VISS 2 Core and Transport 2022-08-31 > 2022-09-30

[caribouW3]

In the issue title above add the document name followed by the date of this request, then the date of your proposed deadline for comments.

• name of spec to be reviewed: VISS 2 Core, VISS 2 Transport

• URL of spec: https://www.w3.org/TR/viss2-core/ https://www.w3.org/TR/viss2-transport/

• What and when is your next expected transition? End of september

• What has changed since any previous review? no previous review available

• Does your document have an in-line Privacy Considerations section, ideally one separate from the Security Considerations? yes

• Please point to the results of your own self-review The scope of this specification is narrow and does not describe a specific data model (VSS does describe such a model). That makes it rather difficult to analyze the privacy risks (in particular identify the information that could be particularly sensitive, although PII is not the core of data like what VSS describes). The WG and CG have also worked on best practices (https://www.w3.org/community/autowebplatform/wiki/Best_Practices). VISS 2 has improved on security and privacy thanks to the access control features of the protocol. The WG has also started studying other privacy-improving techniques like geofencing but it is clearly out-of-scope for these specifications.

Where and how to file issues arising? https://github.com/w3c/automotive

Pointer to any explainer for the spec? https://github.com/w3c/automotive/blob/gh-pages/viss2-explainer.md

Other comments:

Thanks!

[samuelweiler]

As in https://github.com/w3c/automotive/issues/464 and as raised by the TAG in https://github.com/w3ctag/design-reviews/issues/768#issuecomment-1283597164, I don't think we can do a complete review at this time. I filed several issues, with https://github.com/w3c/automotive/issues/464 being the most important.

I also joined the Automotive WG call today. Their authorization architecture presumes (but doesn't require) a server (AGT) that is outside the car. I asked how the user/driver could get auth to get data off of the car (e.g. to an app on a device) when it and the client are not connected locally but not to the Internet. And the answer was “they can’t”. I asked where these constraints were documented and the answer was “they’re not”. Documenting a specific use case would make it easier to argue that that’s a reasonable design (or not), and I pointed the WG at the TAG review as suggestions of how to proceed.