VISS (Vehicle Information Service Specification) 2 Core and VISS 2 Transport

[caribouW3]

Wotcher TAG!

I'm requesting a TAG review of VISS 2 specifications.

[One paragraph summary of idea, ideally copy-pasted from Explainer introduction]

VISS is specifying a means to access vehicle signals data in a standardized way. The Data model is defined in another specification (VSS, jointly developed by W3C and COVESA).

• Explainer¹ (minimally containing user needs and example code): https://github.com/w3c/automotive/blob/gh-pages/viss2-explainer.md

• Specification URL: https://www.w3.org/TR/viss2-core/ and https://www.w3.org/TR/viss2-transport/

• Tests: [wpt folder(s), if available] None

• User research: [url to public summary/results of research] N/A

• Security and Privacy self-review²: The scope of this specification is narrow and does not describe a specific data model (VSS does describe such a model). That makes it rather difficult to analyze the privacy risks (in particular identify the information that could be particularly sensitive, although PII is not the core of data like what VSS describes). The WG and CG have also worked on best practices (https://www.w3.org/community/autowebplatform/wiki/Best_Practices). VISS 2 has improved on security and privacy thanks to the access control features of the protocol (see https://www.w3.org/TR/viss2-core/#access-control-model). The WG has also started studying other privacy-improving techniques like geofencing but it is clearly out-of-scope for these specifications.

• GitHub repo (if you prefer feedback filed there): https://github.com/w3c/automotive

• Primary contacts (and their relationship to the specification):

  • Carine Bournez (caribouW3), W3C staff
  • Ted Guild (tguild), Geotab, WG Chair

• Organization(s)/project(s) driving the specification: W3C Automotive WG, COVESA

• Key pieces of existing multi-stakeholder review or discussion of this specification:

• External status/issue trackers for this specification (publicly visible, e.g. Chrome Status):

Further details:

• [ ] I have reviewed the TAG's Web Platform Design Principles
• Relevant time constraints or deadlines: [please provide]
• The group where the work on this specification is currently being done:
• The group where standardization of this work is intended to be done (if current group is a community group or other incubation venue):
• Major unresolved issues with or opposition to this specification:
• This work is being funded by:

We'd prefer the TAG provide feedback as (please delete all but the desired option):

🐛 open issues in our GitHub repo for each point of feedback

[rhiaro]

Hi @caribouW3, @tguild,

The explainer is very high level and provides useful background, but I'm struggling to understand from it what the specs actually do. I also can't see any user needs articulated. What changes/benefits/risks for the driver/user of a car with this work in the ecosystem? Additional pointers on what changes for developers of apps for vehicles, and vehicle manufacturers/distributors would also be helpful. If you could update the explainer to start with clear user needs, and include an outline of the actual functionality of the specs, how the two specs relate to each other, as well as indication of why you have made the design choices you have and what alternatives were considered, that would be really helpful.

Also could you provide a list of the key differences between version 1 and this update, as well as any information on how you addressed feedback from the previous TAG review in the new version? I can't see a changelog in either of the specs.

I appreciate the challenges in filling in the Security & Privacy questionnaire, however I'd like to request that the editors/WG members read through it and complete the questions that are most relevant, and note why any questions you can't answer are not applicable. I can see the Privacy section in the Best Practices document is very short and appears to be unfinished.

I have had an initial look at the specifications themselves, and can see that the HTTPS section in VISS2 Transport appears unfinished. Do you have links to issues or discussions about this? What is the plan for this section?

As vehicles are so ubiquitous in society, and for many millions of people essential for meeting basic needs, this work potentially has an enormous global impact. When WG members have some time, I think it would be a very useful exercise to work through the draft Societal Impacts questionnaire to think about the potential impacts in the wider ecosystem. This is a draft document that is not a formal part of the TAG review process, but I find it particularly relevant in the case of this work, especially if you are struggling with the Security & Privacy questionnaire.

I'll be happy to carry out a more thorough review as soon as possible, and an updated explainer and Security & Privacy questionnaire would be a great help. Thanks!

[tguild]

@rhiaro I have made some additions to the explainer to provide additional details and address some of the questions raised. How is the HTTP section incomplete? I see we had an old explainer for the previous version, requested by the TAG. We added HTTPS (not quite H2) per @ylafon suggestion and influence from VW Submission.

https://github.com/w3c/automotive/blob/gh-pages/viss2-explainer.md

[samuelweiler]

How is the HTTP section incomplete?

At a glance, section 5.1.1 has only captions and three word prompts.

[torgo]

Hi folks - just to echo @rhiaro - we really require filling out the security & privacy questionnaire for TAG reviews. It applies to all kinds of specifications – not only specs that deal with PII directly.

[rhiaro]

I discussed this with @maxpassion and @hadleybeeman in our virtual face-to-face today. We would like to re-iterate the need to fill out the Privacy & Security questionnaire for both Core and Transport, and to write the explainer with a focus around user needs, where users include drivers/occupants of vehicles, not only the vehicle manufacturers and software authors (please see the priority of constituencies). There is some information on how to write a suitable explainer here.

[hadleybeeman]

Hi @tguild — is there anything we can do to help move this along?

[torgo]

Hi folks – as this seems stalled, we're going to close the issue on our end. However, when you're ready with some user needs and an updated security & privacy questionnaire (as noted above) please ping us to re-open.

[tguild]

The W3C Auto WG has met with PING on a couple occasions, describing the political/legal landscape challenges, our access control architecture and recently added consent management framework hooks to support and out of band consent management system we are encouraging in COVESA.

We had also added privacy/security principles statements to the specifications with similar wording of other W3C specifications.

We have prepared responses to the Societal Impact and Security and Privacy questionnaires.

As for the an architectural diagram, there are several ways VISS can (and is) be used.

• vehicle to cloud interactions, limited and controlled by vehicle manufacturer
• in-vehicle API to support headless applications for data sampling, currently AutoSAR is evaluating VISS in their collaboration with COVESA for this purpose
• web based apps running in a browser in the head unit (stereo/infotainment system) - implementation by BMW on Android Automotive
• web based apps running from a paired smartphone either directly to VISS on the vehicle or indirectly (for security and other considerations) from data off-boarded and residing in the cloud

See also COVESA Architecture Miro

[hadleybeeman]

Hi all. Thanks for your patience on this. We are feeling out of the loop here — it looks like this working group has closed. If anyone from the new community group wants us to review any of their work, please do open a TAG review request for those pieces. Thanks!

[tguild]

@hadleybeeman the group is being permitted to continue and is not seeking an extension or recharter. The intention is to wrap up W3C VISS version 2, ideally bringing it to REC and going forward with AutoSAR and COVESA for a v3