tguild
commented
3 years ago I'll ask Spatial Data on the Web group about defining geofence, the other parameters are simpler types.
Closed tguild closed 3 years ago
tguild
commented
3 years ago I'll ask Spatial Data on the Web group about defining geofence, the other parameters are simpler types.
tguild
commented
3 years ago Clarification, not closing but contributing towards solution
tguild
commented
3 years ago On today's call, leaning towards keeping this in best practices until we are able to define details enough for inclusion in specification.
Reached out to Spatial Data on the Web group:
https://lists.w3.org/Archives/Public/public-automotive/2021Mar/0015.html
On our last group call @PeterWinzell requested an estimated timeline to publish VISS version 2. @UlfBj and I agree we need to have a privacy section, perhaps containing some ideas that came out of the related issue from our charter review.
https://www.w3.org/2021/03/09-auto-minutes.html (also contains minutes from earlier VSSo call)
https://github.com/w3c/automotive/issues/358
We also are working towards an early draft release of In-Vehicle Application Best Practices and referring to it for privacy, security and other considerations beyond the scope of the spec. Glenn pushed us to explore trying to tackle the problem with a technical solution, something I and others have felt daunting managing consent, policies, parties and purposes globally across legal jurisdictions with differing and evolving privacy laws. Further complicated with out of band consent in form of eg contractual obligations for operating a fleet vehicle. @adobekan wanted us to consider more fundamental approach.
Continued thinking about some ideas on the call surrounding the authentication and authorization mechanisms of VISS. @UlfBj and I chatted, he had some thoughts about how we may have some capability with the current design. Based on previous best practices and RPC discussions I think there are a few parameters that could influence whether an application is allowed to access data for a given drive. The directive with these parameters could originate on the head unit, smart phone or by OEM or other application manager from the cloud.
Parameters on whether an installed application can collect data can be based on a routine schedule (off work hours), specific opt-in/out period likely following a specific driver's preference or rental agreement, geofencing, or blanket binary on or off changing the default policy for an application. Some applications, for instance collecting data for regulators on heavy vehicles in EU and NA, may not be permitted to set some parameters. More complex scenarios using wider range of inputs can be managed by logic in the cloud and still keep the number of parameters needed to relay to auth* servers modest.
We will likely progress VISS v2 to First Public Working Draft without completing this but can add in a later version as the ideas get flushed out a bit more.