives.

I am still working with Authentication WG to arrange a time for joint
conversation. I'll keep you informed.

Janina

Rochford, John writes:
> Hi Lisa and All,
> 
> As Lisa requested, I reviewed the Web Authentication working draft<https://www.w3.org/TR/webauthn/>. I assessed what impact our Accessible Authentication SC<https://github.com/w3c/wcag21/issues/23> might have on it. (I saw nothing in the working draft that I thought would have an impact on our SC.)
> 
> 3. Terminology<https://www.w3.org/TR/webauthn/#terminology> contains the following definition of user consent.
> "User consent means the user agrees with what they are being asked, i.e., it encompasses reading and understanding prompts."
> 
> I think something fundamental is missing: following prompts. The bulleted list in our SC defines abilities people with cognitive disabilities may lack, and that are needed to follow such prompts.
> 
> Throughout the Web Authentication working draft<https://www.w3.org/TR/webauthn/>, there are multiple references to submitting passwords and PINs, to which our SC definitely applies.
> 
> Also, there are references to fixed periods in which user interaction is required. (See example below.) There is no discussion of enabling users to extend such periods.
> 
> 4.1.5. Platform Authenticator Availability <https://www.w3.org/TR/webauthn/#isPlatformAuthenticatorAvailable>
> "A timeout value on the order of 10 minutes is recommended; this is enough time for successful user interactions to be performed but short enough that the dangling promise will still be resolved in a reasonably timely fashion."
> 
> John
> 
> John Rochford<http://bit.ly/profile-rj>
> UMass Medical School/E.K. Shriver Center
> Director, INDEX Program
> Instructor, Family Medicine & Community Health
> www.DisabilityInfo.org
> Twitter: @ClearHelper<https://twitter.com/clearhelper>
> 
> Confidentiality Notice:
> This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential, proprietary, and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender immediately and destroy or permanently delete all copies of the original message.
> 

-- 

Janina Sajka,	Phone:	+1.443.300.2200
			sip:janina@asterisk.rednote.net
		Email:	janina@rednote.net

Linux Foundation Fellow
Executive Chair, Accessibility Workgroup:	http://a11y.org

The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
Chair, Accessible Platform Architectures	http://www.w3.org/wai/apa

Received on Thursday, 9 November 2017 00:08:14 UTC