14:59:01 RRSAgent has joined #wcag2ict 14:59:05 logging to https://www.w3.org/2023/11/16-wcag2ict-irc 14:59:05 RRSAgent, make logs Public 14:59:06 Meeting: WCAG2ICT Task Force Teleconference 14:59:09 zakim, clear agenda 14:59:09 agenda cleared 14:59:16 chair: Mary Jo Mueller 14:59:31 meeting: WCAG2ICT Task Force Teleconference 14:59:57 Zakim, please time speakers at 2 minutes 14:59:57 ok, maryjom 15:00:02 Agenda+ Announcements 15:00:08 Agenda+ Project status and standup 15:00:15 Agenda+ Survey results: Update to 4.1.1 Parsing for WCAG 2.0 and 2.1 15:00:21 scribe+ PhilDay 15:00:24 Agenda+ Survey results: Review of proposal for 3.3.8 Accessible Authentication (Minimum) 15:00:40 Agenda+ FPWD public comments 15:00:49 present+ 15:00:50 present+ 15:00:52 present+ loicmn 15:00:55 scribe+ PhilDay 15:00:55 present+ 15:01:31 zakim, next item 15:01:31 agendum 1 -- Announcements -- taken up [from maryjom] 15:01:45 GreggVan has joined #wcag2ict 15:01:55 maryjom: Few things in announcements. Please get surveys done early 15:01:56 Mike_Pluke has joined #wcag2ict 15:02:02 present+ 15:02:26 present+ 15:03:07 olivia has joined #wcag2ict 15:03:07 FernandaBonnin has joined #WCAG2ICT 15:03:07 present+ 15:03:07 present+ 15:03:52 maryjom: Has everyone rejoined since the recharter? 15:04:10 dmontalvo: Thinks all have rejoined - if not, get in touch with Daniel 15:04:22 Devanshu has joined #wcag2ict 15:04:27 present+ 15:04:33 present+ 15:04:39 maryjom: One other announcement - 4 SCs ready to go to AGWG, may get a 5th one. 15:04:53 ... So we will put those out for survey. 15:06:12 https://www.w3.org/WAI/GL/wiki/Onboarding_for_working_in_Github 15:06:26 present+ Daniel 15:06:29 ... New process in AGWG for reviewing content. Instead of a survey with questions, all is done in GitHub - issue created in GitHub, then refs the latest editor's draft for each section we want them to review. 15:06:31 https://docs.google.com/presentation/d/14qG2f-ZkhFDqox_qmzqC5tCUt1xJaumkJS2l5GaD-3o/edit#slide=id.g25ec4815c64_0_0 15:06:38 Chuck: pasting in links on the new process 15:06:55 ... and detail on how to do it. 15:07:17 ... Makes AGWG more consistent with the rest of the W3C organisations. 15:07:48 maryjom: One question. As Taskforce, are we OK to use surveys? 15:08:35 +1 to making life easier for our TF leader! 15:08:46 ... Surveys would be easier rather than doing invididual issues. So we will continue using surveys for our taskforce 15:08:51 zakim, next item 15:08:51 agendum 2 -- Project status and standup -- taken up [from maryjom] 15:09:19 maryjom: [Sharing screen] 15:09:50 ... Several things still in progress. Mary Jo has not finished issue #216 on text spacing. 15:10:26 olivia: Working on issue #41, lots of references to page, so may need breaking down 15:11:02 bruce_bailey has joined #wcag2ict 15:11:21 present+ 15:11:37 maryjom: Editors are working on references to change from 2.2 to generic WCAG 2 where appropriate. 15:11:38 q+ 15:12:39 PhilDay: Changed in index.html to update the document title. 15:13:14 maryjom: As far as public comments go, we still have some issues 15:13:48 mitch11: Working on several comments, but was unwell so will pick these up in next few days 15:14:04 maryjom: Will follow up with Laura on her issue 15:14:20 ... Gregg also has one - issue #221. 15:14:35 GreggVan: Will look into it - thought it was all complete but will look at it now. 15:15:04 maryjom: We have a new comment, issue #261, on sets of software and sets of web pages. 15:16:02 GreggVan: Has started commenting on this issue. Think it is the same problem as for WCAG - there are some web apps that change URLs, others have a single URL, which is equivalent for software as well. 15:16:15 ... It would be good to get some discussion from the wider team 15:16:38 maryjom: If you have time, please take a look at issue #261 and add to the discussion 15:16:52 zakim, next item 15:16:52 I see a speaker queue remaining and respectfully decline to close this agendum, PhilDay 15:17:00 q? 15:17:05 ack 15:17:06 agenda? 15:17:08 ack PhilDay 15:17:17 q? 15:17:22 zakim, next item 15:17:22 agendum 3 -- Survey results: Update to 4.1.1 Parsing for WCAG 2.0 and 2.1 -- taken up [from maryjom] 15:17:39 https://www.w3.org/2002/09/wbs/55145/WCAG2ICTparsing-update/results 15:17:41 maryjom: Survey results for 4.1.1. parsing. 15:17:47 shadi has joined #wcag2ict 15:17:56 ... 8 accept as is, 1 with edits 15:18:08 rrsagent, pointer? 15:18:08 See https://www.w3.org/2023/11/16-wcag2ict-irc#T15-18-08 15:18:13 ... Loic had edits 15:18:31 ... noticed we were using the word "should" so had some substitutions 15:20:13 GreggVan: Understand we want to remove should/shall language which is good. But to declare something is no longer a requirement is also problematic. We should be giving advice rather than declaring facts 15:20:42 +1 to Gregg's suggestion. I'm OK with "would" 15:20:44 ... Change should to would, rather than "is no longer". So becomes "would no longer " 15:21:00 +1 to Gregg's change 15:21:15 ... Any other suggestions for change? 15:22:45 maryjom: Editors can tweak language to ensure consistency, but get rid of should, and use something like "would" or "is to" and that will fix it 15:22:53 DRAFT RESOLUTION: Incorporate update to SC 4.1.1 changing first “should” to “is to” and second “should no longer” to “would no longer”. 15:22:57 +1 15:22:58 Sam has joined #wcag2ict 15:23:00 +1 15:23:01 +1 15:23:03 present+ 15:23:05 +1 15:23:10 +1 15:23:11 +1 15:23:16 +1 15:23:19 +1 15:23:21 +1 15:23:26 RESOLUTION: Incorporate update to SC 4.1.1 changing first “should” to “is to” and second “should no longer” to “would no longer”. 15:24:02 zakim, next item 15:24:02 agendum 4 -- Survey results: Review of proposal for 3.3.8 Accessible Authentication (Minimum) -- taken up [from maryjom] 15:24:07 https://www.w3.org/2002/09/wbs/55145/WCAG2ICTauthentication/results 15:24:26 TOPIC: Question 3: Add new WCAG 2.2 term “cognitive function test” 15:24:36 https://www.w3.org/2002/09/wbs/55145/WCAG2ICTauthentication/results#xq4 15:24:36 maryjom: Going to do the survey out of order - deal with those that had consensus first. 15:25:21 maryjom: 7 responses, 2 as is, 5 suggested more guidance / word substitution to remove web pages. Mitch proposed changing for "web sites and non-web ICT" 15:25:53 q+ 15:26:02 Q+ 15:26:19 ... Most agreed with this. Mary Jo commented it was a little different, may be better to use non-web documents and software and entirely remove web sites rather than include it 15:26:34 ack mitch11 15:26:36 ack Mitch 15:27:02 mitch11: Agree that we should use word substitution, but think we need to keep web sites to make this general statement hold 15:27:15 ack Mike_Pluke 15:27:36 Mike_Pluke: Same point. This is a unique case - in this case, better to use this one, but not in other cases. 15:27:38 q? 15:28:19 q- 15:28:51 POLL: Change 1) “Web sites” to “Web sites and non-web ICT”, 2) change to "Web sites, non-web documents and software, 3) something else. 15:29:15 2, but would accept 1 15:29:16 2 15:29:16 1 15:29:18 1 or 2 15:29:24 1 or 2 15:29:28 2 15:29:29 2 but 1 is ok 15:29:47 maryjom: Slight preference for 2, so we will go with that 15:30:11 RESOLUTION: Add term “cognitive function test”, changing “Web sites” to “Web sites, non-web documents, and software”. 15:30:13 2 15:30:28 maryjom: Now going to q1 15:30:40 TOPIC: Question 1: Review of proposed content for 3.3.8 Accessible Authentication (Minimum) 15:30:51 https://www.w3.org/2002/09/wbs/55145/WCAG2ICTauthentication/results#xq2 15:31:04 maryjom: 7 responses, all need edits 15:31:54 POLL: Is there general agreement with changing “Web site’ with “non-web document or software?” +1 to agree, -1 to disagree, 0 something else 15:31:59 +1 15:32:00 +1 15:32:03 +1 15:32:12 +1 15:32:13 +1 15:32:27 +1 15:32:40 +1 15:32:41 +1 15:32:51 +1 15:33:04 maryjom: Have consensus on this. Mitch also suggested removing the note as the intent is already conveyed in the understanding section. If we leave it in, we have to rephrase the note 15:33:52 ... Bruce also had a question about whether password managers work with for example, a Word document with password protection - may need covering with a note if not 15:34:24 POLL: 1) remove the note 2) change the note to cover operating system passwords, or 3) something else 15:35:26 1+ 15:35:28 q+ 15:35:42 q+ 15:35:48 ack mitch 15:36:30 mitch11: Don't remember where the note came from, but believe the intent was that web sites can defer authentication to a higher level (e.g. platform or user agent), rather than forcing a UI for the password 15:37:17 q- 15:37:18 ... Reading the understanding doc, which talks about authentication being deferred to a different layer. This then would suggest the note is not needed. 15:37:21 q? 15:37:26 q+ 15:37:38 q+ 15:37:40 +1 to delete this note 15:37:53 ack bruce 15:38:52 ack Chuck 15:38:53 bruce_bailey: My concern is that password authentication -the only practical way of doing this is the author doesn't do anything to defeat the password manager. I'm not familiar with any password managers that work for document password protection. If those exist, fine. If they do not, then we still have a requirement 15:39:36 1+ 15:39:48 Chuck: Note seems to suggest there is an element of non web ICT that this requirement does not apply to. This requirement was written for web, and so didn't apply to non-web. So should we make it apply, or do we just say that it does not apply? 15:39:59 ... So I think the only choice is to remove this note 15:40:04 i am okay with removing as out of scope 15:40:34 maryjom: But if we don't say it is out of scope but just delete it is not consistent. Elsewhere we say there may be instances where it is not possible to meet this SC. 15:40:45 q+ 15:40:49 ack Ch 15:40:51 ack chu 15:40:58 ejbdccuuklgutrfhbkttdbbtkuhbtgvtkvduiflrujir 15:41:09 s/ejbdccuuklgutrfhbkttdbbtkuhbtgvtkvduiflrujir// 15:41:28 +1 for data / research 15:41:33 Chuck: There have been some assertions made that password managers won't work on document based passwords. I think that might be correct, but don't know for sure. Do we need some research to find out if this is correct? 15:41:46 i may be raising a non-issue 15:41:54 maryjom: Might be useful to link up with another group (COGA?) 15:42:01 q+ 15:42:08 q+ 15:42:45 ack PhilDay 15:42:49 ack loicmn 15:42:54 q+ 15:42:54 COGA 15:43:18 q? 15:43:30 q+ to say that copy paste is great 15:43:34 ack GreggVan 15:43:36 loicmn: As long as I can paste the password in Word - it works and would meet the requirement, so I don't see the issue with the question from Bruce. Feel that this is a good requirement and applies to any ICT as written 15:43:39 q+ 15:43:41 q+ 15:44:17 GreggVan: Agree with loic. One way password managers don't work - when signing in to operating system as password manager is not running. Also doesn't work on a closed system or any system you don't own. 15:44:35 q+ to give examples of non-cognitive login in kiosks (QR code in phone) 15:45:09 ack bruce_bailey 15:45:09 bruce_bailey, you wanted to say that copy paste is great 15:45:32 bruce_bailey: I am OK with the consensus if we think that copy & paste meets the SC, then there is no problem 15:45:52 ack mitch 15:46:18 q+ 15:46:21 mitch11: Having trouble following the conversation - we seem to have jumped from just this note. 15:46:40 mitch11: So we should just focus on the removal or otherwise of this note. 15:47:15 From Understanding: https://www.w3.org/WAI/WCAG22/Understanding/accessible-authentication-minimum.html 15:47:20 ... One specific thing that I heard - why this note was included in WCAG. I don't think it appeared in WCAG, think it just appeared here in WCAG2ICT. I don't see it in WCAG 2.2 15:47:23 ack FernandaBonnin 15:47:50 > Examples of mechanisms that satisfy this criterion include ... copy and paste to reduce the cognitive burden of re-typing 15:47:56 For bruce_bailey, this is what WCAG 2.2 says in note 2 of SC 3.3.8: "Note 2 Examples of mechanisms that satisfy this criterion include: support for password entry by password managers to reduce memory need, and copy and paste to reduce the cognitive burden of re-typing." 15:48:11 So copy and paste is an "official" alternative 15:48:12 FernandaBonnin: I had comments on the other question, but on this note, it is a new note, and added a reference. Think it is a relevant discussion 15:48:17 +1 to this did not come from WCAG. 15:48:20 i think i have raised a non-problem 15:48:22 ack loicmn 15:48:22 loicmn, you wanted to give examples of non-cognitive login in kiosks (QR code in phone) 15:48:49 q- 15:48:51 loicmn: if just talking about this note, then OK to remove it. Then we can talk about other things when we get to the relevant topic. 15:48:57 q+ 15:49:21 q+ 15:49:31 My preference would be to include that note from Understanding in WCAG2ICT 15:49:37 q+ to say "Device activation passwords are out of scope because there is not possibility of using password managers until the system is booted." 15:49:38 maryjom: Do we edit to not say out of scope, but explain why device passwords may not be possible to meet the requirement without providing alternative means to unlock the device 15:49:58 q? 15:50:00 Examples of mechanisms that satisfy this criterion include ... copy and paste to reduce the cognitive burden of re-typing 15:50:06 ack shadi 15:50:34 shadi: Still forming a position on removal of the note. Wonder if it might be worth discussing other points then come back to whether we remove this note. 15:51:00 ... My understanding is in web content you create the password mechanism, in other ICT you rely on the operating system to do that 15:51:26 ... So think there is a difference between web and non-web, so a note may be helpful - needs editing, but not sure if we delete yet 15:51:32 ack loicmn 15:51:42 q+ to say "...because copy and paste cannot work at that point" 15:52:10 loicmn: Not against having a note, but should be a new note. Example in MS Windows, you can have different login systems including Hello (camera based), so Windows would meet this criteria. 15:52:35 ... Mobile phones also have other options like fingerprint, facial recognition. 15:52:49 ack GreggVan 15:52:49 GreggVan, you wanted to say "Device activation passwords are out of scope because there is not possibility of using password managers until the system is booted." and to say 15:52:52 ... "...because copy and paste cannot work at that point" 15:52:54 ... This note should not be kept, maybe need something else. 15:52:59 +1 to Loic's observation that face recognition is example of non-cognitive test which can be used to meet this SC 15:53:11 q+ to say that there are options for non-personal devices 15:53:28 GreggVan: All this assumes you own your personal device and are using it - concern is for non-owned devices such as public device at library, or closed systems like a kiosk... 15:53:51 ... Password managers assumes you are on your own device, same for biometrics 15:54:00 q+ 15:54:14 ack loicmn 15:54:14 loicmn, you wanted to say that there are options for non-personal devices 15:54:43 loicmn: Do have examples of kiosks using non cognitive login. You can use QR code that identifies yourself to 'login' to identify yourself. 15:55:20 ... There are alternatives, so SC still applies. 15:55:31 q? 15:55:34 ack PhilDay 15:56:06 q+ 15:56:13 ack GreggVan 15:56:31 q+ 15:56:34 GreggVan: Not just talking about closed systems. Just talking about any system that you don't own - it's a broader problem 15:57:20 ... Think there may be fundamental problem in the WCAG accessible authentication requirements, so it makes it difficult for us to apply when you are not applying to a personally owned device. 15:57:30 ack Sam 15:58:09 Sam: Trying to understand loic's example - would everyone carry a personal device with them? This is unfortunately not always true. 15:58:09 q+ 15:58:50 loicmn: Not suggesting that all people carry a personal device - just giving an example of not authenticating - could carry printed QR code, or other options for authenticating without cognitive authentication 15:58:55 q+ 15:59:03 Chu 15:59:04 ack Chuck 15:59:35 q+ 15:59:42 ack PhilDay 16:00:31 Chuck: Understood that loic was just giving an alternative, not that it automatically satisfies all needs - it may be just one of many ways of meeting this 16:00:37 If ATM cannot meet the requirement, then legislation needs to say that this requirement does not apply. But it is not for us to say that WCAG2ICT does not apply. 16:00:37 +1 to phils concerns for all of banking 16:00:41 ack GreggVan 16:00:46 PhilDay: Closed functionality such as ATMs must have PIN, which is standard for all banking. 16:00:48 an ATM PIN is not an example of "Device passwords" so different topic from Note removal 16:01:27 GreggVan: Comment - we need to think about it more. We have thought of a single solution for 1 person - we need solutions that work across all disabilities, before we can make it a requirement 16:01:44 to be continued ! 16:01:56 I must go 16:02:02 maryjom: We are not making requirements - just saying how we can apply if we can, or what the issues are if we cannot. 16:02:13 can this be applied.... not always 16:02:38 Thank you 16:02:43 GreggVan: If thinking about screen readers, assuming they are on a device that has their required accessible technology 16:02:57 rrsagent, draft minutes 16:02:58 I have made the request to generate https://www.w3.org/2023/11/16-wcag2ict-minutes.html PhilDay 16:03:19 maryjom: We will continue after the thanksgiving week. No meeting next week, will be one the following week. 16:03:35 rrsagent, draft minutes 16:03:36 I have made the request to generate https://www.w3.org/2023/11/16-wcag2ict-minutes.html PhilDay 16:09:31 zakim, end meeting 16:09:31 As of this point the attendees have been PhilDay, maryjom, loicmn, Chuck, Mike_Pluke, GreggVan, olivia, FernandaBonnin, Devanshu, mitch, Daniel, bruce_bailey, Sam 16:09:34 RRSAgent, please draft minutes v2 16:09:35 I have made the request to generate https://www.w3.org/2023/11/16-wcag2ict-minutes.html Zakim 16:09:41 I am happy to have been of service, maryjom; please remember to excuse RRSAgent. Goodbye 16:09:42 Zakim has left #wcag2ict 16:09:45 rrsagent, bye 16:09:45 I see no action items