w3c/wbs-design
or
by mail to sysreq
.
The results of this questionnaire are available to anybody.
This questionnaire was open from 2021-06-21 to 2021-09-21.
17 answers have been received.
Jump to results for question:
In Issue 1902 wardav asks about the definition of a common object. Last week we agreed to move forward with an AA and AAA SC.
PR 2042 has the AA and AAA version and updates to the understanding documents.
Do you:
Choice | All responders |
---|---|
Results | |
Agree with the updates | 3 |
Agree with the updates with adjustments | 1 |
Something else |
(13 responses didn't contain an answer to this question)
Responder | AA and AAA text for Accessible Authentication | Comments |
---|---|---|
Ben Tillyer | ||
Andrew Kirkpatrick | ||
Aimee Ubbink | ||
Wilco Fiers | ||
Todd Libby | ||
David MacDonald | ||
Stefan Schnabel | ||
Patrick Lauke | ||
Charles Adams | ||
Bruce Bailey | ||
John Kirkwood | ||
Michael Gower | ||
Laura Carlson | Agree with the updates | |
Rain Breaw Michaels | Agree with the updates | |
Rachael Bradley Montgomery | Agree with the updates | |
Gundula Niemann | ||
Alastair Campbell | Agree with the updates with adjustments | For the AAA understanding document, can we remove the bits which are identical to the AA version, and just link across at the top (like focus-appearance (enhanced) does). Also, I don't think we should remove the note under the current one (starting "Examples of mechanisms include: 1)...") as that was agreed previously. I've created an update to that branch here: https://github.com/w3c/wcag/pull/2046 That PR: - Removes most of the 'intent' content in the AAA understanding doc. - Slightly re-structures the SC text (separating the exception). - Clarifies the new note. - Includes the previous note that had been removed. |
Last week we discussed adding a note to WCAC 2.2 to point readers to the coga related AAA criteria. A draft is below.
Note: While WCAG AA is typically used as the standard for conformance, it is important to note that important solutions to barriers experienced by people with cognitive and learning disabilities are included in the AAA criteria. In order to support people with cognitive and learning disabilities, please consider also supporting [list coga related AAA SC]. Additional non-normative design guidance is available at Marking Content Usable for People with Cognitive and Learning Disabilities..
Do you:
Choice | All responders |
---|---|
Results | |
Agree with this note | 2 |
Agree with the note with adjustments | 1 |
Something else | 2 |
(12 responses didn't contain an answer to this question)
Responder | Note for WCAG 2.2 | Comments |
---|---|---|
Ben Tillyer | ||
Andrew Kirkpatrick | ||
Aimee Ubbink | ||
Wilco Fiers | ||
Todd Libby | ||
David MacDonald | ||
Stefan Schnabel | ||
Patrick Lauke | ||
Charles Adams | ||
Bruce Bailey | ||
John Kirkwood | ||
Michael Gower | ||
Laura Carlson | Agree with this note | |
Rain Breaw Michaels | Agree with the note with adjustments | Here are the ones that I identified that likely should be included in the list: 1.3.6 Identify Purpose 1.4.7 Low or No Background Audio 1.4.8 Visual Presentation 1.4.9 Images of Text 2.2.3 No Timing 2.2.4 Interruptions 2.2.5 Re-authenticating 2.2.6 Timeouts 2.3.2 Three Flashes 2.3.3 Animation from Interactions 2.4.8 Location 2.4.9 Link Purpose (Link Only) 2.4.10 Section Headings 3.1.3 Unusual Words 3.1.4 Abbreviations 3.1.5 Reading Level 3.1.6 Pronunciation 3.2.5 Change on Request 3.3.5 Help 3.3.6 Error Prevention (All) |
Rachael Bradley Montgomery | Agree with this note | |
Gundula Niemann | Something else | no decision from my side, just a wording remark: Should "Marking Content Usable ..." say "Making Content Usable ..."? If this is not the case, please explain what is meant by marking a content usable, as I assume it does not mean just claiming it is usable. |
Alastair Campbell | Something else | We should specify where the note would go, and looking through the top-sections it appears it would go under the "WCAG 2 Layers of guidance" section. There is already a paragraph there that starts "Note that even content that conforms at the highest level (AAA) will not be accessible to individuals with all types, degrees, or combinations of disability, particularly in the cognitive, language, and learning areas...." I suggest we update that paragraph / section with the new content. E.g. > "Note that while WCAG AA is typically used as the standard for conformance, it is important to note that important solutions to barriers experienced by people with cognitive and learning disabilities are included in the AAA criteria. Even content that conforms at the highest level (AAA) will not be accessible to individuals with all types, degrees, or combinations of disability, particularly in the cognitive, language, and learning areas. Authors are encouraged to consider the full range of techniques, including the advisory techniques, and the _Making Content Usable for People with Cognitive and Learning Disabilities_ note." I don't think we should add a list of particular SCs at the top: - It is just adding more repetitive content at the top, making it further to scroll to get to the content they would point to; - It raises the question of: Why we don't list AAA SCs for other disability groups? - The COGA-usable doc seems a more effective & wider scoped doc compared to the AAA SCs, at least for COGA issues. |
In Issue 1902 wardav asks about the definition of a common object. This has led to a long discussion about what a cognitive function test includees and which tests should be excepted within this SC.
Rain has been looking into the topic with the COGA task force and they have concluded that:
We see several ways forward. Please weigh in with your preferred way forward.
Choice | All responders |
---|---|
Results | |
Create an AA level SC that does not allow for recognizing common objects and audio (picture based CAPTCHA for example would not pass this SC) | |
Create a AA level SC that allows for recognizing common objects and audio, plus an SC at AAA that does not allow for recognizing common objects | 7 |
Remove this SC from 2.2 | 2 |
(8 responses didn't contain an answer to this question)
Responder | DONE: Recognizing common objects path forward | Comments |
---|---|---|
Ben Tillyer | ||
Andrew Kirkpatrick | ||
Aimee Ubbink | ||
Wilco Fiers | ||
Todd Libby | ||
David MacDonald | Remove this SC from 2.2 | I am oscillating between removing and allowing a limited version at AA. Historically, in WCAG, we have tried not introduce an SC that doesn't have a clear and mature solution. I am struggling with the lack of mature options. Also, security and accessibility have always had competing requirements. Accessibility attempts to allow as many users as possible to use the content, and security attempts to allow as few as necessary to use the content. Audio bootleggers used to go to concerts as people with hearing loss to haves their FM systems plugged into the mixing board for a direct recording. I could live with a limited SC at AA that has clear and mature solutions. |
Stefan Schnabel | Create a AA level SC that allows for recognizing common objects and audio, plus an SC at AAA that does not allow for recognizing common objects | |
Patrick Lauke | Create a AA level SC that allows for recognizing common objects and audio, plus an SC at AAA that does not allow for recognizing common objects | |
Charles Adams | Create a AA level SC that allows for recognizing common objects and audio, plus an SC at AAA that does not allow for recognizing common objects | I'm concerned with doing this at the end of our WCAG 2.2 cycle, and if this is something for which others share my concerns, I'd prefer we remove it. |
Bruce Bailey | Create a AA level SC that allows for recognizing common objects and audio, plus an SC at AAA that does not allow for recognizing common objects | FWIW i would be concerned that a AA level SC that does not allow for recognizing common objects and audio would be a blocker for regulators. Does the AA SC that allows for recognizing common objects and audio require that USERS have the CHOICE OF EITHER visual or audio CAPTCHA? (( Or is dual modality of CAPTCHA required in another SC? )) |
John Kirkwood | ||
Michael Gower | Remove this SC from 2.2 | This contradicts the existing Understanding document: > Recognizing common objects, or a picture the user has provided, would not be a cognitive function test. It seems like we have a moving target on what constitutes a cognitive function test. If we can't settle on that, the SC is at risk. |
Laura Carlson | Create a AA level SC that allows for recognizing common objects and audio, plus an SC at AAA that does not allow for recognizing common objects | |
Rain Breaw Michaels | Create a AA level SC that allows for recognizing common objects and audio, plus an SC at AAA that does not allow for recognizing common objects | |
Rachael Bradley Montgomery | ||
Gundula Niemann | ||
Alastair Campbell | Create a AA level SC that allows for recognizing common objects and audio, plus an SC at AAA that does not allow for recognizing common objects | I think that adding the AAA version is actually the smallest change in substance. It clarifies something that had been a little buried in the definition, and signals what the preferred option is (don't use those tests that are excepted). |
AWK raised issue 1885 with a question and comment.
There is an updated response changing the reason that WebAuthN is considered to pass.
Do you:
Choice | All responders |
---|---|
Results | |
Agree with the response | 4 |
Agree with the response with adjustment (comment) | 2 |
Propose a different response (comment) |
(11 responses didn't contain an answer to this question)
Responder | DONE: Adobe Comment on 3.3.7 Accessible Authentication #1885 | Comments |
---|---|---|
Ben Tillyer | ||
Andrew Kirkpatrick | ||
Aimee Ubbink | ||
Wilco Fiers | ||
Todd Libby | Agree with the response | |
David MacDonald | ||
Stefan Schnabel | ||
Patrick Lauke | Agree with the response | |
Charles Adams | ||
Bruce Bailey | Agree with the response | |
John Kirkwood | Agree with the response with adjustment (comment) | Agree with Rachel's adjustment |
Michael Gower | ||
Laura Carlson | Agree with the response | |
Rain Breaw Michaels | ||
Rachael Bradley Montgomery | Agree with the response with adjustment (comment) | I agree with the intent but the following sentence is not particularly clear: "For the time-out during authentication with WebauthN (spec link), the time-out does not loose anything, you simply re-start the authentication, it is no more of a step than if there were a pop-over warning you of the time out." I suggest the following edit: "For the time-out during authentication with WebauthN (spec link), the time-out does not loose anything, you simply re-start the authentication. Restarting is the same number of steps as a pop-over warning you of the time out." |
Gundula Niemann | ||
Alastair Campbell |
philljenkins asked that we add a new requirement to Accessible Authentication in Issue 1921.
The Cognitive Task Force recognise that it is a new requirement, but requested it be mentioned in the understanding document.
PR 1940 was created to include such a sentence in the understanding document.
Do you think we should:
Choice | All responders |
---|---|
Results | |
Include the new paragraph | 6 |
Include the new paragraph with adjustment | 2 |
Not include the new paragraph. | |
Something else | 3 |
(6 responses didn't contain an answer to this question)
Responder | DONE: Add requirement / control to "show password" for end-users #1912 | Comments |
---|---|---|
Ben Tillyer | ||
Andrew Kirkpatrick | Include the new paragraph | |
Aimee Ubbink | Include the new paragraph | |
Wilco Fiers | ||
Todd Libby | Include the new paragraph | |
David MacDonald | ||
Stefan Schnabel | ||
Patrick Lauke | Include the new paragraph with adjustment | Just to clarify (as the survey question here seems to imply otherwise): this is *not* a requirement, as the sentence makes clear this is just a nice-to-have best practice *not* required for conformance. in that light, I'm ok with having this included. I would, however, front-load the sentence to make it clear right away that "As a best practice, ..." |
Charles Adams | ||
Bruce Bailey | Include the new paragraph | |
John Kirkwood | Something else | In alignment with Rain's adjustment. |
Michael Gower | ||
Laura Carlson | Include the new paragraph | |
Rain Breaw Michaels | Something else | COGA (special thanks to Abi James and John Rochford) created the proposed adjustment to the current language in the pull request: "Another factor that can contribute to the cognitive load when authenticating is hiding characters when typing, such as in a password field. Providing a feature to optionally show a password can improve the chance of success for people with cognitive disabilities or those who have difficulties with accurately typing. However, this support mechanism on its own does not remove all of the cognitive task when transcribing characters." Our concerns with the current PR, which the proposed language above addresses: 1. After re-reading the functional definition of a cognitive function test (https://www.w3.org/TR/WCAG22/#dfn-cognitive-function-test), we realized that transcribing characters is very clearly included as a cognitive function test. 2. To say that "Password visibility is ... a good way of reducing the cognitive load, so including a feature to optionally show the password is very helpful" minimizes the severity of the impact for some individuals. We are concerned some may read this to think that this type of support may be sufficient to support all individuals who experience difficulty with transcription. |
Rachael Bradley Montgomery | Something else | I support adding in both Rain and Patrick's adjustments |
Gundula Niemann | Include the new paragraph | |
Alastair Campbell | Include the new paragraph with adjustment | Riffing on Rain's update, I'm suggesting this: > Another factor that can contribute to cognitive load is hiding characters when typing. Although this criterion requires that users do not have to type in (transcribe) a password, there are scenarios where that is necessary such as creating a password to be saved by a password manager. Providing a feature to optionally show a password can improve the chance of success for people with cognitive disabilities or those who have difficulties with accurately typing. There might be a better example, but it is clearer about the requirement. |
Ben asked in issue 1878 whether the normative text supported that copy-paste must not be blocked.
It is possible for authors to provide another mechanism, so PR 1960 refines that text in the understanding doc.
Do you:
Choice | All responders |
---|---|
Results | |
Agree with the change | 7 |
Agree with the change with adjustment | |
Something else |
(10 responses didn't contain an answer to this question)
Responder | Done: Ensuring copy-paste is not blocked #1878 | Comments |
---|---|---|
Ben Tillyer | ||
Andrew Kirkpatrick | ||
Aimee Ubbink | ||
Wilco Fiers | ||
Todd Libby | Agree with the change | |
David MacDonald | ||
Stefan Schnabel | ||
Patrick Lauke | Agree with the change | |
Charles Adams | ||
Bruce Bailey | Agree with the change | |
John Kirkwood | Agree with the change | |
Michael Gower | ||
Laura Carlson | Agree with the change | |
Rain Breaw Michaels | Agree with the change | |
Rachael Bradley Montgomery | Agree with the change | |
Gundula Niemann | ||
Alastair Campbell |
@wardav asked in issue 1899 whether it is theoretically possible for a theoretical user to authenticate themselves without a cognitive test using a very niche method.
The proposed response basically says: no, it would need to work in practice.
We discussed this last week, but need more people to comment in the survey and perhaps propose a different response.
Do you:
Choice | All responders |
---|---|
Results | |
Agree with the response | 3 |
Agree with the response with adjustment (comment) | |
Propose a different response (comment) | 2 |
(12 responses didn't contain an answer to this question)
Responder | DONE: is it acceptable to only support niche, propriety, OS specific, and potentially inaccessible methods? #1899 | Comments |
---|---|---|
Ben Tillyer | Agree with the response | |
Andrew Kirkpatrick | ||
Aimee Ubbink | ||
Wilco Fiers | Propose a different response (comment) | I don't think arguing "no, because accessibility support" is right here. I think a better response would just be to say that non-web technologies may be involved, and that while we certainly hope organisations won't burden PwD with extra costs, WCAG is limited to web technologies only. It can extend its scope to include non-web devices, or set requirements for availability / cost of those. |
Todd Libby | Agree with the response | |
David MacDonald | ||
Stefan Schnabel | ||
Patrick Lauke | Propose a different response (comment) | "In theory a site could claim conformance with just a niche device/setup allowing for authentication, but it would not fit the generally accepted use of "accessibility supported"." not sure i'd agree here. if the "niche device/setup" is "technology [that] is [...] widely-distributed [... and] accessibility supported" per https://www.w3.org/TR/WCAG22/#dfn-accessibility-supported (which doesn't mean free, or based on open standards, but just that it's "widely distributed"), should it not pass this? (reminded here of the argument about "there's this extension for browsers that lets you navigate by headings ... sure, nobody's heard of it, but it's 'widely distributed'" that we had not so long ago) "no website can implement facial recognition" websites have access to APIs to hook into webcams, directly from JavaScript. so this is in fact possible - while technically and computationally quite complex. so this part of the answer needs some work. |
Charles Adams | ||
Bruce Bailey | Agree with the response | |
John Kirkwood | ||
Michael Gower | ||
Laura Carlson | ||
Rain Breaw Michaels | ||
Rachael Bradley Montgomery | proposed response: "While technically, a specialized technique would pass we do not recommend that approach. Providing a commonly used, widely available approach better supports use." | |
Gundula Niemann | ||
Alastair Campbell |
In issue Issue 1900 wardav seems to confuse the site-set password with the user's password/pin for the device.
There is a response in the thread, and a very simple change in the understanding document in PR 1909.
Do you:
Choice | All responders |
---|---|
Results | |
Agree with the response and change | 4 |
Agree with the response and change, with adjustment | |
Propose something else | 1 |
(12 responses didn't contain an answer to this question)
Responder | DONE: Are system-level tests out of scope? Are PINs and Passwords synonymous? #1900 | Comments |
---|---|---|
Ben Tillyer | Agree with the response and change | |
Andrew Kirkpatrick | ||
Aimee Ubbink | ||
Wilco Fiers | ||
Todd Libby | Agree with the response and change | |
David MacDonald | ||
Stefan Schnabel | ||
Patrick Lauke | ||
Charles Adams | ||
Bruce Bailey | Agree with the response and change | |
John Kirkwood | Agree with the response and change | |
Michael Gower | ||
Laura Carlson | ||
Rain Breaw Michaels | ||
Rachael Bradley Montgomery | ||
Gundula Niemann | Propose something else | A system level PIN or password also is a cognitive function test. providing an alternative is out of scope for a app author, yet it is in scope for the operating system provider. |
Alastair Campbell |
In Issue 1901 wardav asks whether certain authentication features should count as a 'cognitive function test'.
The response basically says no, they are cog-fun-tests, but if user-agents did start supporting those then that might count as a 'mechanism'.
Do you:
Choice | All responders |
---|---|
Results | |
Agree with the response | 2 |
Agree with the response with adjustment | |
Propose a different response | 1 |
(14 responses didn't contain an answer to this question)
Responder | DONE: supporting copy-paste, example with memorable information, and specific characters #1901 | Comments |
---|---|---|
Ben Tillyer | ||
Andrew Kirkpatrick | ||
Aimee Ubbink | ||
Wilco Fiers | ||
Todd Libby | Agree with the response | |
David MacDonald | ||
Stefan Schnabel | ||
Patrick Lauke | ||
Charles Adams | ||
Bruce Bailey | Agree with the response | |
John Kirkwood | ||
Michael Gower | ||
Laura Carlson | ||
Rain Breaw Michaels | ||
Rachael Bradley Montgomery | ||
Gundula Niemann | Propose a different response | Indeed I see answering such questions as cognitive function tests. Yet they need a different solution than passwords, for example because storing them with the password does not make sense with their purpose. Part of the problem is for example the missing AI. 'Where have you met your spouse?' Have I met him 'in New York', or did I just type 'New York'? I think this is a wide new field. |
Alastair Campbell |
In Issue 1903 JamesCatt appears to mis-understand what the 'examples' section of the understanding doc is trying to do.
Alastair added a proposed response, mostly to check that it wasn't him misunderstanding the issue, but hoping to close off the issue.
This was discussed briefly last week, but we need more people to fill in the survey and/or be able to comment on the response.
Do you:
Choice | All responders |
---|---|
Results | |
Agree with the response | 3 |
Agree with the response with adjustment | |
Something else |
(14 responses didn't contain an answer to this question)
Responder | DONE: Clarification on USB-based 2FA #1903 | Comments |
---|---|---|
Ben Tillyer | ||
Andrew Kirkpatrick | ||
Aimee Ubbink | ||
Wilco Fiers | ||
Todd Libby | Agree with the response | |
David MacDonald | ||
Stefan Schnabel | ||
Patrick Lauke | ||
Charles Adams | ||
Bruce Bailey | Agree with the response | |
John Kirkwood | ||
Michael Gower | ||
Laura Carlson | ||
Rain Breaw Michaels | ||
Rachael Bradley Montgomery | ||
Gundula Niemann | Agree with the response | |
Alastair Campbell |
AWK raised issue 1885 with a question and comment.
There is a proposed response.
Last week we discussed this issue, but need someone to examine the Time-outs issue with WebauthN.
Do you:
Choice | All responders |
---|---|
Results | |
Agree with the response | 5 |
Agree with the response with adjustment (comment) | 1 |
Propose a different response (comment) | 1 |
(10 responses didn't contain an answer to this question)
Responder | DEFUNCT: Adobe Comment on 3.3.7 Accessible Authentication #1885 | Comments |
---|---|---|
Ben Tillyer | Agree with the response | |
Andrew Kirkpatrick | Propose a different response (comment) | I'm concerned about Alastair's response saying that the time out problem would be essential as it is security related, but that doesn't align with the way we decided to handle essential and security in 3.3.8 (Redundant Entry). |
Aimee Ubbink | ||
Wilco Fiers | Agree with the response with adjustment (comment) | I don't agree that the "essential exception" of 2.1.1 applies to authentication. This should just say that SC 2.1.1 applies to WebauthN, just as it does to any other web based authentication method. |
Todd Libby | Agree with the response | |
David MacDonald | ||
Stefan Schnabel | ||
Patrick Lauke | Agree with the response | |
Charles Adams | ||
Bruce Bailey | Agree with the response | |
John Kirkwood | ||
Michael Gower | ||
Laura Carlson | ||
Rain Breaw Michaels | Agree with the response | |
Rachael Bradley Montgomery | ||
Gundula Niemann | ||
Alastair Campbell |
In Issue 1855 Patrick points out that blocking copy-paste is not the mechanism which blocks password managers.
Both blocking password managers and copy-paste is an issue so the discussing those in the understanding doc is valid, but they need separating.
PR 1898 updates the understanding doc.
Do you:
Choice | All responders |
---|---|
Results | |
Agree with the updates | 9 |
Agree with the updates, with adjustment | 1 |
Something else |
(7 responses didn't contain an answer to this question)
Responder | DONE: confusion about "paste" #1855 | Comments |
---|---|---|
Ben Tillyer | Agree with the updates | |
Andrew Kirkpatrick | ||
Aimee Ubbink | Agree with the updates | |
Wilco Fiers | Agree with the updates | |
Todd Libby | Agree with the updates | |
David MacDonald | ||
Stefan Schnabel | ||
Patrick Lauke | Agree with the updates | However, the PR was made with the understanding that the "form is written 'correctly' per SC 1.3.5", and "must not block paste" are two separate aspects. I've seen some discussions where both are treated as being interdependent, which was not my reading of the SC. this should be clarified. the example originally included about a web-based command line environment that allows users to copy from a 3rd party pwd manager and then paste into the CLI, however, would negate the reading of 1.3.5 being required at the same time, as a CLI would not *have* any inputs with autocomplete... |
Charles Adams | ||
Bruce Bailey | Agree with the updates | |
John Kirkwood | ||
Michael Gower | ||
Laura Carlson | Agree with the updates | |
Rain Breaw Michaels | Agree with the updates | |
Rachael Bradley Montgomery | Agree with the updates, with adjustment | I agree both of these topics need to be addressed but as written it looks like username and password fields can be used if they either do not block copy paste OR are properly marked up. I think to pass they should need to allow copy and paste AND be properly marked up. People use password managers differently and there are times password managers fail so I believe both autofill and copy/paste should be supported to ensure success. |
Gundula Niemann | Agree with the updates | |
Alastair Campbell |
@benja11y asks in Issue 1879 whether an RSA token (with digital screen showing characters) would qualify as another method for this SC, when it isn't accessible to people who cannot see it.
The proposed response says no, there needs to be a fully conformant version, as per the conforming alternative version definition.
Do you:
Choice | All responders |
---|---|
Results | |
Agree with the response | 10 |
Agree with the response with adjustment (comment) | |
Propose a different response (comment) |
(7 responses didn't contain an answer to this question)
Responder | DONE: Other Methods #1879 | Comments |
---|---|---|
Ben Tillyer | Agree with the response | (I am @benja11y) |
Andrew Kirkpatrick | ||
Aimee Ubbink | Agree with the response | |
Wilco Fiers | Agree with the response | |
Todd Libby | Agree with the response | |
David MacDonald | ||
Stefan Schnabel | ||
Patrick Lauke | Agree with the response | |
Charles Adams | ||
Bruce Bailey | Agree with the response | |
John Kirkwood | ||
Michael Gower | ||
Laura Carlson | Agree with the response | |
Rain Breaw Michaels | Agree with the response | |
Rachael Bradley Montgomery | Agree with the response | It may be worth noting that a standard RSA token would not pass but one that autopopulates the number through the USB port might. https://www.rsa.com/content/dam/en/data-sheet/rsa-securid-hardware-tokens.pdf |
Gundula Niemann | Agree with the response | May several alternatives accumulate to answer all needs and thus reach Accessibility? |
Alastair Campbell |
The following persons have not answered the questionnaire:
Send an email to all the non-responders.
Compact view of the results / list of email addresses of the responders
WBS home / Questionnaires / WG questionnaires / Answer this questionnaire
w3c/wbs-design
or
by mail to sysreq
.