RE: Do we want a Biometric Alternative SC in WCAG 2.1? from Katie Haritos-Shea GMAIL on 2016-07-22 (w3c-wai-gl@w3.org from July to September 2016)

From: Katie Haritos-Shea GMAIL <ryladog@gmail.com>
Date: Fri, 22 Jul 2016 12:10:43 -0400
To: "'John Foliot'" <john.foliot@deque.com>, "'White, Jason J'" <jjwhite@ets.org>
Cc: <tink@tink.uk>, "'David MacDonald'" <david100@sympatico.ca>, "'Patrick Lauke'" <redux@splintered.co.uk>, "'WCAG'" <w3c-wai-gl@w3.org>
Message-ID: <012701d1e433$9c8dd1a0$d5a974e0$@gmail.com>
Thanks John,

 

I am still thinking there may be something broad we could add at this point for 2.1, and perhaps via the proposed SC that Patrick is working on, related to sensors, may be it.

 

Web Payments is leaving the authentication APIs up to the WG that are dealing specifically with security I am pretty sure.

 

Weak stab at a Biometrics Alternative SC: “When it is in control of the author to offer forms of biometric authentication, at least two forms must be made available.”

 

 

 

* katie *

 

Katie Haritos-Shea 
Principal ICT Accessibility Architect (WCAG/Section 508/ADA/AODA)

 

Cell: 703-371-5545 |  <mailto:ryladog@gmail.com> ryladog@gmail.com | Oakton, VA |  <http://www.linkedin.com/in/katieharitosshea/> LinkedIn Profile | Office: 703-371-5545 |  <https://twitter.com/Ryladog> @ryladog

 

From: John Foliot [mailto:john.foliot@deque.com] 
Sent: Friday, July 22, 2016 11:56 AM
To: White, Jason J <jjwhite@ets.org>
Cc: tink@tink.uk; David MacDonald <david100@sympatico.ca>; Katie Haritos-Shea GMAIL <ryladog@gmail.com>; Patrick Lauke <redux@splintered.co.uk>; WCAG <w3c-wai-gl@w3.org>
Subject: Re: Do we want a Biometric Alternative SC in WCAG 2.1?

 

I think (as others have suggested) that this is likely a WCAG 3.0/Silver discussion, as it also seems to involve hardware and platform specific variables likely outside of the "content" authors control.

 

About 2 or 3 years ago, I recall having an exploratory discussion around the use of biometrics and authentication (while I was at JPMC), and during those chats we absolutely understood that biometrics could augment (but not replace) other forms of input/authentication, and I actually saw a proof of concept authentication platform that allowed for multiple forms of biometrics to authenticate: eye-scan/gaze, fingerprints, voice recognition, etc. Thoughtfully applied, this could actually benefit some users (I'm thinking mobility impaired as an easy example). The PoC platform I saw could also leveraged other variables, such as GPS-aware sensors (i.e. you could set a profile that your cell phone or other type of dongle (https://shop.smartthings.com/#!/products/samsung-smartthings-arrival-sensor) had to be in physical proximity to an ATM that was attempting to withdraw money from your account) and/or you could require any 2 of 5 or 6 different authentication "triggers" (e.g. voice and eye-scan).

 

It strikes me that this may be fertile ground for the newly formed Research Questions TF that Jason is heading up to further explore (with a plug for that TF: https://www.w3.org/WAI/APA/task-forces/research-questions/). We may also want to monitor the Web Payments Working Group as they work on authentication APIs (etc.), as I suspect there will be some valuable cross-over between those efforts and personalization of web content and secure, personalized "user profiles". 

 

JF

 

On Fri, Jul 22, 2016 at 9:14 AM, White, Jason J <jjwhite@ets.org <mailto:jjwhite@ets.org> > wrote:



> -----Original Message-----
> From: Léonie Watson [mailto:tink@tink.uk <mailto:tink@tink.uk> ]
> On 22/07/2016 00:21, David MacDonald wrote:
> > yup... we currently require any input including Bio-metric,to be
> > keyboard accessible, but perhaps there is room for more.
>
> Requiring a non-keyboard input device to be keyboard accessible seems
> counter-intuitive.

[Jason] Yes, and this isn't what WCAG 2.0 requires. All functionality of the Web content (be it a document or application) must be keyboard operable. This doesn't exclude biometrics, audio or video input, for example, as long as the application is keyboard-accessible as specified in 2.1.1.
However, suppose we set up an authentication scheme whereby the user has to supply a finger print. If this is part of the Web content rather than of the user agent, then I suspect it's inconsistent with 2.1.1; it's certainly an insurmountable accessibility barrier to anyone who can't make use of a fingerprint scanner (for any number of disability-related reasons), thus it arguably shouldn't conform to WCAG.
If we had an API that allowed the user agent to choose a means of biometric authentication appropriate to the user's needs and abilities, then I would maintain that the content should then conform to WCAG.
>
> Agree this is an important conversation. It's a broad ranging discussion though,
> and one I think might be better suited to whatever comes after 2.1.
>
[Jason] I also look forward to contributing to that discussion, which is undoubtedly necessary.


________________________________

This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.


Thank you for your compliance.

________________________________





 

-- 

John Foliot

Principal Accessibility Strategist

Deque Systems Inc.

 <mailto:john.foliot@deque.com> john.foliot@deque.com

 

Advancing the mission of digital accessibility and inclusion
Received on Friday, 22 July 2016 16:11:36 UTC