- From: John Foliot <john.foliot@deque.com>
- Date: Wed, 1 Feb 2017 12:14:11 -0600
- To: "White, Jason J" <jjwhite@ets.org>
- Cc: Andrew Kirkpatrick <akirkpat@adobe.com>, "lisa.seeman" <lisa.seeman@zoho.com>, "W3c-Wai-Gl-Request@W3. Org" <w3c-wai-gl@w3.org>
- Message-ID: <CAKdCpxwJbvuwWXHQDX65H1hOZUiObbt9+sjGbtKUjL+y_Ckdmw@mail.gmail.com>
Jason, That is good to know - thanks. Is there a web location that is tracking the activities of that TF? I'd love to know more about what y'all are up to. > Of course, the proposals to introduce APIs for creating and using authentication information offer a much better solution, where, again, the UA rather than the content author provides the user interface. This indeed appears to be the case , but that then means that this need will likely be deferred to Project Silver, as WCAG is all about the content creator and what *they* must do to achieve success. JF On Wed, Feb 1, 2017 at 11:53 AM, White, Jason J <jjwhite@ets.org> wrote: > > > > > *From:* John Foliot [mailto:john.foliot@deque.com] > *Sent:* Wednesday, February 1, 2017 12:28 PM > > With regard to accessible authentication, there is emergent work within > the W3C on that topic today (Verifiable Claims and Web payments in > general), although, similar to our Working Group, the Verifiable Claims > folks encountered some push-back while attempting to get their work into a > Working Group (and out of a Community Group). > > *[Jason] In addition, the Research Questions Task Force of the APA Working > Group is investigating requirements and prior research related to > accessible authentication. Whatever insights and conclusions emerge can > certainly be shared with this working group.* > > All widely deployed user agents today support password management features > that can automatically enter user names and passwords into text and > password fields. For this to be secure, of course, the user agent needs to > authenticate the identity of the user. This might take place at the > operating system level or might involve an authentication step provided by > the UA. > > If the UA provides an appropriate means of authentication (one that is > accessible to the specific user), then traditional user name and password > authentication mechanisms can be handled by the password manager. The only > problem that remains is that of initially entering a user name and > password, which could still raise accessibility concerns. (Indeed, it often > already does so if a CAPTCHA is used.) > > Thus, I think a backward-compatible solution which shifts the > accessibility problem to the user agent is achievable. Of course, the > proposals to introduce APIs for creating and using authentication > information offer a much better solution, where, again, the UA rather than > the content author provides the user interface. > > > > ------------------------------ > > This e-mail and any files transmitted with it may contain privileged or > confidential information. It is solely for use by the individual for whom > it is intended, even if addressed incorrectly. If you received this e-mail > in error, please notify the sender; do not disclose, copy, distribute, or > take any action in reliance on the contents of this information; and delete > it from your system. Any other use of this e-mail is prohibited. > > Thank you for your compliance. > ------------------------------ > -- John Foliot Principal Accessibility Strategist Deque Systems Inc. john.foliot@deque.com Advancing the mission of digital accessibility and inclusion
Received on Wednesday, 1 February 2017 18:14:46 UTC