20 hour exception is too long for secure sessions dealing with identification and financial information and services from WCAG 2.0 Comment Form on 2008-01-31 (public-comments-wcag20@w3.org from January 2008)

From: WCAG 2.0 Comment Form <nobody@w3.org>
Date: Thu, 31 Jan 2008 12:27:00 +0000 (GMT)
To: public-comments-wcag20@w3.org
Message-Id: <20080131122700.B88B2BEEC@nelson.w3.org>

Name: Laura Turkki
Email: laura.turkki@nordea.com
Affiliation: Nordea Oyj (bank)
Document: W2
Item Number: Success Criterion 2.2.1
Part of Item: 
Comment Type: technical
Summary of Issue: 20 hour exception is too long for secure sessions dealing with identification and financial information and services
Comment (Including rationale for any proposed change):
To protect our clients we have time limit of 15 minutes if the user does nothing, the session to our netbank is automatically closed. 



This is utterly important especially for users using public computers e.g. in libraries.



The extend rule might work in this case but I\'m not sure we want to advertise the security features that much. E.g. in the case of public computers drawing the attention of possible bystanders..



 



Proposed Change:
Security exception: In order to prevent mishaps, identification and financial services can close session after a short time(5-20 min) if the user is idling.

Received on Thursday, 31 January 2008 12:27:08 UTC