- From: Rochford, John <john.rochford@umassmed.edu>
- Date: Wed, 8 Nov 2017 17:26:49 +0000
- To: "lisa.seeman" <lisa.seeman@zoho.com>, public-cognitive-a11y-tf <public-cognitive-a11y-tf@w3.org>
- Message-ID: <55BD19D83AA2BE499FBE026983AB2B580155AE5BB9@ummscsmbx10.ad.umassmed.edu>
Hi Lisa and All, As Lisa requested, I reviewed the Web Authentication working draft<https://www.w3.org/TR/webauthn/>. I assessed what impact our Accessible Authentication SC<https://github.com/w3c/wcag21/issues/23> might have on it. (I saw nothing in the working draft that I thought would have an impact on our SC.) 3. Terminology<https://www.w3.org/TR/webauthn/#terminology> contains the following definition of user consent. "User consent means the user agrees with what they are being asked, i.e., it encompasses reading and understanding prompts." I think something fundamental is missing: following prompts. The bulleted list in our SC defines abilities people with cognitive disabilities may lack, and that are needed to follow such prompts. Throughout the Web Authentication working draft<https://www.w3.org/TR/webauthn/>, there are multiple references to submitting passwords and PINs, to which our SC definitely applies. Also, there are references to fixed periods in which user interaction is required. (See example below.) There is no discussion of enabling users to extend such periods. 4.1.5. Platform Authenticator Availability <https://www.w3.org/TR/webauthn/#isPlatformAuthenticatorAvailable> "A timeout value on the order of 10 minutes is recommended; this is enough time for successful user interactions to be performed but short enough that the dangling promise will still be resolved in a reasonably timely fashion." John John Rochford<http://bit.ly/profile-rj> UMass Medical School/E.K. Shriver Center Director, INDEX Program Instructor, Family Medicine & Community Health www.DisabilityInfo.org Twitter: @ClearHelper<https://twitter.com/clearhelper> Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential, proprietary, and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender immediately and destroy or permanently delete all copies of the original message.
Received on Wednesday, 8 November 2017 17:27:16 UTC