<Ryladog> Scribe: Katie_Haritos-Shea
<Ryladog> Scribe: Ryladog
JR: All the changes I made to the Acc Auth are gone
AC: Does it show changes from yesterday?
DF: Do you have more than one account?
AC: Well start now, welcome all
<alastairc> https://www.w3.org/WAI/GL/wiki/Conduct_expectations
AC: This is just a reminder, as we talked about at TPAC, our expectations, for all channels, to ensure that we have a good work environment. AWKs talk about this with the links and info
<alastairc> https://www.w3.org/WAI/GL/decision-policy
AC: it is worth reading
<Detlev> I have no audio so far...
AC: especially if you are new to
the group
... what does consensus mean etc
<david-macdonald> yes
AC: we will soon be asking for Calls for Concensus
<laura> yes
AC: the specifics - assume
positive perspectives from others, ground statements in
evidence.
... these are the usual things when something goes wrong
<Detlev> AFK
AC: there are several ways that
you ca get in touch agchairs
... email specific chairs
<alastairc> Results: https://www.w3.org/2002/09/wbs/35422/accessible-auth/results
AC: Acc Auth in its second week. We have a few responses. John did you figure out what is goingon
JR: I resolved all comments, I
just found something, can we do me second?
... We can do Touch Targets first
... I am now seeing the changes so I think we are good
AC: What changes did you add towards the top
BB: The email about my changes did not ave the link to Google Docs. Did anyone else see anything weird with the email message from Google Docs?
AC: I dont like these messes, until we work it out
JR: Bruce I did explain how I resolved your issue
BB: I didnt see the links
JR: Click the Review the Comments History at the top
AC: Right next to the SHARE
button on my screen
... we have comments from the survey. Let hear about what has
changed from last week
JR: One axample, in Sufficient
Techniques, I put in the bulleted list exceptions for correct
spelling and transcribing.
... the reason he was concerned was that there was an exception
above, so I just added it there
AC: is that about Keyboard as well?
JR: No
AC: I think that is a reasonable
thing, it helps with testing.
... I want a little broader comments. Bruce wanted to
understand is it 0 or 2+
JR: That is now clearer
AC: Working back thru the text, I thought it was clear that you cannot rely on just one
BB: I am seeing my edit in there
- so I think it is clearer now. I dont see how the 2+ langauge
is confusing
... it is jarring to me.
AC: I think that may get moved to the Understanding Doc
JR: I can move it
BB: That would be fine
AC: We had some comments that I think has been dealt with. Is that OK John?
JR: We moved it from a bullet to the definition section
AC: I suggested using transcribe so it isnt confused with copy/paste
<JakeAbma> +1 to that
JR: What confuses me, this came up a year ago, somehow it got changed. Should I use transcribing
+1 to transcribing
AC: One of the general questions
was around the off-loading options, like login Google.
... the question was, is that OK?
... a login that required user and password - would it be able
to use a Google Login?
... what if a user doesnt have a pre-set login ?
<Fazio> No
JR: Why wouldnt it be?
AC: That is deamnding that anyone who needs this SC would have to have a Google account
<Fazio> It doesn’t address different human abilities
JR: But that is just one alternative
<Zakim> bruce_bailey, you wanted to say maybe something wrong with document
DF: I dont think that that gets to the point of the SC. It is about the core point of I cant use this function, I need to use another function
AC: FB requires you to have a Username/PW that is not very helpful
<johnkirkwood> yes third party would be good. seemingly one's own password management tools?
JR: The only comment couldnt resolve. What he is saying Alastair is what you are saying.
AC: Mike is saying that Codys
zakim, next item. Has anyone found one that doesnt rely on
UN/PW
... Windows doesnt for the Hello
... not in the SC text for the device off-loading to a seperate
wbsite deoent nec help
JA: It would be grea if you took
the FB or Google to see exactly what the mechanism is
... when you go to an airport, again we have to login in those
locations.
<johnkirkwood> wouldn't "offloading to another site" be necessary for a password management tool?
<Fazio> I thought we were talking modality
JA: two ises
... waht is the login mech
<Fazio> Face recognition fingerprint etc
JA: or what if you dont have an account?
AC: I was talking about a website can have a login with FB login becaise it is a very good expereince because you are already logged in to FB
<Fazio> but you still need to log into fb
<Fazio> ExCtly
<Fazio> +1
<Fazio> That authenticator would still need to comply with this sc
JR: Google has an Auth app, you basically input, every minute it generates a new code, and you provide it and you are in
<johnkirkwood> the point is that you don't need to do it when you are in a process.
<Fazio> +100
JA: I have to open my native app
but that is not the same as login with FB or Google.
... still you have to provide your UN/PW. Maybe we shuld talk
about an Auth App
<johnkirkwood> say both
JR: OK, Do you think under the furst example we say, as well as being able to login using and authenticator app?
JA: Yes, not using a specific companys name there
<Fazio> As long as the authenticator provides a different modality
<johnkirkwood> are we actually talking about password managers, not authenticators?
<Fazio> If one is face recognition the other must be different
<Fazio> For example
JA: another thing is they just have a button and you do not have to provide your UN/PW?
AC: Can we cpme back to that
question in a minute
... on the 3rd party provider to allow for that would be to use
an easy one-click, if they are doingit well. But from meeting
the SC, it is kind of messy
<Fazio> I agree
<bruce_bailey> i am for 3rd party login
AC: it is pragmatically useful to add, but it opens up a whole bunch of other issues
<laura> +q to ask about how this applies to 2-factor authentication. https://lists.w3.org/Archives/Public/w3c-wai-gl/2019OctDec/0087.html
JK: I think eliminating a Google/FB login would make it more difficult
AC: Even though Google/FB login would pass
<Zakim> bruce_bailey, you wanted to say I don't think @Jakes point is blocking for the SC
<johnkirkwood> +1
BB: Even though that is a good idea, it may not pass SC
Detlev: I would not know how that related to the basic keyboard or fingerprint. Would a bsic text based be enoughto pass this. Or are we talking about 2 other tests on top of this
AC: Password reset, which is
logging in by an email loop.
... where Jake and others were getting to is around the 2nd
factor which is more complicated
... Bruce?
BB: That is exactly what I am saying
JA: Would a basic text and a biometric than YES it would pass?
AC; Yes correct
<Detlev> Katie, this was Detlev speaking, not JA
AC: If we did allow for a third party auth app as a technique,
DM: We are thinking about goingto
allow for 3rd party? I would be careful about removing
it.
... the mult of a number of websites, if they have one the user
goes to regularly, that may dminish the concern that hey fail
in themselves.
... I a m of a mind to allow it and to see what comments come
in
<alastairc> Example of login with 3rd parties: https://stackoverflow.com/users/login
JA: I am still confused if you are totally locked out, how you get back in, unless we specifically mean that..
AC: Do you mean call it out in the list of modalities?
<Fazio> +1
JA: I am locked out, and I dont
also know my login to any 3rd party app
... that may be the same modality or you may only have to
accept a popup on your phone
AC: Not every implementation of 3rd party is going to be perfect
DF: I agree with Jake. Our I iPhone saves it, what happens if your device doesnt let you in.
<JakeAbma> ++1
DF: I thought it meant we have require multiple modailities
JR: i like that point
... What about if we say a 3rd party s-is OK if it uses a
different modality?
AC: it is kind of a get out - there are so many variables. I am pretty tron on this
JR: So what do people think? What about if we say a 3rd party s-is OK if it uses a different modality?
<johnkirkwood> can't be dependent on 3rd party.
AC: I think it is outside of your control
JR: I dont think that matters as long as we can say if the 3rd party has a modality other that UN/PW it is OK?
AC: Google requires UN.PW
JR: You can move to another 3rd party authenicator
<laura> no audio.
<laura> I'm intersted in how this applies to 2-factor authentication. I sent an example to the list last week. https://lists.w3.org/Archives/Public/w3c-wai-gl/2019OctDec/0087.html
<alastairc> ok, I'll pick that up in a mo'
JA: I hope it is not a problem,
if something happens, like you try to add your PW and after
three times it is blocked - then the alternative method is also
blocked?
... you tried your fingerprint, but it was a bumpy ride - you
need to have a fallback
AC: any fallback is on the Google
site
... we need to ponder this 3rd party bit, it is kind of a
side-step. There is also Simple logon vs 2 factor
<Fazio> And phone number which I refuse for privacy
<laura> https://lists.w3.org/Archives/Public/w3c-wai-gl/2019OctDec/0087.html
<laura> no.
<laura> I'm intersted in how this applies to 2-factor authentication. I sent an example to the list last week.
<laura> https://guide.duo.com/
<Ryladog_> Sorry I was kicked off
<Detlev> Scribe: Detev
<Ryladog_> AC: Face recognition or fingerprint scanner
<Detlev> Scribe: Detlev
AC: face recognition difficult, most large organisation require extra 2nd factor auth
<johnkirkwood> Apple does do it. with integreated password manager to fingerprint authentication
John R: Will revise documents based on feedback received, make available for people to comment
<Zakim> laura, you wanted to ask about how this applies to 2-factor authentication. https://lists.w3.org/Archives/Public/w3c-wai-gl/2019OctDec/0087.html and to
D Fazio: If we will leave 3rd party auth in, we will make an implicit choice - better leave it out
AC: Understanding text could explain 3rd party option and explain whether it will depend on implementation whether that is accessible
<laura> Can something be added to address 2-factor authentication?
AC: comment on Jakes comment that
there may be a chain of resets when depending on 3rd party
solutions
... We should add something to address 2-factor auth
... if you have simple and 2-factor we ahould treat them as
separate alternatives
... Better option are arriving, like pressing button on
stick
<laura> thanks.
AC: we should say that if there
are two steps both should meet the SC
... we should say each factor is a method of auth
Jake: another comment: should say
in more than one way in different modalities, otherwise it
could be in the same modality
... unclear why people with physical disabilities may not be
able to understand
AC: Last sentence of the benefit
section
... also in examples
Jake: can anyone explain?
John R: Even without cog disability you may not understand how to authenticate
AC: It i smoveing it out of disabiltiy area towards general usability
John R: Then remove sentence but have example that there may be other difficulties to use the method (like fingertips that no longer work)
Jake: complex one remaining -
banks have a challenge to all users especially outside mobile -
no fingerprint, no reader for QR code may be available or not
operable - these cases are not covered by the SC - there may be
accessible auth but it may not server all - do we need to
address that?
... The combination of methods 2 or 3-step makes it a lot
harder - we may still not serve many users
AC: No guarantee that users will be able to use these ways
John R: There are exceptions in the dprecated section, was asked to remove them
AC: Users' devices may not be
able to support methods offered - but this is not a problem we
can solve
... Jake, OK to accept current wording?
John R: Will resolve issues
AC: Worked through relying on 3rd party authenticators, may not be great, but wont be explicitly included or excluded
John R: Took notes of changes requested, included those from Bruce
AC: Oeople can uptdate their comments in the survey to reflect changes
<alastairc> https://www.w3.org/2002/09/wbs/35422/target-spacing/results
<alastairc> Doc: https://docs.google.com/document/d/1sszSUKB8t3VuRzxHtOjLfQZjNYCw-xr_EbuMwW7WiGc/edit#heading=h.7sa7n7yr2ykk
AC: Comes form Kathy / mobile
a11y TF
... builds on tocuh target size (AAA) in 2.1
... All 3 rspondents say that SC requirements are met
... should include editors' note due to tap heuristics provided
by a large touch screen tech provider
... other concern is toolbars, difficult to implement
... concern that it punishes slightly too small targets
... any concerns about the core SC text?
<alastairc> q/
David: Largely supportive of
SC
... needs to look up question
... Testing - how is it going to be tested? Can it be
automated?
AC: Wants to check for any target
below 44x44
... with an 80px wide by 20px high target, is it covered?
Jake: No change in text - there
are more challenges - target that are less than 44 in one
dimension you still have the same problem of accidental
activation if targets are stacked on top of each other, so both
dimensions would need to be 44+ if no spacing is provided
... often in dropdown links that appears on top of other
content there will be no 8px clearance to stuff underneath, so
we may need to take that into account
... also if you measure user interface components in an
automated toos, all the dynamic stuff may cover other parts on
the page, so it may need a differentiatino of layers
... howis this going to be tested? A lot CAN be tested but
there is a problem with flexbox and tables etc that
automatically adjkust specing in different viewport widths
-
... especially difficult with a lot of dynamic stuff on a
variety of possible viewport widths - a lot of possible
variation
... nit to mention the toolbar issue where providers with hate
having to replace them with larger targets
AC: Testing complicated - you may want to filter on targets that are smaller than 44x44 then check spacing - but the dynamic stuff like dropdowns really complicates testing
Jake: Drag and drop may constitute a FAIL as soon as you move stuff over drop target
AC: Wanted changes to this draft - put in suggestions in draft, Rachael also commented
<alastairc> Comment from Rachael: Margins are not the only way to space objects. While CSS is the preferred method for layout, layout tables still exist, some designers still use spacer gifs and absolute positioning could also be used to ensure enough space. The test method and techniques needs to address the spacing between objects when it isn't handled by css margins.
AC: Fair comment - technique bit
did not try to be CSS specific although it may read that was
now
... Any objections (apart from the fact that it is difficult to
test)?
... Will be up again next week - please review, even if you
have no comment, please answer the survey
<alastairc> https://www.w3.org/WAI/GL/wiki/Upcoming_agendas
<alastairc> q/
AC: Surveys lined up until the end of the month, like for David Fazio's
AC: Does anyone have other questions and comments?
<alastairc> https://github.com/w3c/wcag/pull/936
AC: Put on first PR for Focus visible (enhanced) - if you have comment feel free to make it on that thread - for significant comments, please raise new issue and tag it with Focus Visible (enhanced) SC
<david-macdonald> https://docs.google.com/document/d/1HzSsCGelWfz_Z-M7NyUzJOvl1A1kAStyl8epYdpZhoA/edit#heading=h.n3esw3alr309
AC: David did you cycle back on icon descriptions?
<alastairc> https://docs.google.com/document/d/1HzSsCGelWfz_Z-M7NyUzJOvl1A1kAStyl8epYdpZhoA
David: has added responses to comments / edits
AC: Can you give overview of changes?
David: First was whether this is not a UA issue?
<alastairc> Noting I was playing devil's advocate on this bit... partly due to the comlications that have arisen.
David: agrees in principle, WCAG
has been practical standard for real situations, acts as
steward for coga group here
... browsers add functionality at some point, which led to the
"a machanis is available" language
"mechanism is available"
David: WCAG structure limits
options across different technologies - but solutions can work
on different devices, such as showing name on first tap and
then offerign the action
... Third comment that title is not sufficient since it does
not enlarge, nor fixes likely in the near future
<alastairc> SC text: For icons that act as labels or instructions, a mechanism is available to display a text equivalent visually, on or before the first occurrence of an icon on the page.
AC: The SC text hasn't got more complicated
<laura> +1 to title attribute not being sufficient
David: No it has been simplified (reads out SC text)
<alastairc> I wonder if MS will fix the title attribute issues in Chromium, which then gets picked up by Chrome?!
David: draws parallel to acronyms
that need to expand on first occurance
... Label on first occurrance may be suffucient, shoudl be
discussed
... differentiations caused som misunderstanding, were
therefore removed
AC: Andrew had comments - was that addresse?
David: Yes this has been
addressed (like sign with exclamation mark) which would not
actually count as interactive component but as
instruction
... has addressed comments that have come in
AC: For icon buttons on touch screens, do they need any special approach or is it a UA issue which we cannot do anythig about?
David: Has removed mention of hover / touch and replaced with more abstract "mechanism is available" language
AC: Will include in survey
<alastairc> WCAG 2.2 Essential controls (re-review) https://www.w3.org/2002/09/wbs/35422/essential-controls/
<alastairc> WCAG 2.2 Touch Target Spacing https://www.w3.org/2002/09/wbs/35422/target-spacing/
<alastairc> WCAG 2.2 Visible labels https://www.w3.org/2002/09/wbs/35422/visible-labels/
Any further comments next week: Essential controls / touch target spacing / visible labels
AC: Please look at these and comment!
trackbot, end meeting
This is scribe.perl Revision: 1.154 of Date: 2018/09/25 16:35:56 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Succeeded: s/Mauser/user/ Default Present: AlastairC, Katie_Haritos-Shea, Chuck, JakeAbma, JohnRochford, Raf, MarcJohlic, Fazio, MichaelC, Laura, david-macdonald, Detlev, mbgower, johnkirkwood, +1, bruce_bailey, jon_avila Present: AlastairC Katie_Haritos-Shea Chuck JakeAbma JohnRochford Raf MarcJohlic Fazio MichaelC Laura david-macdonald Detlev mbgower johnkirkwood bruce_bailey jon_avila Found Scribe: Katie_Haritos-Shea Found Scribe: Ryladog Inferring ScribeNick: Ryladog Found Scribe: Detev Found Scribe: Detlev Inferring ScribeNick: Detlev Scribes: Katie_Haritos-Shea, Ryladog, Detev, Detlev ScribeNicks: Ryladog, Detlev Found Date: 12 Nov 2019 People with action items: WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]