- From: Rain Michaels <rainb@google.com>
- Date: Wed, 17 Aug 2022 08:44:26 -0400
- To: Alastair Campbell <acampbell@nomensa.com>
- Cc: "WCAG list (w3c-wai-gl@w3.org)" <w3c-wai-gl@w3.org>
- Message-ID: <CAJO5Huu0MSvcAa-NpjXqHGuWJjCPyK1t=F=7Q=Zxq6UGOxXVVQ@mail.gmail.com>
Ah, no, thank you for the clarification. I was thinking about the fact that text input could include answers to security questions. I rescind my -1 recommendation. On Wed, Aug 17, 2022 at 8:42 AM Alastair Campbell <acampbell@nomensa.com> wrote: > Hi Rain, > > > > I’m not following something, you seem to be agreeing with the premise but > proposing something less effective? > > > > The proposal (in PR 2624 <https://github.com/w3c/wcag/pull/2624/files>) would > restrict the recognition to not-text content, e.g. images/video (which then > have to pass things like text alternatives). > > > > If we add “responses to personal history questions” to the exception that > means sites are allowed to use those at the AA level. > > > > Is that what you intended? > > > > Kind regards, > > > > -Alastair > > > > > > *From: *Rain Michaels <rainb@google.com> > *Date: *Wednesday, 17 August 2022 at 13:03 > *To: *Alastair Campbell <acampbell@nomensa.com> > *Cc: *WCAG list (w3c-wai-gl@w3.org) <w3c-wai-gl@w3.org> > *Subject: *Re: Accessible authentication Updates > > +1 to everything *except* -1 to the last one, "New issue 2." > > > > Security questions, such as "make and model of your first car," "where you > met your spouse," "name of your first pet," etc., often ask for text-based > responses. These can also become cognitive function tests in the same way > that user-supplied images might be. > > > > Suggestion to fix: > > > > Instead of: > > > > Exception: When the cognitive function test is to recognize objects, or > content the user provided to the website. > Objects and content for the exception may be represented by images, text, > video or audio. > > > > Perhaps something like: > > > > Exception: When the cognitive function test is to recognize objects, or > *non-password*content the user provided to the website. > Objects and content for the exception may be represented by *images, > video**, **audio**, or responses to personal history questions*. > > > > Thank you, > > > > Rain > > > > > > > > On Wed, Aug 17, 2022 at 7:42 AM Alastair Campbell <acampbell@nomensa.com> > wrote: > > Hi everyone, > > > > I separated these off as they form a topic. > > > > From the survey > <https://www.w3.org/2002/09/wbs/35422/wcag22-misc2/results#xq2> we had > two Accessible Authentication questions to get agreement on, and two new > ones: > > > > > > *2. Clarify Accessible Authentication by including "remembering user names > and passwords" in the SC text #2577 * > > > > Most people agree with the addition, with a couple of suggestions to put > it in parenthesise and include at the AAA level. PR 2609 > <https://github.com/w3c/wcag/pull/2609/files> has been updated to reflect > that. > > > > Several people thought that the definition covered this and the update was > not needed. > > > > I’d point out that one response appears to have misunderstood the SC and > didn’t think passwords would be covered, which actually helped to highlight > that the update is needed. > > > > Also, we do just the same thing in 4.1.2 where there is a definition, then > parenthesise with examples of what is covered. > > > > Does anyone object to PR 2609 which adds: (such as remembering a password > or solving a puzzle) to both versions? > > > > > > *3. Editorial update to accessible-auth exception #2608 * > > > > Tobias made a suggestion which several people agreed with (and doesn’t > change the meaning), so I’ve updated PR 2608 > <https://github.com/w3c/wcag/pull/2608/files> to reflect that. > > > > I also switched it from “The cognitive function test*s* ask” to “The > cognitive function test ask*s*”, as the CFT is singular in the rest of > the SC. > > > > Any objections to that update? > > > > > > *New issue 1* > > > > In the thread of Issue 2592 <https://github.com/w3c/wcag/issues/2592> EricE > proposed to re-structure the SC text so it uses bullet-points for the > exceptions AND the alternative & mechanism aspects. > > > > To keep it aligned with the current meaning I suggested it use a structure > more like the alt-text SC: > > https://github.com/w3c/wcag/issues/2592#issuecomment-1217758169 > > > > The question at this point is: Do people think that improves the SC and > no-one would object? > > > > If anyone objects we’ll shut-down that approach now rather than take time > on it, but I couldn’t see a problem with it. > > > > > > *New issue 2* > > > > I don’t think there’s a separate issue for it, but in a couple of places > people have raised that: identifying content the user has provided to the > website could include passwords. > > > > The original intent for this exception was for interfaces where the user > provides something like an image, and then the website shows 5 (for > example) images and the user has to pick theirs. It was seen as a less > difficult cognitive function test because it comes from the user. Anything > text related is going to fall more heavily into memorisation part of CFTs. > > > > To resolve this, I’m proposing we remove ‘text’ from that exception and > note. This is implemented in PR 2624 > <https://github.com/w3c/wcag/pull/2624/files>. > > > > Any objections? > > > > Kind regards, > > > > -Alastair > > > > -- > > > > @alastc / www.nomensa.com > > > >
Received on Wednesday, 17 August 2022 12:45:16 UTC