Re: apa-ACTION-2270: Review webauthn 2 https://www.w3.org/tr/webauthn-2/ from Paul Grenier on 2020-12-10 (public-apa@w3.org from December 2020)

From: Paul Grenier <pgrenier@gmail.com>
Date: Thu, 10 Dec 2020 13:58:05 -0500
To: Accessible Platform Architectures Working Group <public-apa@w3.org>
Message-ID: <CAMq9vGZ2Lecax+nu9-DQj+Lqn+9sTXZnso0JCvhFAbT_3xM4KQ@mail.gmail.com>

I have concerns that could be best summarized in a new section
"Accessibility Considerations" which could follow "Security Considerations"
or "Privacy Considerations" in document order. References to timing
considerations should be updated to reference this new subheading. See
editor's draft https://w3c.github.io/webauthn/. Additionally, based on the
accessibility topics below, notes could be added to the appropriate
sections (e.g., registration).

Proposed topics for "Accessibility Considerations":
1. Public key credentials must not be restricted to biometric data alone.
2. Registration should provide affordances for users to complete
authorization gestures correctly. This could involve naming the
authenticator, choosing a picture to associate with the device, or entering
freeform text instructions.
3. Ceremonies that rely on timing must follow WCAG Guideline 2.2 Enough
Time (https://www.w3.org/WAI/WCAG21/Understanding/enough-time).

*--*
*Paul Grenier*

On Wed, Dec 2, 2020 at 12:49 PM Accessible Platform Architectures Working
Group Issue Tracker <sysbot+tracker@w3.org> wrote:

> apa-ACTION-2270: Review webauthn 2 https://www.w3.org/tr/webauthn-2/
>
> https://www.w3.org/WAI/APA/track/actions/2270
>
> Assigned to: Paul Grenier
>
>
>
>
>
>
>
>
>

Received on Thursday, 10 December 2020 18:58:31 UTC