Your comments on WCAG 2.0 Last Call Working Draft of December, 2007

Dear Laura Turkki,

Thank you for your comments on the 11 Dec 2007 Last Call Working Draft
of the Web Content Accessibility Guidelines 2.0 (WCAG 2.0
http://www.w3.org/TR/2007/WD-WCAG20-20071211). The WCAG Working Group
has reviewed all comments received on the December draft. Before we
proceed to implementation, we would like to know whether we have
understood your comments correctly and whether you are satisfied with
our resolutions.

Please review our resolutions for the following comments, and reply to
us by 31 March 2008 at public-comments-wcag20@w3.org to say whether
you accept them or to discuss additional concerns you have with our
response. Note that this list is publicly archived.

Please see below for the text of comments that you submitted and our
resolutions to your comments. Each comment includes a link to the
archived copy of your original comment on
http://lists.w3.org/Archives/Public/public-comments-wcag20/, and may
also include links to the relevant changes in the WCAG 2.0 Editor's
Draft of 10 March 2008 at
http://www.w3.org/WAI/GL/WCAG20/WD-WCAG20-20080310/.

Note that if you still strongly disagree with our resolution on an issue,
you have the opportunity to file a formal objection (according to
3.3.2 of the W3C Process, at
http://www.w3.org/2005/10/Process-20051014/policies.html#WGArchiveMinorityViews)
to public-comments-wcag20@w3.org. Formal objections will be reviewed
during the candidate recommendation transition meeting with the W3C
Director, unless we can come to agreement with you on a resolution in
advance of the meeting.

Thank you for your time reviewing and sending comments. Though we
cannot always do exactly what each commenter requests, all of the
comments are valuable to the development of WCAG 2.0.


Regards,

Loretta Guarino Reid, WCAG WG Co-Chair
Gregg Vanderheiden, WCAG WG Co-Chair
Michael Cooper, WCAG WG Staff Contact

On behalf of the WCAG Working Group

----------------------------------------------------------
Comment 1: 20 hour exception is too long for secure sessions dealing
with identification and financial information and services
Source: http://lists.w3.org/Archives/Public/public-comments-wcag20/2008Jan/0050.html
(Issue ID: 2428)
Status: VERIFIED / NOT ACCEPTED
----------------------------
Original Comment:
----------------------------

To protect our clients we have time limit of 15 minutes if the user
does nothing, the session to our netbank is automatically closed.

This is utterly important especially for users using public computers
e.g. in libraries.

The extend rule might work in this case but I'm not sure we want to
advertise the security features that much. E.g. in the case of public
computers drawing the attention of possible bystanders..

Proposed Change:
Security exception: In order to prevent mishaps, identification and
financial services can close session after a short time(5-20 min) if
the user is idling.

---------------------------------------------
Response from Working Group:
---------------------------------------------

You are correct that the "extend" option would be the proper one for
the situation you describe. Your 15 min time limit is intended to
close down the terminal if someone leaves the terminal, but not to
close down the terminal if someone is still there. So, if your
application checks to see if people are active - and asks them if they
need more time if the terminal goes inactive - you could actually
decrease the 15 min time (from last keystroke for example) to
something much smaller and still meet this provision while providing
all users with time they need to complete the transaction.

Instead of closing down at 5-20 min, just back up 20 seconds (to 5 to
20 min minus 20 seconds) and ask the user if they need more time. If
they do not respond, you can still close down at 5 min (or 20 min) and
you will shut down the connection at the exact same time - and conform
to this provision as written.

Received on Tuesday, 11 March 2008 00:19:44 UTC