W3C home > Mailing lists > Public > public-cognitive-a11y-tf@w3.org > August 2016

Re: Privacy & Security SC collaboration

From: lisa.seeman <lisa.seeman@zoho.com>
Date: Sun, 21 Aug 2016 20:08:44 +0300
To: Rochford <john.rochford@umassmed.edu>
Cc: "public-cognitive-a11y-tf@w3.org" <public-cognitive-a11y-tf@w3.org>
Message-Id: <156ae119a75.f9de8d5b285934.6404765729156425108@zoho.com>
Hi John

I think you are down for :Do not add mechanisms that are likely to confuse the user in a way that may do them harm and use known techniques to keep the user safe." The URL is given as  : https://rawgit.com/w3c/coga/master/extension/index.html#semantics

Please check at https://www.w3.org/WAI/PF/cognitive-a11y-tf/wiki/SC_todo_list

Mike is doing the security one. If you wish to switch please check with him

Re working with web authentication - we, as APA should definitely give the feedback and coordinate with them. However I think to conform to WCAG 2.1 we still nee a success criteria that enables people to use content without a security protocol that bars people with cognitive disabilities.

All the best

Lisa Seeman

LinkedIn, Twitter

---- On Sun, 21 Aug 2016 19:49:16 +0300  Rochford&lt;john.rochford@umassmed.edu&gt; wrote ---- 

    Hi Lisa and All,
 In my work on privacy and security success criteria, I found a new, directly-relevant W3C publication. In my opinion, “Web Authentication: A Web API for accessing scoped credentials”, addresses well the privacy and security issues we have identified. 
 Thus, I suggest that, rather than develop our own privacy and security success criteria, we work with the Web Authentication Working Group as it develops its own. One idea is we could help it consider how to help web authentication interactions be as simple as possible. 
 In the working group’s use cases for embedded authenticators (1.1. Registration), step 2 is:
 ·      “The phone prompts, "Do you want to register this device with example.com?".
 We could suggest to the working group that it always considers using simple language. Perhaps:
 ·      the user’s device could be detected so “device” becomes “phone” or “tablet”;
 ·      “sign up” could replace “register”;
 ·      The “example.com”/name of business could be replaced by the name of the service the user is trying to sign up for. 
 John Rochford
 UMass Medical School/E.K. Shriver Center
 Director, INDEX Program
 Instructor, Family Medicine &amp; Community Health
 Twitter: @ClearHelper
 Confidentiality Notice:
 This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential, proprietary, and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender immediately and destroy or permanently delete all copies of the original message.
Received on Sunday, 21 August 2016 17:09:09 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:23:56 UTC