Re: apa-ACTION-2270: Review webauthn 2 https://www.w3.org/tr/webauthn-2/

I reviewed proposed changes
<https://services.w3.org/htmldiff?doc1=https%3A%2F%2Fwww.w3.org%2FTR%2Fwebauthn%2F&doc2=https%3A%2F%2Fwww.w3.org%2FTR%2Fwebauthn-2%2F>
to
Web Authentication: An API for accessing Public Key Credentials Level 2
<https://www.w3.org/TR/webauthn-2/> for Accessible Platform Architectures
(APA) Working Group task 2270
<https://www.w3.org/WAI/APA/track/actions/2270>.

I have concerns that could be best summarized in a new section
"Accessibility Considerations" which could follow "Security Considerations"
or "Privacy Considerations" in document order. References to timing
considerations should be updated to reference this new subheading. See
editor's draft https://w3c.github.io/webauthn/. Additionally, based on the
accessibility topics below, notes could be added to the appropriate
sections (e.g., registration).

Proposed topics for "Accessibility Considerations":
1. Public key credentials must not be restricted to biometric data alone.
2. Registration should provide affordances for users to complete
authorization gestures correctly. This could involve naming the
authenticator, choosing a picture to associate with the device, or entering
freeform text instructions.
3. Ceremonies that rely on timing must follow WCAG Guideline 2.2 Enough
Time (https://www.w3.org/WAI/WCAG21/Understanding/enough-time).
*--*
*Paul Grenier*
*[image: github] <https://github.com/AutoSponge>**[image: twitter]
<https://twitter.com/AutoSponge>**[image: linkedin]
<http://www.linkedin.com/in/pgrenier>*


On Wed, Dec 2, 2020 at 12:49 PM Accessible Platform Architectures Working
Group Issue Tracker <sysbot+tracker@w3.org> wrote:

> apa-ACTION-2270: Review webauthn 2 https://www.w3.org/tr/webauthn-2/
>
> https://www.w3.org/WAI/APA/track/actions/2270
>
> Assigned to: Paul Grenier
>
>
>
>
>
>
>
>
>