Re: [EXT] Re: Accessible authentication Updates

Replying way too honestly to John's email note about finding the different
threads being difficult to track:

I've actually given up. I'm overwhelmed and am no longer sure where this
conversation is. If I try to give feedback now, I know it'll be out of date
and missing a lot of context.

On Wed, Aug 24, 2022 at 1:29 PM Rochford, John <john.rochford@umassmed.edu>
wrote:

> Alastair and Rain: This email discussion has separate threads that I, and
> perhaps others, find difficult to track.
>
>
>
> Jennifer: I too love your revisions for better readability.
>
>
>
> John
>
>
>
> John Rochford
>
> University of Massachusetts Medical School
>
> Eunice Kennedy Shriver Center
> Director, INDEX Program
> Faculty, Family Medicine & Community Health
> DisabilityInfo.org <http://www.DisabilityInfo.org>
>
> EasyText.AI <https://easytext.ai/>
>
> About Me
> <https://johnrochford.com/?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=edit_panel&utm_content=plaintext>
>
> Schedule a meeting with me. <http://bit.ly/CallJR>
>
>
>
> *Confidentiality Notice:*
>
> *This e-mail message, including any attachments, is for the sole use of
> the intended recipient(s) and may contain confidential, proprietary, and
> privileged information. Any unauthorized review, use, disclosure, or
> distribution is prohibited. If you are not the intended recipient, please
> contact the sender immediately and destroy or permanently delete all copies
> of the original message.*
>
>
>
> *From:* Rain Michaels <rainb@google.com>
> *Sent:* Tuesday, August 23, 2022 7:59 AM
> *To:* Jennifer Strickland <jstrickland@mitre.org>
> *Cc:* Gregg Vanderheiden RTF <gregg@raisingthefloor.org>; Jonathan Avila <
> jon.avila@levelaccess.com>; w3c-waI-gl@w3. org <w3c-wai-gl@w3.org>
> *Subject:* Re: [EXT] Re: Accessible authentication Updates
>
>
>
> I really love Jennifer's copy edits for readability!
>
>
>
> On Tue, Aug 23, 2022 at 8:56 AM Jennifer Strickland <jstrickland@mitre.org>
> wrote:
>
> Agree with the recommendations here, and with the “cognitive function
> test” point.
>
>
>
> Love Rain’s bullets.
>
>
>
> A bit of wordsmithing to improve readability… I’m worried memorization may
> be unfamiliar — as it is considered at the Post-graduate level. In order
> for our guidelines to meet WCAG Level AAA 3.1.5
> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FWAI%2FWCAG22%2FUnderstanding%2Freading-level.html&data=05%7C01%7Cjohn.rochford%40umassmed.edu%7Cf3e98730b6b2416de59608da850763e1%7Cee9155fe2da34378a6c44405faf57b2e%7C0%7C0%7C637968564050251719%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=xaRq7l%2Bp4q0RyjGBHjsixBb9jNGdX3%2B47ZRhi11MlfA%3D&reserved=0>
> — without having to provide supplemental content, we could copy-edit a bit.
>
>
>
> The full text was Grade 12. This rewrite is Grade 8:
>
> ·       support for password entry by password managers to *reduce memory
> need*, and
>
> ·       copy and paste to * reduce the cognitive burden of re-typing*.
>
>
>
> *For Reference*
>
> Success Criterion *3.1.5 Reading Level*
> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FTR%2FWCAG22%2F%23reading-level&data=05%7C01%7Cjohn.rochford%40umassmed.edu%7Cf3e98730b6b2416de59608da850763e1%7Cee9155fe2da34378a6c44405faf57b2e%7C0%7C0%7C637968564050251719%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=a2arV8YxRd3%2B%2FilCWma4jCWXdHulyJP%2BuRR3MzmxG1U%3D&reserved=0> (Level
> AAA): When text requires reading ability more advanced than the lower
> secondary education level
> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FWAI%2FWCAG22%2FUnderstanding%2Freading-level.html%23dfn-lower-secondary-education-level&data=05%7C01%7Cjohn.rochford%40umassmed.edu%7Cf3e98730b6b2416de59608da850763e1%7Cee9155fe2da34378a6c44405faf57b2e%7C0%7C0%7C637968564050251719%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=rjuk8PYd6uEw%2BaObuN8lMOVgh8noj8m4X2WOhu1%2BZ%2Fg%3D&reserved=0> after
> removal of proper names and titles, supplemental content
> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FWAI%2FWCAG22%2FUnderstanding%2Freading-level.html%23dfn-supplemental-content&data=05%7C01%7Cjohn.rochford%40umassmed.edu%7Cf3e98730b6b2416de59608da850763e1%7Cee9155fe2da34378a6c44405faf57b2e%7C0%7C0%7C637968564050251719%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=8XWaNlFzI%2FkOHfcsEKr4xPgUi8X0p15o8CtE%2BY1dijc%3D&reserved=0>,
> or a version that does not require reading ability more advanced than the
> lower secondary education level, is available.
>
>
>
> *From: *Rain Michaels <rainb@google.com>
> *Date: *Tuesday, August 23, 2022 at 6:25 AM
> *To: *Gregg Vanderheiden RTF <gregg@raisingthefloor.org>
> *Cc: *Jonathan Avila <jon.avila@levelaccess.com>, w3c-waI-gl@w3. org <
> w3c-wai-gl@w3.org>
> *Subject: *[EXT] Re: Accessible authentication Updates
>
> I really like Gregg's suggestion to add clarity with "that satisfy this
> SC."
>
>
>
> I also agree with his point that "cognitive function test" is an awkward
> (and complicated!) way to describe what these are. They aren't actually
> testing cognitive function, but instead requiring cognitive function skills
> to test the user's authenticity.
>
>
>
> I can live with not changing this much now, given the goals and scope of
> this effort. If, however, we think it's worth addressing, here is an
> attempted rewrite (put into list form to help me visually process):
>
> Examples of mechanisms *that satisfy this SC* include:
>
>    1. support for password entry by password managers to *minimize
>    requiring memorization abilities*, and
>    2. copy and paste to *minimize the cognitive burden of transcription*.
>
>
>
>
>
>
>
> On Mon, Aug 22, 2022 at 6:57 PM Gregg Vanderheiden RTF <
> gregg@raisingthefloor.org> wrote:
>
> Nice. Covers it well.
>
>
>
> We might just add  context in the lead in  (shown in *bold)  *to make it
> stand by itself a bit better.   Just editorial though.  And it can be
> tweaked for accuracy.
>
>
>
> Current note:
>
> Examples of mechanisms *that satisfy this SC* include: 1) support for
> password entry by password managers to address the memorization cognitive
> function test, and 2) copy and paste to help address the transcription
> cognitive function test.
>
>
>
>
>
> However I do wish we could stop using *"cognitive function test"* for
> things that are *not tests of cognitive function* - but rather things
> that are just functions that require cognitive burden or memory.     It
> bends my brain to call copying a password into the field as being a ’test
> of cognitive function’.      But as I said - if we can’t think of a better
> term - I can live with it.
>
>
>
> Best
>
>
>
> Gregg Vanderheiden
>
> gregg@vanderheiden.us
>
>
>
>
>
>
>
> On Aug 22, 2022, at 9:00 AM, Jonathan Avila <jon.avila@levelaccess.com>
> wrote:
>
>
>
> Hi Gregg, we already have a note on that – but perhaps it could be
> clarified:
>
> Current note:
>
> Examples of mechanisms include: 1) support for password entry by password
> managers to address the memorization cognitive function test, and 2) copy
> and paste to help address the transcription cognitive function test.
>
>
>
> Jonathan
>
> *From:* Gregg Vanderheiden <gregg@vanderheiden.us>
> *Sent:* Monday, August 22, 2022 11:53 AM
> *To:* Alastair Campbell <acampbell@nomensa.com>
> *Cc:* w3c-waI-gl@w3. org <w3c-wai-gl@w3.org>
> *Subject:* Re: Accessible authentication Updates
>
>
>
> *CAUTION:* This email originated from outside of the organization. Do not
> click links or open attachments unless you recognize the sender and know
> the content is safe.
>
>
>
> No objection — but we should include a note that "allowing passwords to be
> pasted in - does not require that the person remember a password"    or
> some other wording that
>
> a) does not sound like we just suddenly are not allowing any passwords to
> be use on the web (that will create a quick firestorm) and
>
> b) stops the practice of blocking the pasting of passwords into a field
> (thus requiring a heavy cognitive memory task that can be very difficult
> for many really good strong passwords)
>
>
>
>
>
>
>
>
>
> Gregg Vanderheiden
>
> gregg@vanderheiden.us
>
>
>
>
>
>
>
> On Aug 22, 2022, at 2:09 AM, Alastair Campbell <acampbell@nomensa.com>
> wrote:
>
>
>
> Hi everyone,
>
>
>
> I don’t think we’ve had any concerns about these updates, but I’ll state
> them concisely here.
>
>
>
> Firstly, some fairly editorial updates:
>
>
>
> *2. Clarify Accessible Authentication by including "remembering user names
> and passwords" in the SC text #2577 *
>
>
>
> Most people agree with the addition, with a couple of suggestions to put
> it in parenthesise and include at the AAA level. PR 2609
> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fwcag%2Fpull%2F2609%2Ffiles&data=05%7C01%7Cjohn.rochford%40umassmed.edu%7Cf3e98730b6b2416de59608da850763e1%7Cee9155fe2da34378a6c44405faf57b2e%7C0%7C0%7C637968564050251719%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=dxh6W%2FpoSU7OWzJmNKKQvLeoO38WGybpX3Iykx25WkQ%3D&reserved=0> has
> been updated to reflect that.
>
>
>
> There was a concern about the term “cognitive function test”, but for want
> of a better alternative, they could live with it.
>
>
>
> Does anyone object to PR 2609
> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fwcag%2Fpull%2F2609%2Ffiles&data=05%7C01%7Cjohn.rochford%40umassmed.edu%7Cf3e98730b6b2416de59608da850763e1%7Cee9155fe2da34378a6c44405faf57b2e%7C0%7C0%7C637968564050251719%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=dxh6W%2FpoSU7OWzJmNKKQvLeoO38WGybpX3Iykx25WkQ%3D&reserved=0> which
> adds: (such as remembering a password or solving a puzzle) to both versions?
>
>
>
>
>
> *3. Editorial update to accessible-auth exception #2608 *
>
>
>
> Tobias made a suggestion which several people agreed with (and doesn’t
> change the meaning), so I’ve updated PR 2608
> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fwcag%2Fpull%2F2608%2Ffiles&data=05%7C01%7Cjohn.rochford%40umassmed.edu%7Cf3e98730b6b2416de59608da850763e1%7Cee9155fe2da34378a6c44405faf57b2e%7C0%7C0%7C637968564050251719%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=pLK%2BhwWJA0JKfokOBoHkNVFJomYquTfRr3K9Fz4xdBI%3D&reserved=0> to
> reflect that.
>
>
>
> Any objections to that update?
>
>
>
>
>
> *New issue 2*
>
>
>
> I don’t think there’s a separate issue for it, but in a couple of places
> people have raised that: identifying content the user has provided to the
> website could include passwords.
>
>
>
> To resolve this, I’m proposing we use “non-text content” in the exception,
> and remove ‘text’ from the note. This is implemented in PR 2624
> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fwcag%2Fpull%2F2624%2Ffiles&data=05%7C01%7Cjohn.rochford%40umassmed.edu%7Cf3e98730b6b2416de59608da850763e1%7Cee9155fe2da34378a6c44405faf57b2e%7C0%7C0%7C637968564050251719%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=8drKdl0yCdgIafIV4%2BE1MkQAV02hgn6SZTZ62pU0uAo%3D&reserved=0>
> .
>
>
>
> Any objections?
>
>
>
>
>
> Then a more substantial re-structure:
>
>
>
> *New issue 1*
>
>
>
> In the thread of Issue 2592
> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fwcag%2Fissues%2F2592&data=05%7C01%7Cjohn.rochford%40umassmed.edu%7Cf3e98730b6b2416de59608da850763e1%7Cee9155fe2da34378a6c44405faf57b2e%7C0%7C0%7C637968564050251719%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2B3IZOAh19u0CkbEnEOycd5KSFrldqJVBfwnEqHVkWZ4%3D&reserved=0> EricE
> proposed to re-structure the SC text so it uses bullet-points for the
> exceptions AND the alternative  & mechanism aspects.
>
>
>
> To keep it aligned with the current meaning I suggested it use a structure
> more like the alt-text SC:
>
> https://github.com/w3c/wcag/issues/2592#issuecomment-1217758169
> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fwcag%2Fissues%2F2592%23issuecomment-1217758169&data=05%7C01%7Cjohn.rochford%40umassmed.edu%7Cf3e98730b6b2416de59608da850763e1%7Cee9155fe2da34378a6c44405faf57b2e%7C0%7C0%7C637968564050251719%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=hgtBaBcTHpi2KESREkhut3uEiLL%2Be8BJWGnHud3Dijc%3D&reserved=0>
>
>
>
> The question at this point is: Do people think that improves the SC and
> no-one would object?
>
>
>
> If anyone objects, we’ll shut-down that approach now rather than take time
> on it but I couldn’t see a problem with it.
>
>
>
> Kind regards,
>
>
>
> -Alastair
>
>
>
> --
>
>
>
> @alastc / www.nomensa.com
> <https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.nomensa.com%2F&data=05%7C01%7Cjohn.rochford%40umassmed.edu%7Cf3e98730b6b2416de59608da850763e1%7Cee9155fe2da34378a6c44405faf57b2e%7C0%7C0%7C637968564050407943%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=cb0SyOChi%2Bn3tFkfeuTh1vEyHNtpbKG9sxnyJdzVaEw%3D&reserved=0>
>
>
>
>