Meeting minutes
<PhilDay> https://
Announcements
time crunch: public comments, SCs
maryjom: time crunch: public comments, SC
… lead time 1 month for process with AG working group, including an approximately 2 week review from them
… so end of January deadline for March publication
… with holidays just 2 more meetings in 2023
… asked Mike Pluke about EN 301 549 timeline, it behooves us to provide to them what we've been working on
… EN has an end of January early revision deadline
Mike_Pluke: it's not a final deadline January, good to finalize as early as possible, contract allows longer but other obligations require sooner
… for EN publication, it would probably require final WCAG2ICT
cwadams: please finalize what's assigned, but worst case good intentions but not feasible and don't let us know
… so let Charles and Mary Jo know if you can't, so we can do something about it
maryjom: and there are some unassigned issues
… continued progress is important
PhilDay: Mary Jo you sent notes for something to be added, do you want individual issues for each one or roll together?
maryjom: better individual issues so we can divide and conquer
… after issues, we will return to remaining approx 5 for close functionality
<PhilDay> Closed functionality answers for reference: https://
maryjom: there was a survey a while back, there were questions on whether the "problematic" section needs adjustment, some questionnaires said yes
<PhilDay> and https://
maryjom: and some people indicated notes needed
… help needed for the above
Survey results: Review of proposal for 3.3.8 Accessible Authentication (Minimum) - Question 2
<maryjom> https://
maryjom: do we need an item under "problematic" for this?
… some say yes, some say no bullet needed
… (summarized the survey results)
lboniello: do we have notes to the effect of unless otherwise prevented by security needs
… will check where she saw it, maybe in Canadian standard or 508
maryjom: (continuing summarizing the survey results)
GreggVan: copying a number is considered a cognitive test (really more of a cognitive task). If that's precluded,
… then a PIN does fall into that category
… There is an assumption in a web page context that you can copy and paste, not available in a closed device, and they don't know who you are yet
… So we should make a note, where a system is not a personal system, then some strategies described in WCAG are not available
… Security exception would be legal scoping, outside of our scope
<Zakim> PhilDay, you wanted to say We could argue that PIN is not a cognitive function test
<cwadams> definition of cognitive functional test: https://
PhilDay: is PIN a cognitive function test? I struggle with it
… outside the US you put a PIN in always at sale transactions too
… some people remember the PIN as a shape rather than numbers, does that help make it not a cognitive function test?
… agree otherwise we shouldn't be giving out exceptions
<Sam> +present
lboniello: would 0000 or 1111 make it simple enough?
loicmn: my son remembers position of digits
… do we need to add a note? I think not for an exception
… or a note as Gregg said could be good
GreggVan: reviewing the actual wording, they included remembering a password as a cognitive function test (which it isn't really, it's actually a task)
… yes these problems will exist, so the note should say assumption in WCAG that it's on a personal device with cutting and pasting
… would not be available
… putting this into closed functionality is okay, it includes closed functionality
… WCAG made assumptions, that the user already authenticated onto the device
… copy and paste becomes an assistive technology, as does a password manager, neither of which will be available
Sam: It's a problem if we put standards out there and there's not a way to apply them. Job of WCAG2ICT is to say how they apply
<Zakim> PhilDay, you wanted to say we need a note to say it is problematic, not necessarily saying an exception. We have done this for other SCs problematic for closed functionality.
Sam: Not acknowledging is a disservice
<Zakim> loicmn, you wanted to insist that it is not "problematic for closed functionality"... it is problematic for "shared use"
PhilDay: we need to point out the difficulties
loicmn: yes the note about it problematic, but not in closed func
… it should be in the general section instead
… same problem for a computer in a library
GreggVan: we think of things that are closed in different ways
… computers in libraries are closed in a way, closed by policy
… so under closed functionality is appropriate
… regulatory agencies will use WCAG2ICT as a basis for applying beyond web content
… Morphic and ATOD are beginning as a solution
<maryjom> Poll: 1) Add a note regarding shared systems to SC problematic for closed functionality 2) Add a note regarding shared systems to the main 3.3.8 SC guidance, 3) Do not add any note, or 4) Something else.
lboniello: adding specificity to what kind of closed system is not a good idea, disagree with Gregg's point about the library
GreggVan: for someone who needs specific AT, for example in a library, why should it be considered accessible if info is exposed programmatically?
lboniello: are we going to change the way "closed" is defined? There are many ways they're locked down.
<PhilDay> 1 (+2 if needed because we don't have a section for shared systems)
lboniello: so let's not try to define using examples in this particular response
<cwadams> interesting find: https://
GreggVan: So it's okay to say excluded by policy means closed?
lboniello: or kiosk, or deep freeze solution, or other mechanism to prevent AT
cwadams: I'm not taking a side, but I found ATMs exploring advanced authentication methods that aren't PIN based
… have never experienced one yet not requiring PIN
… but there may be solutions I'm not imagining yet
PhilDay: There are specific security rules that differ for "on us" customers, one's own bank, from customer using interchange
… We've been using biometrics for 20 years, but not instead of PIN only in addition
<cwadams> Thank you for that.
<cwadams> acknowledged. DENIED!
PhilDay: If we designed an ATM from scratch then 4-digit PIN would not be enough
GreggVan: We did a lot of work making ATMs accessible in the past, lots of regulations, agree with PhilDay
… One position: we shouldn't put in a regulation not done, we should't do it. But we do do that, like in buildings
… Yet we should say something. It's true that making it too accessible makes it too vulnerable.
… Don't know how, but yes there should be some comment.
<maryjom> Poll: 1) Add a note regarding shared systems and financial situations to SC problematic for closed functionality 2) Add a note regarding shared systems/financial to the main 3.3.8 SC guidance, 3) Do not add any note, or 4) Something else.
<loicmn> 2
<PhilDay> 1, or 1+2
<Mike_Pluke> 2
<Sam> 1
2, or 1+2
<GreggVan> 2
<olivia> 2
<Devanshu> 2
<Bryan_Trogdon> 2
<cwadams> 7 twos, 2 ones
maryjom: we're landing on the main 3.3.8 guidance
… anybody want to help develop?
… Fernanda worked on this SC originally, she's not here today
lboniello: can try but will need help, ATM related not my main area
PhilDay: happy to help
GreggVan: I can also help
maryjom: thanks, would like to get these SCs finished up
FPWD public comments
maryjom: We were working on updates for the Closed Functionality section. The original survey...
<maryjom> https://
maryjom: (summarizing the results)
<maryjom> https://
maryjom: are we good with modifying as proposed?
GreggVan: What Loic talked about what, it's the phone itself that are closed not the apps, so fine with the language
… leave it to the group
… unless an app is itself closed
maryjom: or leave out smartphones?
GreggVan: The problem is phones have some AT but not other AT, so if you need other AT you're stuck
… you can add keyboard
… what's built in is great but not enough for everybody
<PhilDay> mitch11: Reading this out of context of overall document. Did have a discussion in email, but the PR looks different to what we considered when having the discussion in email. Would like to review again.
<cwadams> hard stop for me ....
maryjom: will put out survey with more options, OK
mitch11: yes
mitch11: it's important to get this right in the introductory section, it affects the rest
maryjom: keep at it, let me and Chuck know if you need help, keep it moving