Fw: Question on authentication?

I think this is one of those tests where you have to know the design in
order to test that it works. There is no way for the tester to know the
session has timed out because that event happens on the server.

Andi
andisnow@us.ibm.com
IBM Accessibility Center
(512) 838-9903, http://www.ibm.com/able
Internal Tie Line 678-9903, http://w3.austin.ibm.com/~snsinfo
----- Forwarded by Andi Snow-Weaver/Austin/IBM on 02/22/2006 07:12 AM -----
                                                                           
             Sofia.Celic@nils.                                             
             org.au                                                        
             Sent by:                                                   To 
             public-wcag-teamc         public-wcag-teamc@w3.org            
             -request@w3.org                                            cc 
                                                                           
                                                                   Subject 
             02/21/2006 04:33          Re: Question on authentication?     
             PM                                                            
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           





Hi Tim,

I imagine that for this particular technique the user does not know that
the session has timed out until they attempt to submit something after the
time out. Warning a user that a timeout is about to occur is another
technique. Perhaps we can reference it from this one - would that address
your concern?

Sofia





|---------+-------------------------------->
|         |           Tim Boland           |
|         |           <frederick.boland@nis|
|         |           t.gov>               |
|         |           Sent by:             |
|         |           public-wcag-teamc-req|
|         |           uest@w3.org          |
|         |                                |
|         |                                |
|         |           22/02/2006 01:49 AM  |
|         |                                |
|---------+-------------------------------->

>------------------------------------------------------------------------------------------------------------------------------|

  |
|
  |       To:       public-wcag-teamc@w3.org
|
  |       cc:
|
  |       Subject:  Question on authentication?
|

>------------------------------------------------------------------------------------------------------------------------------|






For "tests", how would the user always know that the session has timed out
for them, and that
the user is not currently authenticated?  Would the user always be able to
tell unambiguously
whether or not they are in the "authenticated" or "non-authenticated" state

with respect to a
session?

Thanks and best wishes
Tim Boland NIST


At 02:41 PM 2/21/2006 +1100, you wrote:


>Hi,
>
>Please have a look at and provide responses for:
>
>* If users submit data when the user is no longer authenticated, the
>data is saved and the data is reused after the user re-authenticates
><http://tinyurl.com/8qda2>
>
>Tim - please feel free to explain anything you think I may have
>misinterpreted.
>
>Thanks
>Sofia

Received on Wednesday, 22 February 2006 13:45:37 UTC