Re: 48-Hour Call for Consensus (CfC): Publish CAPTCHA Wide Review Draft

Hi Janina,

+1 on support.

My comments follow inline.

> I think the heading titled, '3. Stand Alone Approaches' could be clearer.
> If the intent is to list different CAPTCHA types, then that could be
> conveyed in the heading.
>
Do you have a specific suggestion here?

***Something along the lines of: *
*"3. CAPTCHA Verification, Implications and other Analogous Techniques."*

**********
I think saying 'Stand Alone...' could be construed to mean verification
techniques that are not integrated with the application.


Among the implicit points is the possibility to identify a human
individual, without identifying which specific human individual. We're
suggesting biometrics could do this, though that's not how they're used
today to the best of our knowledge.

Is that what you're suggesting needs more elaboration?

***Yes, and, if possible, list the type of traits to help **AT users
leverage biometrics depending on their disabilities**. My understanding is
that biometrics verification can be broad ranging from DNA to face
recognition and everything in between. *

Indeed, such dual-factor strategies are common for user authentication.
But, as we discuss in several ways, our purpose is the identification of
a human user without identifying the specific human user. I'm not sure
how one would do that with SMS and/or phone calls.

***I was looking at a specific use case where a primary phone number is
used for identification. Refer -https://secure.ssa.gov/RIR/CaviView.action
<https://secure.ssa.gov/RIR/CaviView.action>*


thanks!

On Fri, Feb 1, 2019 at 12:31 PM Janina Sajka <janina@rednote.net> wrote:

> Hi, Devarshi:
>
> While you did not indicate either support or opposition to the proposed
> publication, I do thank you for your comments. I'm responding inline below
> and copying this email to the main APA list and to the RQTF list where this
> updated CAPTCHA note was developed.
>
> Devarshi Pant writes:
> > my 2 cents:
> >
> > I think the heading titled, '3. Stand Alone Approaches' could be clearer.
> > If the intent is to list different CAPTCHA types, then that could be
> > conveyed in the heading.
> >
> Do you have a specific suggestion here?
>
> > Also, the section '3.3 Biometrics' seems more like an alternative than a
> > CAPTCHA type.
> >
> Indeed. However please note the second paragraph of the introduction:
>
> "Since our concern here is the accessibility of systems that seek to
> distinguish human users from their robotic impersonators, the term
> "CAPTCHA" is used in this document generically to refer to all
> approaches which are specifically designed to differentiate a human from
> a computer. We also include fully noninteractive approaches in our
> categorization."
>
> Also, the discussion of biometrics includes this statement:
>
> Where biometrics are used as an alternative to CAPTCHA, systems should
> be designed to allow users to choose among multiple and unrelated
> biometric identifiers. It should also be noted that biometrics can
> reliably and uniquely identify individuals making these identifiers
> highly attractive as login authentication mechanisms.  This alternative
> is unsuitable, however, for applications in which it is necessary to
> preserve the user's anonymity (i.e., the application is required to
> verify solely that the user is human, without obtaining identifying
> information)."
>
> Among the implicit points is the possibility to identify a human
> individual, without identifying which specific human individual. We're
> suggesting biometrics could do this, though that's not how they're used
> today to the best of our knowledge.
>
> Is that what you're suggesting needs more elaboration?
>
> > Perhaps there could be another list for CAPTCHA alternatives, for
> example:
> > access verification through SMS or an incoming call (automated service
> > provides a PIN).
> >
> Indeed, such dual-factor strategies are common for user authentication.
> But, as we discuss in several ways, our purpose is the identification of
> a human user without identifying the specific human user. I'm not sure
> how one would do that with SMS and/or phone calls.
>
> Best,
>
> Janina
>
> > Thanks,
> > Devarshi
> >
> >
> > On Thu, Jan 24, 2019 at 8:05 PM Janina Sajka <janina@rednote.net> wrote:
> >
> > > Colleagues:
> > >
> > > This is a Call for Consensus (CfC) to the Accessible Platform
> > > Architectures (APA) Working Group seeking consensus to publish the
> > > "Inaccessibility of CAPTCHA" document for wide review.
> > >
> > > The draft to review for this CfC is here:
> > >
> > >
> > >
> https://raw.githack.com/w3c/apa/f257fe3930a483f3205b128211c1cb122c2180ca/captcha/index.html
> > >
> > > This draft has undergone extensive revision since our FPWD last year in
> > > response to comments received, and in response to additional analysis.
> > >
> > > Please note that no substantive nor editorial changes
> > > will be applied during the CfC to the above URI.
> > >
> > > *       ACTION TO TAKE
> > >
> > > This CfC is now open for objection, comment, as well as statements of
> > > support via email. Silence will be interpreted as support, though
> > > messages of support are certainly welcome.
> > >
> > > We particularly welcome questions and suggested edits, though this
> could
> > > delay publication. It's important we get this draft right.
> > >
> > > If you object to this proposed action, or have comments concerning this
> > > proposal, please respond by replying on list to this message no later
> > > than 23:59 (Midnight) Boston Time, Sunday 3 February.
> > >
> > > NOTE: This Call for Consensus is being conducted in accordance with the
> > > APA Decision Policy published at:
> > >
> > > http://www.w3.org/WAI/APA/decision-policy
> > >
> > > Thanks to our Research Questions Task Force (RQTF) for their extensive
> > > work on this revision draft.
> > >
> > > Janina
> > >
> > >
> > >
> > >
> ------------------------------------------------------------------------------
> > >
> > > Janina Sajka
> > >
> > > Linux Foundation Fellow
> > > Executive Chair, Accessibility Workgroup:       http://a11y.org
> > >
> > > The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
> > > Chair, Accessible Platform Architectures
> http://www.w3.org/wai/apa
> > >
> > >
> > >
>
> --
>
> Janina Sajka
>
> Linux Foundation Fellow
> Executive Chair, Accessibility Workgroup:       http://a11y.org
>
> The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
> Chair, Accessible Platform Architectures        http://www.w3.org/wai/apa
>
>

Received on Friday, 1 February 2019 21:25:29 UTC