Merge branch 'master' into jeffh-conditional-ui-via-mediation

index.bs

@@ -23,18 +23,18 @@ Previous Version: https://www.w3.org/TR/2019/REC-webauthn-1-20190304/
 Shortname: webauthn
 Level: 2
 Include MDN Panels: maybe
-Editor: Dirk Balfanz, w3cid 47648, Google, [email protected]
-Editor: Alexei Czeskis, w3cid 87258, Google, [email protected]
 Editor: Jeff Hodges, w3cid 43843, Google, [email protected]
 Editor: J.C. Jones, w3cid 87240, Mozilla, [email protected]
 Editor: Michael B. Jones, w3cid 38745, Microsoft, [email protected]
 Editor: Akshay Kumar, w3cid 99318, Microsoft, [email protected]
-Editor: Rolf Lindemann, w3cid 84447, Nok Nok Labs, [email protected]
 Editor: Emil Lundberg, w3cid 102508, Yubico, [email protected]
+Former Editor: Dirk Balfanz, w3cid 47648, Google, [email protected]
 Former Editor: Vijay Bharadwaj, w3cid 55440, Microsoft, [email protected]
 Former Editor: Arnar Birgisson, w3cid 87332, Google, [email protected]
+Former Editor: Alexei Czeskis, w3cid 87258, Google, [email protected]
 Former Editor: Hubert Le Van Gong, w3cid 84817, PayPal, [email protected]
 Former Editor: Angelo Liao, w3cid 94342, Microsoft, [email protected]
+Former Editor: Rolf Lindemann, w3cid 84447, Nok Nok Labs, [email protected]
 !Contributors: <a href="mailto:[email protected]">John Bradley</a> (Yubico)
 !Contributors: <a href="mailto:[email protected]">Christiaan Brand</a> (Google)
 !Contributors: <a href="mailto:[email protected]">Adam Langley</a> (Google)
@@ -7081,6 +7081,15 @@ the [=[RP]=] could mitigate the privacy leak using the same approach of returnin
 as discussed in [[#sctn-username-enumeration]].
 
 
+# Accessibility Considerations # {#sctn-accessiblility-considerations}
+
+[=User verification=]-capable [=authenticators=], whether [=roaming authenticators|roaming=] or [=platform authenticators|platform=], should offer users more than one user verification method.  For example, both fingerprint sensing and PIN entry. This allows for fallback to other user verification means if the selected one is not working for some reason. Note that in the case of [=roaming authenticators=], the authenticator and platform might work together to provide a user verification method such as PIN entry [[FIDO-CTAP]].
+
+[=[RPS]=], at [=registration=] time, SHOULD provide affordances for users to complete future [=authorization gestures=] correctly. This could involve naming the authenticator, choosing a picture to associate with the device, or entering freeform text instructions (e.g., as a reminder-to-self).
+
+[=Ceremonies=] relying on timing, e.g., a [=registration ceremony=] (see {{PublicKeyCredentialCreationOptions/timeout}}) or an [=authentication ceremony=] (see {{PublicKeyCredentialRequestOptions/timeout}}), ought to follow [[!WCAG21]]'s [Guideline 2.2 Enough Time](https://www.w3.org/TR/WCAG21/#enough-time). If a [=client platform=] determines that a [=[RP]=]-supplied timeout does not appropriately adhere to the latter [[!WCAG21]] guidelines, then the [=client platform=] MAY adjust the timeout accordingly.
+
+
 # Acknowledgements # {#sctn-acknowledgements}
 We thank the following people for their reviews of, and contributions to, this specification:
 Yuriy Ackermann,
@@ -7327,10 +7336,10 @@ for their contributions as our W3C Team Contacts.
   },
 
   "EduPersonObjectClassSpec": {
-    "publisher": ["Internet2 Middleware Architecture Committee for Education, Directory Working Group (MACE-Dir)"],
-    "title": "EduPerson Object Class Specification (200604a)",
-    "href": "https://www.internet2.edu/media/medialibrary/2013/09/04/internet2-mace-dir-eduperson-200604.html",
-    "date": "May 15, 2007"
+    "publisher": "Research and Education FEDerations group - REFEDS.org",
+    "title": "EduPerson",
+    "href": "https://refeds.org/eduperson",
+    "date": "ongoing"
   }
 
 }