Meeting minutes
Announcements
maryjom: Few things in announcements. Please get surveys done early
maryjom: Has everyone rejoined since the recharter?
dmontalvo: Thinks all have rejoined - if not, get in touch with Daniel
maryjom: One other announcement - 4 SCs ready to go to AGWG, may get a 5th one.
… So we will put those out for survey.
<Chuck> https://
maryjom: New process in AGWG for reviewing content. Instead of a survey with questions, all is done in GitHub - issue created in GitHub, then refs the latest editor's draft for each section we want them to review.
Chuck: pasting in links on the new process
… and detail on how to do it.
… Makes AGWG more consistent with the rest of the W3C organisations.
maryjom: One question. As Taskforce, are we OK to use surveys?
<Chuck> +1 to making life easier for our TF leader!
maryjom: Surveys would be easier rather than doing invididual issues. So we will continue using surveys for our taskforce
Project status and standup
maryjom: [Sharing screen]
… Several things still in progress. Mary Jo has not finished issue #216 on text spacing.
olivia: Working on issue #41, lots of references to page, so may need breaking down
maryjom: Editors are working on references to change from 2.2 to generic WCAG 2 where appropriate.
PhilDay: Changed in index.html to update the document title.
maryjom: As far as public comments go, we still have some issues
mitch11: Working on several comments, but was unwell so will pick these up in next few days
maryjom: Will follow up with Laura on her issue
… Gregg also has one - issue #221.
GreggVan: Will look into it - thought it was all complete but will look at it now.
maryjom: We have a new comment, issue #261, on sets of software and sets of web pages.
GreggVan: Has started commenting on this issue. Think it is the same problem as for WCAG - there are some web apps that change URLs, others have a single URL, which is equivalent for software as well.
… It would be good to get some discussion from the wider team
maryjom: If you have time, please take a look at issue #261 and add to the discussion
ack
Survey results: Update to 4.1.1 Parsing for WCAG 2.0 and 2.1
<maryjom> https://
maryjom: Survey results for 4.1.1. parsing.
… 8 accept as is, 1 with edits
… Loic had edits
… noticed we were using the word "should" so had some substitutions
GreggVan: Understand we want to remove should/shall language which is good. But to declare something is no longer a requirement is also problematic. We should be giving advice rather than declaring facts
<loicmn> +1 to Gregg's suggestion. I'm OK with "would"
GreggVan: Change should to would, rather than "is no longer". So becomes "would no longer "
+1 to Gregg's change
… Any other suggestions for change?
maryjom: Editors can tweak language to ensure consistency, but get rid of should, and use something like "would" or "is to" and that will fix it
<maryjom> DRAFT RESOLUTION: Incorporate update to SC 4.1.1 changing first “should” to “is to” and second “should no longer” to “would no longer”.
+1
<mitch11> +1
<bruce_bailey> +1
<loicmn> +1
<Mike_Pluke> +1
<FernandaBonnin> +1
<olivia> +1
<Sam> +1
<maryjom> +1
RESOLUTION: Incorporate update to SC 4.1.1 changing first “should” to “is to” and second “should no longer” to “would no longer”.
Survey results: Review of proposal for 3.3.8 Accessible Authentication (Minimum)
<maryjom> https://
Question 3: Add new WCAG 2.2 term “cognitive function test”
<maryjom> https://
maryjom: Going to do the survey out of order - deal with those that had consensus first.
maryjom: 7 responses, 2 as is, 5 suggested more guidance / word substitution to remove web pages. Mitch proposed changing for "web sites and non-web ICT"
… Most agreed with this. Mary Jo commented it was a little different, may be better to use non-web documents and software and entirely remove web sites rather than include it
mitch11: Agree that we should use word substitution, but think we need to keep web sites to make this general statement hold
Mike_Pluke: Same point. This is a unique case - in this case, better to use this one, but not in other cases.
<maryjom> POLL: Change 1) “Web sites” to “Web sites and non-web ICT”, 2) change to "Web sites, non-web documents and software, 3) something else.
2, but would accept 1
<olivia> 2
<Mike_Pluke> 1
<mitch11> 1 or 2
<FernandaBonnin> 1 or 2
<loicmn> 2
<GreggVan> 2 but 1 is ok
maryjom: Slight preference for 2, so we will go with that
RESOLUTION: Add term “cognitive function test”, changing “Web sites” to “Web sites, non-web documents, and software”.
<bruce_bailey> 2
maryjom: Now going to q1
Question 1: Review of proposed content for 3.3.8 Accessible Authentication (Minimum)
<maryjom> https://
maryjom: 7 responses, all need edits
<maryjom> POLL: Is there general agreement with changing “Web site’ with “non-web document or software?” +1 to agree, -1 to disagree, 0 something else
<FernandaBonnin> +1
<loicmn> +1
+1
<Mike_Pluke> +1
<mitch11> +1
<maryjom> +1
<olivia> +1
<Sam> +1
<bruce_bailey> +1
maryjom: Have consensus on this. Mitch also suggested removing the note as the intent is already conveyed in the understanding section. If we leave it in, we have to rephrase the note
… Bruce also had a question about whether password managers work with for example, a Word document with password protection - may need covering with a note if not
<maryjom> POLL: 1) remove the note 2) change the note to cover operating system passwords, or 3) something else
<mitch11> 1+
mitch11: Don't remember where the note came from, but believe the intent was that web sites can defer authentication to a higher level (e.g. platform or user agent), rather than forcing a UI for the password
… Reading the understanding doc, which talks about authentication being deferred to a different layer. This then would suggest the note is not needed.
<loicmn> +1 to delete this note
bruce_bailey: My concern is that password authentication -the only practical way of doing this is the author doesn't do anything to defeat the password manager. I'm not familiar with any password managers that work for document password protection. If those exist, fine. If they do not, then we still have a requirement
<mitch11> 1+
Chuck: Note seems to suggest there is an element of non web ICT that this requirement does not apply to. This requirement was written for web, and so didn't apply to non-web. So should we make it apply, or do we just say that it does not apply?
… So I think the only choice is to remove this note
<bruce_bailey> i am okay with removing as out of scope
maryjom: But if we don't say it is out of scope but just delete it is not consistent. Elsewhere we say there may be instances where it is not possible to meet this SC.
<bruce_bailey> +1 for data / research
Chuck: There have been some assertions made that password managers won't work on document based passwords. I think that might be correct, but don't know for sure. Do we need some research to find out if this is correct?
<bruce_bailey> i may be raising a non-issue
maryjom: Might be useful to link up with another group (COGA?)
COGA
loicmn: As long as I can paste the password in Word - it works and would meet the requirement, so I don't see the issue with the question from Bruce. Feel that this is a good requirement and applies to any ICT as written
GreggVan: Agree with loic. One way password managers don't work - when signing in to operating system as password manager is not running. Also doesn't work on a closed system or any system you don't own.
<Zakim> bruce_bailey, you wanted to say that copy paste is great
bruce_bailey: I am OK with the consensus if we think that copy & paste meets the SC, then there is no problem
mitch11: Having trouble following the conversation - we seem to have jumped from just this note.
mitch11: So we should just focus on the removal or otherwise of this note.
<bruce_bailey> From Understanding: https://
mitch11: One specific thing that I heard - why this note was included in WCAG. I don't think it appeared in WCAG, think it just appeared here in WCAG2ICT. I don't see it in WCAG 2.2
<bruce_bailey> > Examples of mechanisms that satisfy this criterion include ... copy and paste to reduce the cognitive burden of re-typing
<loicmn> For bruce_bailey, this is what WCAG 2.2 says in note 2 of SC 3.3.8: "Note 2 Examples of mechanisms that satisfy this criterion include: support for password entry by password managers to reduce memory need, and copy and paste to reduce the cognitive burden of re-typing."
<loicmn> So copy and paste is an "official" alternative
FernandaBonnin: I had comments on the other question, but on this note, it is a new note, and added a reference. Think it is a relevant discussion
<Chuck> +1 to this did not come from WCAG.
<bruce_bailey> i think i have raised a non-problem
<Zakim> loicmn, you wanted to give examples of non-cognitive login in kiosks (QR code in phone)
loicmn: if just talking about this note, then OK to remove it. Then we can talk about other things when we get to the relevant topic.
<bruce_bailey> My preference would be to include that note from Understanding in WCAG2ICT
maryjom: Do we edit to not say out of scope, but explain why device passwords may not be possible to meet the requirement without providing alternative means to unlock the device
<bruce_bailey> Examples of mechanisms that satisfy this criterion include ... copy and paste to reduce the cognitive burden of re-typing
shadi: Still forming a position on removal of the note. Wonder if it might be worth discussing other points then come back to whether we remove this note.
… My understanding is in web content you create the password mechanism, in other ICT you rely on the operating system to do that
… So think there is a difference between web and non-web, so a note may be helpful - needs editing, but not sure if we delete yet
loicmn: Not against having a note, but should be a new note. Example in MS Windows, you can have different login systems including Hello (camera based), so Windows would meet this criteria.
… Mobile phones also have other options like fingerprint, facial recognition.
<Zakim> GreggVan, you wanted to say "Device activation passwords are out of scope because there is not possibility of using password managers until the system is booted." and to say "...because copy and paste cannot work at that point"
loicmn: This note should not be kept, maybe need something else.
<bruce_bailey> +1 to Loic's observation that face recognition is example of non-cognitive test which can be used to meet this SC
GreggVan: All this assumes you own your personal device and are using it - concern is for non-owned devices such as public device at library, or closed systems like a kiosk...
… Password managers assumes you are on your own device, same for biometrics
<Zakim> loicmn, you wanted to say that there are options for non-personal devices
loicmn: Do have examples of kiosks using non cognitive login. You can use QR code that identifies yourself to 'login' to identify yourself.
… There are alternatives, so SC still applies.
GreggVan: Not just talking about closed systems. Just talking about any system that you don't own - it's a broader problem
… Think there may be fundamental problem in the WCAG accessible authentication requirements, so it makes it difficult for us to apply when you are not applying to a personally owned device.
Sam: Trying to understand loic's example - would everyone carry a personal device with them? This is unfortunately not always true.
loicmn: Not suggesting that all people carry a personal device - just giving an example of not authenticating - could carry printed QR code, or other options for authenticating without cognitive authentication
Chu
Chuck: Understood that loic was just giving an alternative, not that it automatically satisfies all needs - it may be just one of many ways of meeting this
<loicmn> If ATM cannot meet the requirement, then legislation needs to say that this requirement does not apply. But it is not for us to say that WCAG2ICT does not apply.
<bruce_bailey> +1 to phils concerns for all of banking
PhilDay: Closed functionality such as ATMs must have PIN, which is standard for all banking.
<mitch11> an ATM PIN is not an example of "Device passwords" so different topic from Note removal
GreggVan: Comment - we need to think about it more. We have thought of a single solution for 1 person - we need solutions that work across all disabilities, before we can make it a requirement
<Chuck> to be continued !
<Chuck> I must go
maryjom: We are not making requirements - just saying how we can apply if we can, or what the issues are if we cannot.
<Sam> can this be applied.... not always
<Sam> Thank you
GreggVan: If thinking about screen readers, assuming they are on a device that has their required accessible technology
maryjom: We will continue after the thanksgiving week. No meeting next week, will be one the following week.