- From: Patrick H. Lauke <redux@splintered.co.uk>
- Date: Sun, 24 Dec 2017 01:36:48 +0000
- Cc: WCAG <w3c-wai-gl@w3.org>
On 24/12/2017 00:07, Alastair Campbell wrote: >> This SC expressly forbids something from being >> done, unless a user is able to use a password manager or similar, > > It doesn't specify how the user comes up with the username/password/ email etc. > > It could be with long term memory, or user-agent based, or a piece of paper, or something else. (Yes, I know it says you can't rely on a user transcribing, but that is for the content - from one site-provided place to a site provided input.) This aspect (of the copying from a piece of paper, or presumably then from another handheld device) isn't clear from the normative language. Is this "copying" related to CAPTCHAs? Because again, this is a separate issue I'd argue, not an authentication one. It's a "challenge" rather than "authentication". >> Imagine a web-based (internal) system that can only be accessed on >> locked-down terminals. ... Is there any way for this system to >> pass the SC without compromising security/removing authentication >> altogether? > > Sure, it could have a username/password and the content doesn't block pasting. > The kiosk may not have anything to paste from, there is no user-benefit in that scenario, but the content passes. Hoping that this gets very explicitly mentioned as an example in understanding then. Maybe it even warrants a note in the normative language, to talk about user agent/environment limitations? As well as an explanation somewhere what "governing statutory requirements" are in this context. P -- Patrick H. Lauke www.splintered.co.uk | https://github.com/patrickhlauke http://flickr.com/photos/redux/ | http://redux.deviantart.com twitter: @patrick_h_lauke | skype: patrick_h_lauke
Received on Sunday, 24 December 2017 01:37:13 UTC