RE: Accessible Authentication SCs, WCAG 2.2

One of the challenges of common objects in CAPTCHAs are that the common objects are often hidden or hard to find – for example, finding a fire hydrant in the image is not as simple as a plain image of a fire hydrant – it’s often intermixed in a complex scene with trashcans, bicycles, cars, shop windows, etc. this is of course the point to make it hard for Bots as well.    I’d like to know how this image complexity impacts users in the impacted group.  For people with low vision, it’s very difficult and adds a lot of cognitive load.

Jonathan

From: Alastair Campbell <acampbell@nomensa.com>
Sent: Wednesday, May 4, 2022 11:29 AM
To: Michael Gower <michael.gower@ca.ibm.com>; Bradley-Montgomery, Rachael <rmontgomery@loc.gov>; WCAG list (w3c-wai-gl@w3.org) <w3c-wai-gl@w3.org>
Subject: Re: Accessible Authentication SCs, WCAG 2.2

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Hi Michael,

We discussed and agreed that back in September:
https://www.w3.org/2021/09/21-ag-minutes#item02

We also had an issue specifically on that topic:
https://github.com/w3c/wcag/issues/1902

Which was closed by the update agreed in the meeting.

Another useful background discussion was:
https://github.com/w3c/wcag/issues/1256

A couple of clips:
“[The SC] doesn't explicitly define common objects, but as mentioned above, we're just using the dictionary definitions of those terms.”
“Crap captchas (e.g. the car vs van) affect everyone, although I'm sure it's [more difficult] if you have certain disabilities.”

Does that help?

-Alastair


From: Michael Gower
I’m concerned we have no definition of “common objects”. It seems problematic as part of the normative text, and I believe it must be defined or addressed in some way. Is a list appropriate/feasible?

The Understanding document discusses some of the considerations for common object. Based on how the definition of common object is tackled, more context likely needs to be added there.

Additional concerns with this SC (that can be resolved at a later point) are:

  *   A better explanation of the authentication process, as inferred by the SC, to better orient users to the common considerations (i.e., many people would not think of password recovery as part of an authentication process)
  *   A better focus on what the author responsibility is – we need clear guidance on what is required of someone creating a page. Right now, ya really have to dig for it. Once that’s established, then the doc can discuss how that author piece integrates with ATs, user agents, etc.
  *   the Understanding document in a few places is to some degree a list of techniques (which are not then crafted as separate techniques). It would be better to create additional sufficient and failure techniques (which will contribute to the prior bullet)

Mike

From: Bradley-Montgomery, Rachael <rmontgomery@loc.gov<mailto:rmontgomery@loc.gov>>
Date: Tuesday, May 3, 2022 at 5:58 PM
To: Alastair Campbell <acampbell@nomensa.com<mailto:acampbell@nomensa.com>>, WCAG list (w3c-wai-gl@w3.org<mailto:w3c-wai-gl@w3.org>) <w3c-wai-gl@w3.org<mailto:w3c-wai-gl@w3.org>>
Subject: [EXTERNAL] Re: CFC - Accessible Authentication SCs, WCAG 2.2
+1 From: Alastair Campbell <acampbell@nomensa.com<mailto:acampbell@nomensa.com>> Date: Tuesday, May 3, 2022 at 7:37 PM To: "WCAG list (w3c-wai-gl@w3.org<mailto:w3c-wai-gl@w3.org>)" <w3c-wai-gl@w3.org<mailto:w3c-wai-gl@w3.org>> Subject: CFC - Accessible Authentication SCs, WCAG 2.2 ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍
ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
This message came from outside your organization.
ZjQcmQRYFpfptBannerEnd
+1

From: Alastair Campbell <acampbell@nomensa.com<mailto:acampbell@nomensa.com>>
Date: Tuesday, May 3, 2022 at 7:37 PM
To: "WCAG list (w3c-wai-gl@w3.org<mailto:w3c-wai-gl@w3.org>)" <w3c-wai-gl@w3.org<mailto:w3c-wai-gl@w3.org>>
Subject: CFC - Accessible Authentication SCs, WCAG 2.2
Resent-From: <w3c-wai-gl@w3.org<mailto:w3c-wai-gl@w3.org>>
Resent-Date: Tuesday, May 3, 2022 at 7:33 PM


Call For Consensus — ends Monday May 9th at midday Boston time.



The Working Group has previously discussed the WCAG 2.2 SC Accessible Authentication, and the AAA version with no exception, and they need to be approved by CFC.



Both can be previewed in the editor’s draft:
https://w3c.github.io/wcag/guidelines/22/#accessible-authentication<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fw3c.github.io%2Fwcag%2Fguidelines%2F22%2F%23accessible-authentication&data=05%7C01%7Cacampbell%40nomensa.com%7Cb48b623b4e4c49075b1808da2dd7b71a%7Cebea4ad6fbbf43bd8449c56e26692c35%7C0%7C0%7C637872701767083240%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=nJu0Xj33TQMb5ZHriqUUmtUSQdWdGaKS5LGGxF3nIBo%3D&reserved=0>



They were last discussed Dec 3rd:

https://www.w3.org/2021/12/03-ag-minutes#t08



The change history is here:

https://github.com/w3c/wcag/commits/main/guidelines/sc/22/accessible-authentication.html<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fwcag%2Fcommits%2Fmain%2Fguidelines%2Fsc%2F22%2Faccessible-authentication.html&data=05%7C01%7Cacampbell%40nomensa.com%7Cb48b623b4e4c49075b1808da2dd7b71a%7Cebea4ad6fbbf43bd8449c56e26692c35%7C0%7C0%7C637872701767083240%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=RX8dXDMyHNIZAUo6yiVQuA8cwP4muLIrHSA3VnHiGcQ%3D&reserved=0>



The 17 issues opened and dealt with are listed in the survey:

https://www.w3.org/2002/09/wbs/35422/wcag22-accesssible-auth-updates/results



If you have concerns about this proposed consensus position that have not been discussed already and feel that those concerns result in you “not being able to live with” this decision, please let the group know before the CfC deadline.

Kind regards,

-Alastair

--

@alastc / www.nomensa.com<http://www.nomensa.com>