[webauthn] cognitive-accessibility consideration

JohnRochfordUMMS has just created a new issue for https://github.com/w3c/webauthn:

== cognitive-accessibility consideration ==
Hi All,

As a Cognitive Accessibility Task Force member, and as manager of its Accessible Authentication success criterion (SC), I recently reviewed the Web Authentication working draft. I assessed what impact our Accessible Authentication SC might have on it, and how the task force's work could be helpful to it. (I saw nothing in the working draft that I thought would have an impact on our SC.)

- **3. Terminology** contains the following definition. “User consent means the user agrees with what they are being asked, i.e., it encompasses reading and understanding prompts.” I think something fundamental is missing: following prompts. People with cognitive disabilities may lack capabilities needed to follow such prompts. 
- Throughout the Web Authentication working draft, there are multiple references to submitting passwords and PINs, to which our SC definitely applies.
- Also, there are references to fixed periods in which user interaction is required. E.g., "4.1.5. Platform Authenticator Availability states “A timeout value on the order of 10 minutes is recommended; this is enough time for successful user interactions to be performed but short enough that the dangling promise will still be resolved in a reasonably timely fashion.” I saw no discussion of enabling users with cognitive disabilities to extend such periods.

If you are interested, I would be pleased to work with you to incorporate cognitive-accessibility elements in the Web Authentication working draft. My aim is to be helpful, not critical.

John Rochford

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/733 using your GitHub account

Received on Friday, 22 December 2017 17:47:01 UTC