- From: Rain Michaels <rainb@google.com>
- Date: Wed, 17 Aug 2022 08:03:09 -0400
- To: Alastair Campbell <acampbell@nomensa.com>
- Cc: "WCAG list (w3c-wai-gl@w3.org)" <w3c-wai-gl@w3.org>
- Message-ID: <CAJO5HuuAHbRujmpA6GvvrLTe90akQDq9NtUNHz=Q_c9udfuHjw@mail.gmail.com>
+1 to everything *except* -1 to the last one, "New issue 2." Security questions, such as "make and model of your first car," "where you met your spouse," "name of your first pet," etc., often ask for text-based responses. These can also become cognitive function tests in the same way that user-supplied images might be. Suggestion to fix: Instead of: Exception: When the cognitive function test is to recognize objects, or > content the user provided to the website. > Objects and content for the exception may be represented by images, text, > video or audio. Perhaps something like: Exception: When the cognitive function test is to recognize objects, or > *non-password*content the user provided to the website. > Objects and content for the exception may be represented by *images, > video, audio, or responses to personal history questions*. Thank you, Rain On Wed, Aug 17, 2022 at 7:42 AM Alastair Campbell <acampbell@nomensa.com> wrote: > Hi everyone, > > > > I separated these off as they form a topic. > > > > From the survey > <https://www.w3.org/2002/09/wbs/35422/wcag22-misc2/results#xq2> we had > two Accessible Authentication questions to get agreement on, and two new > ones: > > > > > > *2. Clarify Accessible Authentication by including "remembering user names > and passwords" in the SC text #2577 * > > > > Most people agree with the addition, with a couple of suggestions to put > it in parenthesise and include at the AAA level. PR 2609 > <https://github.com/w3c/wcag/pull/2609/files> has been updated to reflect > that. > > > > Several people thought that the definition covered this and the update was > not needed. > > > > I’d point out that one response appears to have misunderstood the SC and > didn’t think passwords would be covered, which actually helped to highlight > that the update is needed. > > > > Also, we do just the same thing in 4.1.2 where there is a definition, then > parenthesise with examples of what is covered. > > > > Does anyone object to PR 2609 which adds: (such as remembering a password > or solving a puzzle) to both versions? > > > > > > *3. Editorial update to accessible-auth exception #2608 * > > > > Tobias made a suggestion which several people agreed with (and doesn’t > change the meaning), so I’ve updated PR 2608 > <https://github.com/w3c/wcag/pull/2608/files> to reflect that. > > > > I also switched it from “The cognitive function test*s* ask” to “The > cognitive function test ask*s*”, as the CFT is singular in the rest of > the SC. > > > > Any objections to that update? > > > > > > *New issue 1* > > > > In the thread of Issue 2592 <https://github.com/w3c/wcag/issues/2592> EricE > proposed to re-structure the SC text so it uses bullet-points for the > exceptions AND the alternative & mechanism aspects. > > > > To keep it aligned with the current meaning I suggested it use a structure > more like the alt-text SC: > > https://github.com/w3c/wcag/issues/2592#issuecomment-1217758169 > > > > The question at this point is: Do people think that improves the SC and > no-one would object? > > > > If anyone objects we’ll shut-down that approach now rather than take time > on it, but I couldn’t see a problem with it. > > > > > > *New issue 2* > > > > I don’t think there’s a separate issue for it, but in a couple of places > people have raised that: identifying content the user has provided to the > website could include passwords. > > > > The original intent for this exception was for interfaces where the user > provides something like an image, and then the website shows 5 (for > example) images and the user has to pick theirs. It was seen as a less > difficult cognitive function test because it comes from the user. Anything > text related is going to fall more heavily into memorisation part of CFTs. > > > > To resolve this, I’m proposing we remove ‘text’ from that exception and > note. This is implemented in PR 2624 > <https://github.com/w3c/wcag/pull/2624/files>. > > > > Any objections? > > > > Kind regards, > > > > -Alastair > > > > -- > > > > @alastc / www.nomensa.com > > >
Received on Wednesday, 17 August 2022 12:03:59 UTC