- From: White, Jason J <jjwhite@ets.org>
- Date: Thu, 4 Aug 2016 13:56:22 +0000
- To: Janina Sajka <janina@rednote.net>
- CC: Shane McCarron <shane@spec-ops.io>, ARIA <public-aria@w3.org>
> -----Original Message----- > From: Janina Sajka [mailto:janina@rednote.net] > From today's APA discussion I'm of the understanding that the user makes the > decision after the web page presents a menu of alternatives to choose from. [Jason] Hi Janina, >From a quick reading of relevant parts of the spec, it appears that the list of alternatives to choose from would be a list of credentials (e.g., account names associated with the Web application making the request for authentication) rather than a list of authentication mechanisms, so it appears that the choice of authentication method is left to the user agent. Of course, the UA needs to offer at least one authentication method that is suitable to the capabilities of the user. This spec may not be the right place to require it, as the purpose here is only to define the API used by Web applications. At most I would suggest adding an informative note, and perhaps checking to make sure that the choice of authentication method (biometric or otherwise) is the UA's responsibility. ________________________________ This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited. Thank you for your compliance. ________________________________
Received on Thursday, 4 August 2016 14:14:10 UTC