- From: White, Jason J <jjwhite@ets.org>
- Date: Wed, 3 Aug 2016 16:43:16 +0000
- To: Shane McCarron <shane@spec-ops.io>, ARIA <public-aria@w3.org>
- Message-ID: <BY2PR0701MB199062B16EFF02EAB448116AAB060@BY2PR0701MB1990.namprd07.prod.outlook.>
From: Shane McCarron [mailto:shane@spec-ops.io] Sent: Wednesday, August 3, 2016 12:35 PM I reviewed the spec at https://www.w3.org/tr/webauthn/ There is a lot in there. It supports the integration of external authentication mechanisms (e.g., biometrics, Google Authenticator on a phone / watch, etc.) Not sure how to think about the A11Y concerns here though. Basically there is no UI component per se. Instead there is an API that allows the invocation of platform-specific mechanisms. [Jason] What, if any, is the role of the Web application in choosing the mechanism? If the user agent makes the decision, then that is where the responsibility rests, but if the application is involved then I can foresee situations in which some mechanisms are accessible to the particular user, others are not, and the application requires the wrong mechanism in a given case. ________________________________ This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited. Thank you for your compliance. ________________________________
Received on Wednesday, 3 August 2016 17:00:34 UTC