Re: 48-Hour Call for Consensus (CfC): Publish CAPTCHA Wide Review Draft from Janina Sajka on 2019-02-01 (public-apa@w3.org from February 2019)

From: Janina Sajka <janina@rednote.net>
Date: Fri, 1 Feb 2019 12:31:40 -0500
To: Devarshi Pant <devarshipant@gmail.com>
Cc: W3C WAI Accessible Platform Architectures <public-apa@w3.org>, Accessible Platform Architectures Administration <public-apa-admin@w3.org>, public-rqtf@w3.org
Message-ID: <20190201173140.GV1915@rednote.net>
Hi, Devarshi:

While you did not indicate either support or opposition to the proposed
publication, I do thank you for your comments. I'm responding inline below and copying this email to the main APA list and to the RQTF list where this updated CAPTCHA note was developed.

Devarshi Pant writes:
> my 2 cents:
> 
> I think the heading titled, '3. Stand Alone Approaches' could be clearer.
> If the intent is to list different CAPTCHA types, then that could be
> conveyed in the heading.
> 
Do you have a specific suggestion here?

> Also, the section '3.3 Biometrics' seems more like an alternative than a
> CAPTCHA type.
> 
Indeed. However please note the second paragraph of the introduction:

"Since our concern here is the accessibility of systems that seek to
distinguish human users from their robotic impersonators, the term
"CAPTCHA" is used in this document generically to refer to all
approaches which are specifically designed to differentiate a human from
a computer. We also include fully noninteractive approaches in our
categorization."

Also, the discussion of biometrics includes this statement:

Where biometrics are used as an alternative to CAPTCHA, systems should
be designed to allow users to choose among multiple and unrelated
biometric identifiers. It should also be noted that biometrics can
reliably and uniquely identify individuals making these identifiers
highly attractive as login authentication mechanisms.  This alternative
is unsuitable, however, for applications in which it is necessary to
preserve the user's anonymity (i.e., the application is required to
verify solely that the user is human, without obtaining identifying
information)."

Among the implicit points is the possibility to identify a human
individual, without identifying which specific human individual. We're
suggesting biometrics could do this, though that's not how they're used
today to the best of our knowledge.

Is that what you're suggesting needs more elaboration?

> Perhaps there could be another list for CAPTCHA alternatives, for example:
> access verification through SMS or an incoming call (automated service
> provides a PIN).
> 
Indeed, such dual-factor strategies are common for user authentication.
But, as we discuss in several ways, our purpose is the identification of
a human user without identifying the specific human user. I'm not sure
how one would do that with SMS and/or phone calls.

Best,

Janina

> Thanks,
> Devarshi
> 
> 
> On Thu, Jan 24, 2019 at 8:05 PM Janina Sajka <janina@rednote.net> wrote:
> 
> > Colleagues:
> >
> > This is a Call for Consensus (CfC) to the Accessible Platform
> > Architectures (APA) Working Group seeking consensus to publish the
> > "Inaccessibility of CAPTCHA" document for wide review.
> >
> > The draft to review for this CfC is here:
> >
> >
> > https://raw.githack.com/w3c/apa/f257fe3930a483f3205b128211c1cb122c2180ca/captcha/index.html
> >
> > This draft has undergone extensive revision since our FPWD last year in
> > response to comments received, and in response to additional analysis.
> >
> > Please note that no substantive nor editorial changes
> > will be applied during the CfC to the above URI.
> >
> > *       ACTION TO TAKE
> >
> > This CfC is now open for objection, comment, as well as statements of
> > support via email. Silence will be interpreted as support, though
> > messages of support are certainly welcome.
> >
> > We particularly welcome questions and suggested edits, though this could
> > delay publication. It's important we get this draft right.
> >
> > If you object to this proposed action, or have comments concerning this
> > proposal, please respond by replying on list to this message no later
> > than 23:59 (Midnight) Boston Time, Sunday 3 February.
> >
> > NOTE: This Call for Consensus is being conducted in accordance with the
> > APA Decision Policy published at:
> >
> > http://www.w3.org/WAI/APA/decision-policy
> >
> > Thanks to our Research Questions Task Force (RQTF) for their extensive
> > work on this revision draft.
> >
> > Janina
> >
> >
> >
> > ------------------------------------------------------------------------------
> >
> > Janina Sajka
> >
> > Linux Foundation Fellow
> > Executive Chair, Accessibility Workgroup:       http://a11y.org
> >
> > The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
> > Chair, Accessible Platform Architectures        http://www.w3.org/wai/apa
> >
> >
> >

-- 

Janina Sajka

Linux Foundation Fellow
Executive Chair, Accessibility Workgroup:	http://a11y.org

The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
Chair, Accessible Platform Architectures	http://www.w3.org/wai/apa
Received on Friday, 1 February 2019 17:32:07 UTC