Bill/Alan: >> On Fri, 2008-03-07 at 08:02 -0800, Alan Coopersmith wrote: >>> Nicolas Williams wrote: >>>> And does the screen lock program really need to use gtk? >>> Yes, it does, in order to meet the accessibility requirements needed for >>> use by many government agencies, many businesses covered by laws such as >>> the ADA, and many end-users. >> >> My understanding is that trusted path requirements also come from >> requirements from a different part of the US federal government. Rather >> than trying to come up with our own interpretation of how these two >> possibly conflicting sets of regulations intersect perhaps we should >> attempt to push these two different parts of the government to talk to >> each other.... >> >> (okay, maybe that is naively optimistic...)
I am not sure there is any real conflict. It's just that providing password dialogs (and dialogs that deal with other sensitive information) that are both secure and meet the needs of users with disabilities is particularly complicated. At least with the tools we have at hand. The GNOME a11y community, to date, has struggled with just getting the functionality working at all, so I'm sure there are many areas where the security could be improved. At the moment, I know much of their time is being spent just trying to get firefox 3.0 accessible enough to meet Section 508 requirements. Further, the security mechanisms used by xauth, ORBit2 CORBA connections, and D-Bus are all MIT-MAGIC-COOKIE based, which is not particularly secure. It's probably long overdue to move towards more secure mechanisms so that we could be more sure that information passed from running programs to AT programs is handled in a secure fashion. Note GNOME AT currently uses ORBit2 CORBA for IPC interaction, but the GNOME and KDE communities are slowly moving towards using D-Bus. Lastly, we might need to rethink how we address some a11y functionality. Xevie, for example, opens security concerns and it might be worthwhile to figure out if the functionality it provides could be achieved in other, more secure, ways. Having said all that, there probably would be some benefit in getting the two areas of government to talk with each other. It would be helpful to get more guidance about how to address these issues, and whether any requirements can be flexible when there is conflict. > Two of the members of the US government committee updating the Sec. 508 > accessibility requirements work for Sun's Accessibility Program Office, > so if the security team sees conflicts with the Common Criteria > requirements, the first step would be to talk to them. That's true. Peter Korn would be a good person to talk to about this. Brian
