Re: Accessible authentication and we need a fundamental change

Jason,

That is good to know - thanks. Is there a web location that is tracking the
activities of that TF? I'd love to know more about what y'all are up to.

> Of course, the proposals to introduce APIs for creating and using
authentication information offer a much better solution, where, again, the
UA rather than the content author provides the user interface.

This indeed appears to be the case
​, but that then means that this need will likely be deferred to Project
Silver, as WCAG is all about the content creator and what *they* must do to
achieve success.​

JF

On Wed, Feb 1, 2017 at 11:53 AM, White, Jason J <jjwhite@ets.org> wrote:

>
>
>
>
> *From:* John Foliot [mailto:john.foliot@deque.com]
> *Sent:* Wednesday, February 1, 2017 12:28 PM
>
> With regard to accessible authentication, there is emergent work within
> the W3C on that topic today (Verifiable Claims and Web payments in
> general), although, similar to our Working Group, the Verifiable Claims
> folks encountered some push-back while attempting to get their work into a
> Working Group (and out of a Community Group).
>
> *[Jason] In addition, the Research Questions Task Force of the APA Working
> Group is investigating requirements and prior research related to
> accessible authentication. Whatever insights and conclusions emerge can
> certainly be shared with this working group.*
>
> All widely deployed user agents today support password management features
> that can automatically enter user names and passwords into text and
> password fields. For this to be secure, of course, the user agent needs to
> authenticate the identity of the user. This might take place at the
> operating system level or might involve an authentication step provided by
> the UA.
>
> If the UA provides an appropriate means of authentication (one that is
> accessible to the specific user), then traditional user name and password
> authentication mechanisms can be handled by the password manager. The only
> problem that remains is that of initially entering a user name and
> password, which could still raise accessibility concerns. (Indeed, it often
> already does so if a CAPTCHA is used.)
>
> Thus, I think a backward-compatible solution which shifts the
> accessibility problem to the user agent is achievable. Of course, the
> proposals to introduce APIs for creating and using authentication
> information offer a much better solution, where, again, the UA rather than
> the content author provides the user interface.
>
>
>
> ------------------------------
>
> This e-mail and any files transmitted with it may contain privileged or
> confidential information. It is solely for use by the individual for whom
> it is intended, even if addressed incorrectly. If you received this e-mail
> in error, please notify the sender; do not disclose, copy, distribute, or
> take any action in reliance on the contents of this information; and delete
> it from your system. Any other use of this e-mail is prohibited.
>
> Thank you for your compliance.
> ------------------------------
>



-- 
John Foliot
Principal Accessibility Strategist
Deque Systems Inc.
john.foliot@deque.com

Advancing the mission of digital accessibility and inclusion

Received on Wednesday, 1 February 2017 18:14:46 UTC