Re: [MIX] PF comments on Mixed Content - accessible indication and user controls from Mike West on 2014-12-11 (public-webappsec@w3.org from December 2014)

From: Mike West <mkwst@google.com>
Date: Thu, 11 Dec 2014 03:53:20 -0800
To: Brad Hill <hillbrad@fb.com>
Cc: Michael Cooper <cooper@w3.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, WAI Liaison <wai-liaison@w3.org>
Message-ID: <CAKXHy=cRypfNnWZqQCUa3vY2mFvZkEMTagUX1aRmWnAE6E0KfQ@mail.gmail.com>

Brad's changes look reasonable to me. I've merged his patch, and will be
happy to make further changes if deemed necessary.

Thanks for reviewing the spec!

-mike

--
Mike West <mkwst@google.com>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

On Wed, Dec 10, 2014 at 3:46 PM, Brad Hill <hillbrad@fb.com> wrote:

>  Thank you, Michael.
>
>  Please let me know if you believe the following changes are sufficient:
>
>  https://github.com/w3c/webappsec/pull/110
>
>  -Brad Hill
>
>   From: Michael Cooper <cooper@w3.org>
> Date: Wednesday, December 10, 2014 at 9:58 AM
> To: "public-webappsec@w3.org" <public-webappsec@w3.org>, WAI Liaison <
> wai-liaison@w3.org>
> Subject: [MIX] PF comments on Mixed Content - accessible indication and
> user controls
> Resent-From: <public-webappsec@w3.org>
> Resent-Date: Wednesday, December 10, 2014 at 9:58 AM
>
>   The Protocols and Formats Working Group has reviewed the Mixed Content
> specification and has two comments:
>
> 1) Section 4.3 - UI Requirements
> http://www.w3.org/TR/2014/WD-mixed-content-20140722/#requirements-ux
> <https://urldefense.proofpoint.com/v1/url?u=http://www.w3.org/TR/2014/WD-mixed-content-20140722/%23requirements-ux&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=HU3cThGizwgsko8%2BWBMXZg%3D%3D%0A&m=XPcXAKUl3phy%2FY%2Ft%2BlvgAEh9qYPjZHSeKjorGTIZU5s%3D%0A&s=5c5f053ec7c7d182281966f064f0648c8da272411726617ad0fe54fa6652ffbd>
>
>  There is a requirement that the UI have a visual indication as to
> whether the connection is secure or not:
>
>
>  If a request for optionally blockable passive resources which are mixed
> content is not treated as active content (per requirement #3 above), then
> the user agent MUST NOT provide the user with a visible indication that the
> top-level browsing context which loaded that resource is secure (for
> instance, via a green lock icon). The user agent SHOULD instead display a
> visible indication that mixed content is present.
>
>
>  It is important to have a requirement that the indication is also
> available to assistive technology. Current implementations have an image
> icon that is not made available to accessibility APIs.
>
>  2) Section 4.4 - User Controls
> http://www.w3.org/TR/2014/WD-mixed-content-20140722/#requirements-user-controls
> <https://urldefense.proofpoint.com/v1/url?u=http://www.w3.org/TR/2014/WD-mixed-content-20140722/%23requirements-user-controls&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=HU3cThGizwgsko8%2BWBMXZg%3D%3D%0A&m=XPcXAKUl3phy%2FY%2Ft%2BlvgAEh9qYPjZHSeKjorGTIZU5s%3D%0A&s=71fe814840bf2380b530e9334924d92417469034db7420a7920b26874757fded>
>
>  There are some MAY statements about user agents offering controls to
> limit exposure to blockable passive content and active mixed content.  Such
> controls need to be available to the assistive technology as well.
>
> For the PFWG,
> Michael Cooper
>
>

Received on Thursday, 11 December 2014 11:54:16 UTC