RE: Extended Validation SSL indication

Jim,

In IE7 we did some work to try and make this experience more accessible.  It is interesting because had you browsed with Window-Eyes you would have had  had a slightly different experience.

Window-Eyes gives announcement of this kind of security info automatically on page load.

When you say you were not able to activate the links with the keyboard, I'm not seeing that.  If you arrow through the security info in IE, there are two links and pressing enter on both should activate those links.

This is an interesting topic and I have more thoughts and we've discussed this issue internally.  We can discuss in a meeting.



-----Original Message-----
From: w3c-wai-ua-request@w3.org [mailto:w3c-wai-ua-request@w3.org] On Behalf Of Jim Allan
Sent: Tuesday, August 19, 2008 3:21 PM
To: w3c-wai-ua@w3.org
Subject: Extended Validation SSL indication


Just read an interesting article " Earn Trust With Extended Validation SSL"
from
http://www.thestylesheet.com/featured-articles/2008/08/earn-trust-with-exten
ded-validation-ssl/

The article was related to security but mentioned the browsers address bar
turning green and other indicators to tell the user about the valid
certificate. My accessibility alarm bells gave a ring.

So I tested with Jaws in IE7 and FF3. Went to http://www.papercheck.com/ as
a test. The address bar does indeed turn green when you activate a
'purchase' link.
In IE7 valid certificate information also appears to the right of  the
address field. You are able to tab to this information, space bar opens it,
and with some routing of Jaws to PC cursor, you can read what is there. But
I was not able to activate any of the links (or tab to them) in the valid
certificate information. Mouse was the only interaction possible.

In FF3 valid certificate information also appears in the address field to
the left of the actual address. You are able to tab to this information,
space bar opens it, and JAWS reads the information. Then you can tab to
actionable items, open them, and interact will all of the information in the
new windows.

The concern is that there is no notification to the user indicating that new
information appeared in the UA user interface other than the color change
and new text appears in or near the address bar. The UA generates these
items from meta tags in the head of the page.
<link rel="meta" href="https://www.papercheck.com/labels.xml"
type="application/rdf+xml" title="ICRA labels">
<meta http-equiv="pics-Label" content='(pics-1.1
"https://www.icra.org/pics/vocabularyv03/" l gen true for
"https://www.papercheck.com/"  ...>

Security information is critical to all users. The UA should alert the user
when this 'pop-on' security information is available. This is different from
being altered that you are going to a secure website. UAs already have that
functionality. It should be documented. The resulting
information/interaction should be keyboard accessible and available
programmatically.

I did a quick review of UAAG20 but did not find anything specific.  This
needs further discussion, but after we have keyboarding completed.

Thoughts? Other issues related to information appearing in the address bar
or elsewhere in the UA interface?

Jim Allan, Accessibility Coordinator & Webmaster
Texas School for the Blind and Visually Impaired
1100 W. 45th St., Austin, Texas 78756
voice 512.206.9315    fax: 512.206.9264  http://www.tsbvi.edu/
"We shape our tools and thereafter our tools shape us." McLuhan, 1964

Received on Thursday, 21 August 2008 16:32:50 UTC