W3C home > Mailing lists > Public > public-webappsec@w3.org > July 2021

Re: [permissions-policy] Accessibility concerns

From: Marcos Caceres <marcosc@w3.org>
Date: Thu, 1 Jul 2021 11:28:27 +1000
Cc: WebAppSec WG <public-webappsec@w3.org>, W3C WAI Accessible Platform Architectures <public-apa@w3.org>
Message-Id: <A345E9F1-8A57-48C3-A1F8-C84704047C86@w3.org>
To: Daniel Veditz <dveditz@mozilla.com>, Becky Gibson <gibson.becky@gmail.com>
Hi Becky, Daniel, 

> On 1 Jul 2021, at 10:13 am, Daniel Veditz <dveditz@mozilla.com> wrote:
> There's a link to the GitHub issue tracker right below the "feedback" line; issues are perfectly fine. Especially if they have an issue-like resolution tag which makes them sound more like a task.

The SoTD suggest otherwise (it reads, the mailing list is "preferred for discussion of this specification"). We should fix this by setting the right thing via the "Issue Tracking" option in:

I'll file a bug.

> The Permissions described in the spec apply to web documents and applications, not the user agent nor any extensions or assistive technology installed locally. 

This is correct, but I think it needs to be framed a little bit differently: be it that the policies apply to documents in a web browser, the Permissions Policy spec doesn't override or interfere with *system-level* controls or features or any accessible technology (e.g., it would be impossible for it to disable the ambient light sensor at a system level, but it could prevent an iframe from accessing the API the allows reading that sensor). 

As an aside, this highlights the confusion around accessing particular sensors: more an issue for the DAS Working Group - particularly in that those sensor APIs don't override, or otherwise interfere, with user preferences, like brightness at the OS level, or the computer sensing the ambient light.
Becky wrote: 
>  For example, a user with vision limitations may rely upon access to an ambient-light-sensor to normalize brightness or contrast. 

Absolutely! And, for instance, so does the OS (e.g., for automatically switching to "dark mode" at dusk). Permissions Policy will never interfere with those, or any other accessible technology. It just sometimes prevents web documents from accessing particular APIs or features, but it still leaves the user in complete control - and grants the browser full authority to continue to make all web documents as accessible as possible. For example, a permissions policy may disable a web page from accessing the "fullscreen" API, but the browser might still provide the ability for a video to be displayed full screen irrespective of what the site wants. 

Hope that helps! 
Received on Thursday, 1 July 2021 01:28:39 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 1 July 2021 01:28:39 UTC