ACTION-2053: Authentication is important but... from Shane McCarron on 2016-08-03 (public-aria@w3.org from August 2016)

From: Shane McCarron <shane@spec-ops.io>
Date: Wed, 3 Aug 2016 11:34:57 -0500
To: ARIA <public-aria@w3.org>
Message-ID: <CAJdbnOCzV5aVjmjzQFtAmoehbU2BMd2LGSH_H7oe3RW+4=6+1g@mail.gmail.com>

I reviewed the spec at https://www.w3.org/tr/webauthn/

There is a lot in there.  It supports the integration of external
authentication mechanisms (e.g., biometrics, Google Authenticator on a
phone / watch, etc.)  Not sure how to think about the A11Y concerns here
though.  Basically there is no UI component per se.  Instead there is an
API that allows the invocation of platform-specific mechanisms.  Those
clearly MUST be accessible, but it is not clear to me how we would require
or enforce that through this spec.

P.S. Discussed at APA Meeting on 3 August.  Notes in the Action Item in
Tracker.

-- 
Shane McCarron
Projects Manager, Spec-Ops

Received on Wednesday, 3 August 2016 16:35:54 UTC