Re: ACTION-1536: Some comments on the mixed content spec

There was quick turnaround on the comment filed on mixed content. They 
ask if the following edits meet our request:

https://github.com/w3c/webappsec/commit/27ce69afce3e60f8eda186337cc2603f16d2a8e6

Sent in the message:

https://lists.w3.org/Archives/Member/wai-liaison/2014Dec/0005.html

I would summarize the edit as removing explicit mention of *visual* 
indicators - just using more agnostic language about how the indicator 
works - and putting in a note that features need to work with AAPIs.

Thoughts? Should we accept this disposition of the comment, or request 
further edits?

Michael

On 10/12/2014 12:34 PM, Shane McCarron wrote:
> I have briefly reviewed the Mixed Content specification [1].  During 
> that review I noticed the following:
>
> 1) Section 4.3 - UI Requirements
>
> There is a requirement that the UI have a visual indication as to 
> whether the connection is secure or not:
>
>
>     If a request for optionally blockable passive resources which are
>     mixed content is not treated as active content (per requirement #3
>     above), then the user agent MUST NOT provide the user with a
>     visible indication that the top-level browsing context which
>     loaded that resource is secure (for instance, via a green lock
>     icon). The user agent SHOULD instead display a visible indication
>     that mixed content is present.
>
>
> I imagine we want an additional requirement that the indication is 
> also available to ATs - assuming we are comfortable making 
> requirements that are outside of the viewport.
>
> 2) Section 4.4 - User Controls
>
> They have some MAY statements about user agents offering controls to 
> limit exposure to blockable passive content and active mixed content.  
> Such controls need to be available to the AT as well.
>
>
> That's all I saw that I think is A11Y relevant.
>
> -- 
> Shane McCarron
> Managing Director, Applied Testing and Technology, Inc.