Closed samuelweiler closed 1 year ago
This is how I remember the discussion.
The Access token contains a VIN-field as it is supposed to be vehicle specific, the VISS server knows for which the vehicle the token applies. There were comments that in some countries VIN is considered sensitive from a data protection perspective, and that a server instead could used a pseudonymized identifier so that the VIN is not exposed. So VIN in the token could be VIN, but could also be some other identifier that uniquely identifies the vehicle
as erik said, the VIN is required to determine, what data from which car should be delievered during the request also if you have an onboard use case only the care needs to be able to determine that the request belongs to the car onboard and not any other car... so that the token can not just be used and moved from one to another car in my opinion.
generated hash acting as a pseudo (no hyphen) VIN
n.b. I'm filing some issues for things spotted along the way, but both privacy and security reviews are incomplete until https://github.com/w3c/automotive/issues/464 is addressed. And addressing #464 may help to address this.
https://www.w3.org/TR/viss2-core/#access-grant-request mentions a unique identifier for the vehicle saying "This may be a pseudo-VIN". What is a pseudo-VIN? And, for that matter, why does the architecture need a unique vehicle identifier?