Accessibility Guidelines Working Group Teleconference

12 Nov 2019


AlastairC, Katie_Haritos-Shea, Chuck, JakeAbma, JohnRochford, Raf, MarcJohlic, Fazio, MichaelC, Laura, david-macdonald, Detlev, mbgower, johnkirkwood, bruce_bailey, jon_avila
Katie_Haritos-Shea, Ryladog, Detev, Detlev


<Ryladog> Scribe: Katie_Haritos-Shea

<Ryladog> Scribe: Ryladog

JR: All the changes I made to the Acc Auth are gone

AC: Does it show changes from yesterday?

DF: Do you have more than one account?

AC: Well start now, welcome all

Questions/comments on other WCAG 2.2 SCs.

Positive working environment reminder https://www.w3.org/WAI/GL/wiki/Conduct_expectations

<alastairc> https://www.w3.org/WAI/GL/wiki/Conduct_expectations

AC: This is just a reminder, as we talked about at TPAC, our expectations, for all channels, to ensure that we have a good work environment. AWKs talk about this with the links and info

<alastairc> https://www.w3.org/WAI/GL/decision-policy

AC: it is worth reading

<Detlev> I have no audio so far...

AC: especially if you are new to the group
... what does consensus mean etc

<david-macdonald> yes

AC: we will soon be asking for Calls for Concensus

<laura> yes

AC: the specifics - assume positive perspectives from others, ground statements in evidence.
... these are the usual things when something goes wrong

<Detlev> AFK

AC: there are several ways that you ca get in touch agchairs
... email specific chairs

WCAG 2.2 Accessible authentication (2nd week) https://www.w3.org/2002/09/wbs/35422/accessible-auth/

<alastairc> Results: https://www.w3.org/2002/09/wbs/35422/accessible-auth/results

AC: Acc Auth in its second week. We have a few responses. John did you figure out what is goingon

JR: I resolved all comments, I just found something, can we do me second?
... We can do Touch Targets first
... I am now seeing the changes so I think we are good

AC: What changes did you add towards the top

BB: The email about my changes did not ave the link to Google Docs. Did anyone else see anything weird with the email message from Google Docs?

AC: I dont like these messes, until we work it out

JR: Bruce I did explain how I resolved your issue

BB: I didnt see the links

JR: Click the Review the Comments History at the top

AC: Right next to the SHARE button on my screen
... we have comments from the survey. Let hear about what has changed from last week

JR: One axample, in Sufficient Techniques, I put in the bulleted list exceptions for correct spelling and transcribing.
... the reason he was concerned was that there was an exception above, so I just added it there

AC: is that about Keyboard as well?

JR: No

AC: I think that is a reasonable thing, it helps with testing.
... I want a little broader comments. Bruce wanted to understand is it 0 or 2+

JR: That is now clearer

AC: Working back thru the text, I thought it was clear that you cannot rely on just one

BB: I am seeing my edit in there - so I think it is clearer now. I dont see how the 2+ langauge is confusing
... it is jarring to me.

AC: I think that may get moved to the Understanding Doc

JR: I can move it

BB: That would be fine

AC: We had some comments that I think has been dealt with. Is that OK John?

JR: We moved it from a bullet to the definition section

AC: I suggested using transcribe so it isnt confused with copy/paste

<JakeAbma> +1 to that

JR: What confuses me, this came up a year ago, somehow it got changed. Should I use transcribing

+1 to transcribing

AC: One of the general questions was around the off-loading options, like login Google.
... the question was, is that OK?
... a login that required user and password - would it be able to use a Google Login?
... what if a user doesnt have a pre-set login ?

<Fazio> No

JR: Why wouldnt it be?

AC: That is deamnding that anyone who needs this SC would have to have a Google account

<Fazio> It doesn’t address different human abilities

JR: But that is just one alternative

<Zakim> bruce_bailey, you wanted to say maybe something wrong with document

DF: I dont think that that gets to the point of the SC. It is about the core point of I cant use this function, I need to use another function

AC: FB requires you to have a Username/PW that is not very helpful

<johnkirkwood> yes third party would be good. seemingly one's own password management tools?

JR: The only comment couldnt resolve. What he is saying Alastair is what you are saying.

AC: Mike is saying that Codys zakim, next item. Has anyone found one that doesnt rely on UN/PW
... Windows doesnt for the Hello
... not in the SC text for the device off-loading to a seperate wbsite deoent nec help

JA: It would be grea if you took the FB or Google to see exactly what the mechanism is
... when you go to an airport, again we have to login in those locations.

<johnkirkwood> wouldn't "offloading to another site" be necessary for a password management tool?

<Fazio> I thought we were talking modality

JA: two ises
... waht is the login mech

<Fazio> Face recognition fingerprint etc

JA: or what if you dont have an account?

AC: I was talking about a website can have a login with FB login becaise it is a very good expereince because you are already logged in to FB

<Fazio> but you still need to log into fb

<Fazio> ExCtly

<Fazio> +1

<Fazio> That authenticator would still need to comply with this sc

JR: Google has an Auth app, you basically input, every minute it generates a new code, and you provide it and you are in

<johnkirkwood> the point is that you don't need to do it when you are in a process.

<Fazio> +100

JA: I have to open my native app but that is not the same as login with FB or Google.
... still you have to provide your UN/PW. Maybe we shuld talk about an Auth App

<johnkirkwood> say both

JR: OK, Do you think under the furst example we say, as well as being able to login using and authenticator app?

JA: Yes, not using a specific companys name there

<Fazio> As long as the authenticator provides a different modality

<johnkirkwood> are we actually talking about password managers, not authenticators?

<Fazio> If one is face recognition the other must be different

<Fazio> For example

JA: another thing is they just have a button and you do not have to provide your UN/PW?

AC: Can we cpme back to that question in a minute
... on the 3rd party provider to allow for that would be to use an easy one-click, if they are doingit well. But from meeting the SC, it is kind of messy

<Fazio> I agree

<bruce_bailey> i am for 3rd party login

AC: it is pragmatically useful to add, but it opens up a whole bunch of other issues

<laura> +q to ask about how this applies to 2-factor authentication. https://lists.w3.org/Archives/Public/w3c-wai-gl/2019OctDec/0087.html

JK: I think eliminating a Google/FB login would make it more difficult

AC: Even though Google/FB login would pass

<Zakim> bruce_bailey, you wanted to say I don't think @Jakes point is blocking for the SC

<johnkirkwood> +1

BB: Even though that is a good idea, it may not pass SC

Detlev: I would not know how that related to the basic keyboard or fingerprint. Would a bsic text based be enoughto pass this. Or are we talking about 2 other tests on top of this

AC: Password reset, which is logging in by an email loop.
... where Jake and others were getting to is around the 2nd factor which is more complicated
... Bruce?

BB: That is exactly what I am saying

JA: Would a basic text and a biometric than YES it would pass?

AC; Yes correct

<Detlev> Katie, this was Detlev speaking, not JA

AC: If we did allow for a third party auth app as a technique,

DM: We are thinking about goingto allow for 3rd party? I would be careful about removing it.
... the mult of a number of websites, if they have one the user goes to regularly, that may dminish the concern that hey fail in themselves.
... I a m of a mind to allow it and to see what comments come in

<alastairc> Example of login with 3rd parties: https://stackoverflow.com/users/login

JA: I am still confused if you are totally locked out, how you get back in, unless we specifically mean that..

AC: Do you mean call it out in the list of modalities?

<Fazio> +1

JA: I am locked out, and I dont also know my login to any 3rd party app
... that may be the same modality or you may only have to accept a popup on your phone

AC: Not every implementation of 3rd party is going to be perfect

DF: I agree with Jake. Our I iPhone saves it, what happens if your device doesnt let you in.

<JakeAbma> ++1

DF: I thought it meant we have require multiple modailities

JR: i like that point
... What about if we say a 3rd party s-is OK if it uses a different modality?

AC: it is kind of a get out - there are so many variables. I am pretty tron on this

JR: So what do people think? What about if we say a 3rd party s-is OK if it uses a different modality?

<johnkirkwood> can't be dependent on 3rd party.

AC: I think it is outside of your control

JR: I dont think that matters as long as we can say if the 3rd party has a modality other that UN/PW it is OK?

AC: Google requires UN.PW

JR: You can move to another 3rd party authenicator

<laura> no audio.

<laura> I'm intersted in how this applies to 2-factor authentication. I sent an example to the list last week. https://lists.w3.org/Archives/Public/w3c-wai-gl/2019OctDec/0087.html

<alastairc> ok, I'll pick that up in a mo'

JA: I hope it is not a problem, if something happens, like you try to add your PW and after three times it is blocked - then the alternative method is also blocked?
... you tried your fingerprint, but it was a bumpy ride - you need to have a fallback

AC: any fallback is on the Google site
... we need to ponder this 3rd party bit, it is kind of a side-step. There is also Simple logon vs 2 factor

<Fazio> And phone number which I refuse for privacy

<laura> https://lists.w3.org/Archives/Public/w3c-wai-gl/2019OctDec/0087.html

<laura> no.

<laura> I'm intersted in how this applies to 2-factor authentication. I sent an example to the list last week.

<laura> https://guide.duo.com/

<Ryladog_> Sorry I was kicked off

<Detlev> Scribe: Detev

<Ryladog_> AC: Face recognition or fingerprint scanner

<Detlev> Scribe: Detlev

AC: face recognition difficult, most large organisation require extra 2nd factor auth

<johnkirkwood> Apple does do it. with integreated password manager to fingerprint authentication

John R: Will revise documents based on feedback received, make available for people to comment

<Zakim> laura, you wanted to ask about how this applies to 2-factor authentication. https://lists.w3.org/Archives/Public/w3c-wai-gl/2019OctDec/0087.html and to

D Fazio: If we will leave 3rd party auth in, we will make an implicit choice - better leave it out

AC: Understanding text could explain 3rd party option and explain whether it will depend on implementation whether that is accessible

<laura> Can something be added to address 2-factor authentication?

AC: comment on Jakes comment that there may be a chain of resets when depending on 3rd party solutions
... We should add something to address 2-factor auth
... if you have simple and 2-factor we ahould treat them as separate alternatives
... Better option are arriving, like pressing button on stick

<laura> thanks.

AC: we should say that if there are two steps both should meet the SC
... we should say each factor is a method of auth

Jake: another comment: should say in more than one way in different modalities, otherwise it could be in the same modality
... unclear why people with physical disabilities may not be able to understand

AC: Last sentence of the benefit section
... also in examples

Jake: can anyone explain?

John R: Even without cog disability you may not understand how to authenticate

AC: It i smoveing it out of disabiltiy area towards general usability

John R: Then remove sentence but have example that there may be other difficulties to use the method (like fingertips that no longer work)

Jake: complex one remaining - banks have a challenge to all users especially outside mobile - no fingerprint, no reader for QR code may be available or not operable - these cases are not covered by the SC - there may be accessible auth but it may not server all - do we need to address that?
... The combination of methods 2 or 3-step makes it a lot harder - we may still not serve many users

AC: No guarantee that users will be able to use these ways

John R: There are exceptions in the dprecated section, was asked to remove them

AC: Users' devices may not be able to support methods offered - but this is not a problem we can solve
... Jake, OK to accept current wording?

John R: Will resolve issues

AC: Worked through relying on 3rd party authenticators, may not be great, but wont be explicitly included or excluded

John R: Took notes of changes requested, included those from Bruce

Touch target spacing (1st week) https://www.w3.org/2002/09/wbs/35422/target-spacing/

AC: Oeople can uptdate their comments in the survey to reflect changes

<alastairc> https://www.w3.org/2002/09/wbs/35422/target-spacing/results

<alastairc> Doc: https://docs.google.com/document/d/1sszSUKB8t3VuRzxHtOjLfQZjNYCw-xr_EbuMwW7WiGc/edit#heading=h.7sa7n7yr2ykk

AC: Comes form Kathy / mobile a11y TF
... builds on tocuh target size (AAA) in 2.1
... All 3 rspondents say that SC requirements are met
... should include editors' note due to tap heuristics provided by a large touch screen tech provider
... other concern is toolbars, difficult to implement
... concern that it punishes slightly too small targets
... any concerns about the core SC text?

<alastairc> q/

David: Largely supportive of SC
... needs to look up question
... Testing - how is it going to be tested? Can it be automated?

AC: Wants to check for any target below 44x44
... with an 80px wide by 20px high target, is it covered?

Jake: No change in text - there are more challenges - target that are less than 44 in one dimension you still have the same problem of accidental activation if targets are stacked on top of each other, so both dimensions would need to be 44+ if no spacing is provided
... often in dropdown links that appears on top of other content there will be no 8px clearance to stuff underneath, so we may need to take that into account
... also if you measure user interface components in an automated toos, all the dynamic stuff may cover other parts on the page, so it may need a differentiatino of layers
... howis this going to be tested? A lot CAN be tested but there is a problem with flexbox and tables etc that automatically adjkust specing in different viewport widths -
... especially difficult with a lot of dynamic stuff on a variety of possible viewport widths - a lot of possible variation
... nit to mention the toolbar issue where providers with hate having to replace them with larger targets

AC: Testing complicated - you may want to filter on targets that are smaller than 44x44 then check spacing - but the dynamic stuff like dropdowns really complicates testing

Jake: Drag and drop may constitute a FAIL as soon as you move stuff over drop target

AC: Wanted changes to this draft - put in suggestions in draft, Rachael also commented

<alastairc> Comment from Rachael: Margins are not the only way to space objects. While CSS is the preferred method for layout, layout tables still exist, some designers still use spacer gifs and absolute positioning could also be used to ensure enough space. The test method and techniques needs to address the spacing between objects when it isn't handled by css margins.

AC: Fair comment - technique bit did not try to be CSS specific although it may read that was now
... Any objections (apart from the fact that it is difficult to test)?
... Will be up again next week - please review, even if you have no comment, please answer the survey

<alastairc> https://www.w3.org/WAI/GL/wiki/Upcoming_agendas

<alastairc> q/

AC: Surveys lined up until the end of the month, like for David Fazio's

Questions/comments on other WCAG 2.2 SCs.

AC: Does anyone have other questions and comments?

<alastairc> https://github.com/w3c/wcag/pull/936

AC: Put on first PR for Focus visible (enhanced) - if you have comment feel free to make it on that thread - for significant comments, please raise new issue and tag it with Focus Visible (enhanced) SC

<david-macdonald> https://docs.google.com/document/d/1HzSsCGelWfz_Z-M7NyUzJOvl1A1kAStyl8epYdpZhoA/edit#heading=h.n3esw3alr309

AC: David did you cycle back on icon descriptions?

Icon Descriptions

<alastairc> https://docs.google.com/document/d/1HzSsCGelWfz_Z-M7NyUzJOvl1A1kAStyl8epYdpZhoA

David: has added responses to comments / edits

AC: Can you give overview of changes?

David: First was whether this is not a UA issue?

<alastairc> Noting I was playing devil's advocate on this bit... partly due to the comlications that have arisen.

David: agrees in principle, WCAG has been practical standard for real situations, acts as steward for coga group here
... browsers add functionality at some point, which led to the "a machanis is available" language

"mechanism is available"

David: WCAG structure limits options across different technologies - but solutions can work on different devices, such as showing name on first tap and then offerign the action
... Third comment that title is not sufficient since it does not enlarge, nor fixes likely in the near future

<alastairc> SC text: For icons that act as labels or instructions, a mechanism is available to display a text equivalent visually, on or before the first occurrence of an icon on the page.

AC: The SC text hasn't got more complicated

<laura> +1 to title attribute not being sufficient

David: No it has been simplified (reads out SC text)

<alastairc> I wonder if MS will fix the title attribute issues in Chromium, which then gets picked up by Chrome?!

David: draws parallel to acronyms that need to expand on first occurance
... Label on first occurrance may be suffucient, shoudl be discussed
... differentiations caused som misunderstanding, were therefore removed

AC: Andrew had comments - was that addresse?

David: Yes this has been addressed (like sign with exclamation mark) which would not actually count as interactive component but as instruction
... has addressed comments that have come in

AC: For icon buttons on touch screens, do they need any special approach or is it a UA issue which we cannot do anythig about?

David: Has removed mention of hover / touch and replaced with more abstract "mechanism is available" language

AC: Will include in survey

<alastairc> WCAG 2.2 Essential controls (re-review) https://www.w3.org/2002/09/wbs/35422/essential-controls/

<alastairc> WCAG 2.2 Touch Target Spacing https://www.w3.org/2002/09/wbs/35422/target-spacing/

<alastairc> WCAG 2.2 Visible labels https://www.w3.org/2002/09/wbs/35422/visible-labels/

Any further comments next week: Essential controls / touch target spacing / visible labels

AC: Please look at these and comment!

trackbot, end meeting

Summary of Action Items

Summary of Resolutions

[End of minutes]

Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2019/11/12 17:52:06 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.154  of Date: 2018/09/25 16:35:56  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Succeeded: s/Mauser/user/
Default Present: AlastairC, Katie_Haritos-Shea, Chuck, JakeAbma, JohnRochford, Raf, MarcJohlic, Fazio, MichaelC, Laura, david-macdonald, Detlev, mbgower, johnkirkwood, +1, bruce_bailey, jon_avila
Present: AlastairC Katie_Haritos-Shea Chuck JakeAbma JohnRochford Raf MarcJohlic Fazio MichaelC Laura david-macdonald Detlev mbgower johnkirkwood bruce_bailey jon_avila
Found Scribe: Katie_Haritos-Shea
Found Scribe: Ryladog
Inferring ScribeNick: Ryladog
Found Scribe: Detev
Found Scribe: Detlev
Inferring ScribeNick: Detlev
Scribes: Katie_Haritos-Shea, Ryladog, Detev, Detlev
ScribeNicks: Ryladog, Detlev
Found Date: 12 Nov 2019
People with action items: 

WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)

[End of scribe.perl diagnostic output]