- From: John Foliot <jfoliot@stanford.edu>
- Date: Thu, 18 Mar 2010 23:40:56 -0700 (PDT)
- To: "'Gregory J. Rosmaita'" <oedipus@hicom.net>, "'Leif Halvard Silli'" <xn--mlform-iua@xn--mlform-iua.no>, "'W3C WAI-XTECH'" <wai-xtech@w3.org>
- Cc: <public-html-a11y@w3.org>
[JF - after this initial response/post to the current CAPTCHA discussion, this might stray off in a wholly separate direction - for now. I will ask that we remove it from the public-html-a11y/w3c list, should anyone care to respond. Moving to wai-xtech/w3c for wider discussion] Gregory J. Rosmaita wrote: > > i think that JohnF hit the nail on the head when he pointed out the > advantages of universal password solutions such as those that allow > you to verify yourself by logging into a service such as twitter or > facebook or by using OpenID type solutions, if not OpenID itself... I think that there are numerous opportunities for this type of 'human-ness' verification which might warrant more investigation. Currently at Stanford I am learning of the Shibboleth System[1], which links a number of Universities together, including Stanford. Using their local authentication at *their* university, we can grant fellow colleagues access as a favored guest at Stanford - and we can control what favored means. As well, Stanford is moving towards a university account-for-life scheme, which will allow alumni to retain their SUNet credentials for life; I will presume that this is currently not un-common, or could be further encouraged at other universities and similar institutions. It is a potentially very large data-set of authenticated ID's issued by trusted entities such as higher education affiliations - presumably other large federated verticals could use this method as well (financial/banking sector for sure, likely other blue-chip and middle-level federations as well - National Cattlemen’s Beef Association[2] anyone?) The question becomes, could something like this be used at such a basic but huge-scale deployment for the type of 'authentication' that CAPTCHA currently provides? What kind of overhead would it entail (for example)? I currently have an OpenID (linked directly to john.foliot.ca) and I have a twitter handle, MSN Passport, AOL double duty sign-in name, yada yada yada... there are already a ton of free services out there (that all required CAPTCHA to get started - sigh); however for disabled communities other trusted entities could also serve to assure humanness and verify as much through such a distributed (but more controlled) system - I am thinking for example of medical care-givers, churches, banks/post offices, NGO's etc. - entities that the disabled users are already likely affiliated to. So, thoughts? JF [1 http://shibboleth.internet2.edu/about.html] [2 http://www.beefusa.org/]
Received on Friday, 19 March 2010 06:41:35 UTC