Re: apa-ACTION-2270: Review webauthn 2 https://www.w3.org/tr/webauthn-2/ from Katie Haritos-Shea on 2020-12-18 (public-apa@w3.org from December 2020)

From: Katie Haritos-Shea <ryladog@gmail.com>
Date: Fri, 18 Dec 2020 14:54:21 -0500
To: Paul Grenier <pgrenier@gmail.com>
Cc: Accessible Platform Architectures Working Group <public-apa@w3.org>
Message-ID: <CAEy-OxGo+zvakDbQDinOjeEkG_4mn4h6=j111HyVDvVBV=+OmQ@mail.gmail.com>

Paul,

Good points.

For your first osuggestion, it might be better to identify that not just
that biometrics alone be used, but also at least 2 forms of biometrics be
offered,

** katie **

*Katie Haritos-Shea*
*Principal ICT Accessibility Architect*


*Senior Product Manager/Compliance/Accessibility **SME*
*, **Core Merchant Framework UX, Clover*


*W3C Advisory Committee Member and Representative for Knowbility *


*WCAG/Section 508/ADA/AODA/QA/FinServ/FinTech/Privacy,* *IAAP CPACC+WAS = *
*CPWA* <http://www.accessibilityassociation.org/cpwacertificants>

*Cell: **703-371-5545 <703-371-5545>** |* *ryladog@gmail.com
<ryladog@gmail.com>* *| **Seneca, SC **|* *LinkedIn Profile
<http://www.linkedin.com/in/katieharitosshea/>*

People may forget exactly what it was that you said or did, but they will
never forget how you made them feel.......

Our scars remind us of where we have been........they do not have to
dictate where we are going.






On Fri, Dec 18, 2020 at 1:30 PM Paul Grenier <pgrenier@gmail.com> wrote:

> I reviewed proposed changes
> <https://services.w3.org/htmldiff?doc1=https%3A%2F%2Fwww.w3.org%2FTR%2Fwebauthn%2F&doc2=https%3A%2F%2Fwww.w3.org%2FTR%2Fwebauthn-2%2F> to
> Web Authentication: An API for accessing Public Key Credentials Level 2
> <https://www.w3.org/TR/webauthn-2/> for Accessible Platform Architectures
> (APA) Working Group task 2270
> <https://www.w3.org/WAI/APA/track/actions/2270>.
>
> I have concerns that could be best summarized in a new section
> "Accessibility Considerations" which could follow "Security Considerations"
> or "Privacy Considerations" in document order. References to timing
> considerations should be updated to reference this new subheading. See
> editor's draft https://w3c.github.io/webauthn/. Additionally, based on
> the accessibility topics below, notes could be added to the appropriate
> sections (e.g., registration).
>
> Proposed topics for "Accessibility Considerations":
> 1. Public key credentials must not be restricted to biometric data alone.
> 2. Registration should provide affordances for users to complete
> authorization gestures correctly. This could involve naming the
> authenticator, choosing a picture to associate with the device, or entering
> freeform text instructions.
> 3. Ceremonies that rely on timing must follow WCAG Guideline 2.2 Enough
> Time (https://www.w3.org/WAI/WCAG21/Understanding/enough-time).
> *--*
> *Paul Grenier*
> *[image: github] <https://github.com/AutoSponge>**[image: twitter]
> <https://twitter.com/AutoSponge>**[image: linkedin]
> <http://www.linkedin.com/in/pgrenier>*
>
>
> On Wed, Dec 2, 2020 at 12:49 PM Accessible Platform Architectures Working
> Group Issue Tracker <sysbot+tracker@w3.org> wrote:
>
>> apa-ACTION-2270: Review webauthn 2 https://www.w3.org/tr/webauthn-2/
>>
>> https://www.w3.org/WAI/APA/track/actions/2270
>>
>> Assigned to: Paul Grenier
>>
>>
>>
>>
>>
>>
>>
>>
>>

Received on Friday, 18 December 2020 19:54:47 UTC