[OpenID] OpenID Accessibility

Peter Williams pwilliams at rapattoni.com
Sun Nov 2 19:50:49 UTC 2008 

In thinking about this some more (since one of our customers is very hot on the underlying issue, tho mostly on pro forma grounds of using a bit of buyer's leverage to ENCOURAGE people to consider the difficulties others face):

lets say an IDP also explicitly offers unsolicited assertions, so as to avoid the difficulties that sp-initiated websso flows induce (for the blind). Ie start life on a pretty classical login page/portal, and that idp sends the openid assertion (unsolicited) with sreg attributes and identifier-claim(s). Lets say this happens over the foreground option, which may manifest itself as per-browser flash, address bar change, or even a click (as controlled by the browser maker). Or, it may happen during ajax mode rendering (that unsolicited claims to address, mostly) whereupon no browser maker's UI actions will occur, probably. In either case, openid auth at the UI level is a glorified hyperlink/form-post, much like a trillion others.

Rather than eliminate sreg/ax, perhaps its more of a case of recognizing that unsolicited modes might be available for config.

is unsolicited ax response (vs update) allowed?
________________________________________
From: general-bounces at openid.net [general-bounces at openid.net] On Behalf Of Peter Williams [pwilliams at rapattoni.com]
Sent: Sunday, November 02, 2008 9:29 AM
To: tom calthrop
Cc: OpenID List
Subject: Re: [OpenID] OpenID Accessibility

im sue you dont mean it this way, but in the 10s read it came across as: remove AX or get run the risk being sued.

are you implying that one should remove sreg too? (under the same theory)

(The main differences between sreg and ax are (i) push attributes vs pull attributes, (ii) ax's extensibility of the (visible) names of attributes.

_______________________________________
From: general-bounces at openid.net [general-bounces at openid.net] On Behalf Of tom calthrop [tom at barnraiser.org]
Sent: Sunday, November 02, 2008 8:47 AM
To: Chris Messina
Cc: diso-project; Derek Featherstone; OpenID user experience; OpenID List
Subject: Re: [OpenID] OpenID Accessibility

Hi Chris,

We did some pretty extensive testing with Swedish Institute of Assistive
Technology with our free OpenID server. We removed all AX/SREG support
which was the main issue when testing with blind people (apart from the
obvious gotchas like captcha).

My view on this is to offload profile exchange to another workflow
(under OAuth) which can be done separately to authentication

I *fully recommend* that all developers of OpenID solutions take some
time out to contact their national centre for accessibility. They will
be very very happy to work with you to ensure that your solutions work
well with people with all kinds of accessibility issues (including
blindness).

And if that nice approach did not make you do it then this usually
works;) ... Back in 2006, Target was sued by the National Federation of
the Blind because their website was not accessible. It was settled for
$6 Million USD.

If anyone wants to see what we did you can download "Prairie" from our
homepage which is a multi-user free (GPL'ed) software OpenID 2.0 server
-> http://www.barnraiser.org

Tom




Chris Messina wrote:
> I'm reluctant to write about this, because I've been afraid of the
> answer, but I wanted to broach the subject of OpenID Accessibility.
> Google tells me that this issue has only been raised once before [1]
> and it didn't seem to dredge up much of a response.
>
> With IIW coming up, I thought I might put in a request that
> accessibility be considered.
>
> To this end, I'd like to throw out an idea on serving user preferences
> according to accessibility needs... namely through the use of AX. I
> can imagine an AX schema for accessibility that would allow an OP to
> request that a high contrast version of a site be displayed, or that a
> certain stylesheet be used for forms... While I imagine that much of
> these issues should be handled by the user's browser, it seems to me
> that OpenID through AX could make more specific requests of RPs to
> alter themselves to the needs of a given user.
>
> I also wanted to bring up the issue around user flows, language and
> the like... and what the experience is like for blind people when
> they're bounced from one site to another in the OpenID flow... and how
> we could make that flow better.
>
> Interestingly, I'd like to point out (and Derek can attest to this)
> that better and more accessible designs often improve the usability
> for typical users without special needs.
>
> Chris
>
> [1] http://openid.net/pipermail/general/2008-March/004324.html
>
>

_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general

More information about the general mailing list