- From: Al Gilman <asgilman@access.digex.net>
- Date: Tue, 24 Mar 1998 12:38:25 -0500 (EST)
- To: w3c-wai-ua@w3.org
- Cc: asgilman@access1.digex.net (Al Gilman)
In the context of "browser sniffing" I mentioned my "User's Bill of Rights" discussion prepared as part of my personal contributions to the WAI-WG review of ACSS. This is not a consensus result of any WAI group. It is just the best writeup of the concept that I can find quickly. As regards browser sniffing, what it says is: Non-discrimination in HTTP service HTTP servers shall not decline to serve a document to a client because of the display and control capabilities of the client. HTTP servers shall not make decisions how to deliver service based on client type other than standard display and control capabilities explicitly communicated from the client. The full note can be found at: Status of ACSS action item on 02 July 1997 http://www.access.digex.net/%7Easgilman/web-access/ACSS/status1.html This is an area where there is friction between two good things. One is creative innovation in the art of the business deal and the other is the function of W3C formats and protocols to preserve the openness of the Web environment. Keying off the User-Agent header in HTTP, what I am calling "browser sniffing" is common. It is quick and convenient. It short-circuits user steering of their browse process. This can either be a convenience, if it is done well, or an orientation and navigation disaster, if the access mode of the user falls outside the horizon of what the site builder thought about. [Same old story.] For Web commerce, one important factor is that it is totally insecure. Even if it were legally established in lawsuits that using "Mozilla" in your User-agent string was subject to business licensing from Netscape, the fact that Netscape could sue you is not sufficient security policy to protect your link to a Bank. If they really care about the security of the Web discourse that accesses their accounts, they need a more trustworthy test of the dialog than simple browser sniffing. This affects accessibility by the disabled when we bring it down to the specific case of access to Web banking using Lynx. If banks require some short list of browsers that does not include Lynx, then the set of people they are shutting out contains a markedly higher proportion of blind individuals than the people that they are not shutting out. This has in some parallel situations in the past been sufficient evidence to rule the practice illegally discriminatory. But in the Law, a precendent is in the eye of the case builder. It is just a theory you can claim and try to defend before a jury. It's not a matter of deductive theorem proving. I am not trying to build a jury-proof case here; just establish a reasonable doubt that reading the User-Agent header is the most WAI-friendly way to confirm that you have some privacy for the business dialog that you want to conduct. I would like the WAI-UA group to consider formulating a User's Bill of Rights for the Web. In the spirit of Universal Design, it may only be the disabled who care enough to invent this, but it will be to the advantage of all: users and site maintainers and vendors alike. I believe that on looking at what the user's rights should be, that browser sniffing will be, if not deprecated, subjected to guidelines that ensure that the user can disable or in other ways override it. And that bonafide requirements such as auditing the privacy of business conversations will be implemented by bonafide audit methods accessible by all, not by business alliances. Al Gilman
Received on Tuesday, 24 March 1998 12:38:27 UTC