- From: Joshue O Connor <joshue.oconnor@cfit.ie>
- Date: Thu, 23 Aug 2007 09:38:33 +0100
- To: Robert Burns <rob@robburns.com>
- Cc: Lachlan Hunt <lachlan.hunt@lachy.id.au>, public-html <public-html@w3.org>
Robert Burns wrote: >f it said more > about the inherent security versus accessibility issues I missed it. Here are some better examples. [1] [2] The issues being referred to in these references are not the show stoppers that they were are the time but they are interesting as they indicate what *can* happen when security needs and accessibility requirements are in conflict ,either due to the needs of one domain (in this case security) taking precedence over the needs of a minority group of users, in this case screen reader users. >> I will say that DRM, as hated as it is, is still very much the same >> security we're talking about here. Although security is a part of >> denying access (as the DRM case drives home), we should still seek to >> ensure security even if we know it might be misused (as DRM so often is). I also think DRM is a useful example, although Lachlan disagrees. It is a slightly different domain but only slightly to what we are discussing as it does deal with providing security to content delivered over HTTP/FTP protocols - but IMO it is not an entirely inappropriate model to reference. >> I think Captchas are an excellent example of where accessibility may be >> neglected in order to provide security It is a better example considering our domain. >> However, security and accessibility do not have to be at odds. I've >> heard it said the three 'As of security are authentication, authority >> and access. They don't have to be at odds but my point is that they often are in their real world application. The two examples we are discussing are indicative, and I will suggest that we will see more as technology develops. However, what could reduce the chance of this happening: 1) An acknowledgment that there is an issue here. That security and accessibility are not always comfortable bedfellows. 2) The need to find ways of increasing security but not at the expense of accessibility or usability. 3) A greater understanding amongst the developers of secure web applications of how Assistive Technology works and why some implementation/methods/ features can impact negatively on users. Rob mention the three A's. What are the three A's? They are principles. My objection to the 'Secure by design' principle is that it does not take responsibility in an explicit recognition of the negative effect it can have on the accessibility domain. [1] http://www.adobe.com/products/acrobat/access_book3.html (Go to section How to Create Accessible Adobe PDF Files > Security with accessible text.) [2] http://www.washington.edu/accessit/articles?2
Received on Thursday, 23 August 2007 08:38:50 UTC