I'm part of a project that develops an applet that must be accessible by blind people. The applet is signed, causing the security warning dialog box to appear when the applet is loading.
After running an accessibility test with blind users it became clear that they all have troubles getting past the security warning since their screen reader (JAWS) does not automatically read the information in the dialog box. When they press tab, focus switches to the "Run" button of the dialog box, causing JAWS to read out "run". The user has no idea why he should click the run button, so he is essentially stuck.
How do other projects overcome this issue?
The environment for the tests were typically:
jre-1.5 or 1.6
Internet explorer 7 or 8
JAWS 9 or 10
Unfortunately no solution (yet), but an observation: on my configuration (WinXP + Java SE 6u20 + JAB 2.01 + Jaws 11), Jaws does automatically read the security dialog boxes in Firefox 3.6 (but not in IE 8)
The way I would go about handling this problem is the same basic way I would go about handling the problem of presenting the user with a trusted applet or Java Web Start application that is signed with a certificate that is not verified by a Certification Authority.
The idea is to put an explanation on the page that links to the applet or launches the JWS app. that explains..
1) That the code needs to be trusted for the reasons (insert reasons here)
2) That the code signing certificate was created by me and is for signing code coming from my site, which is much cheaper than paying the highway robbers that verify code certificates (the CAs), to confirm I am who I say I am.
3) That the user needs to click 'OK' when prompted, in order to use the app.
Of course, if your code signing certificate is verified, you can skip instruction (2).