#768: VISS (Vehicle Information Service Specification) 2 Core and VISS 2 Transport
Discussions
Discussed
Oct 17, 2022 (See Github)
Amy: user need not specified... explainer also doesn't really say how it works
Max: agree to add this to the explainer
Yves: do they have list of differences between VISS 1 and 2?
Amy: I'll look over what we've reviewed in the past and leave a comment
comments to be left asking for clarity
Comment by @rhiaro Oct 19, 2022 (See Github)
Hi @caribouW3, @tguild,
The explainer is very high level and provides useful background, but I'm struggling to understand from it what the specs actually do. I also can't see any user needs articulated. What changes/benefits/risks for the driver/user of a car with this work in the ecosystem? Additional pointers on what changes for developers of apps for vehicles, and vehicle manufacturers/distributors would also be helpful. If you could update the explainer to start with clear user needs, and include an outline of the actual functionality of the specs, how the two specs relate to each other, as well as indication of why you have made the design choices you have and what alternatives were considered, that would be really helpful.
Also could you provide a list of the key differences between version 1 and this update, as well as any information on how you addressed feedback from the previous TAG review in the new version? I can't see a changelog in either of the specs.
I appreciate the challenges in filling in the Security & Privacy questionnaire, however I'd like to request that the editors/WG members read through it and complete the questions that are most relevant, and note why any questions you can't answer are not applicable. I can see the Privacy section in the Best Practices document is very short and appears to be unfinished.
I have had an initial look at the specifications themselves, and can see that the HTTPS section in VISS2 Transport appears unfinished. Do you have links to issues or discussions about this? What is the plan for this section?
As vehicles are so ubiquitous in society, and for many millions of people essential for meeting basic needs, this work potentially has an enormous global impact. When WG members have some time, I think it would be a very useful exercise to work through the draft Societal Impacts questionnaire to think about the potential impacts in the wider ecosystem. This is a draft document that is not a formal part of the TAG review process, but I find it particularly relevant in the case of this work, especially if you are struggling with the Security & Privacy questionnaire.
I'll be happy to carry out a more thorough review as soon as possible, and an updated explainer and Security & Privacy questionnaire would be a great help. Thanks!
Discussed
Oct 31, 2022 (See Github)
Amy: left a comment last week, no response
Hadley: is there another way we can nudge them?
Dan: can ping on slack
[bump a couple of weeks]
Discussed
Nov 14, 2022 (See Github)
Amy: chaneged milestone to next week. Asked for a better explainer. Talked about nudging the team contact...
Comment by @tguild Nov 29, 2022 (See Github)
@rhiaro I have made some additions to the explainer to provide additional details and address some of the questions raised. How is the HTTP section incomplete? I see we had an old explainer for the previous version, requested by the TAG. We added HTTPS (not quite H2) per @ylafon suggestion and influence from VW Submission.
https://github.com/w3c/automotive/blob/gh-pages/viss2-explainer.md
Comment by @samuelweiler Dec 1, 2022 (See Github)
How is the HTTP section incomplete?
At a glance, section 5.1.1 has only captions and three word prompts.
Discussed
Dec 12, 2022 (See Github)
Amy: I had a chat with Sam W about this, PING are reviewing as well - deferred on doing a full review as they didn't have a full explainer. They've posted an update... http section is still tbc. They have a longer explainer now.
Dan: similar discussion to miniapp...
Amy: app store model...
Amy: I'll do a proper review. They didn't do a privacy & security... so "nothing to do with PII" - which is not what the questionnaire is about.
Dan: web security model.
Hadley: that privacy and security questionnaire is important for this. It would be good to see.
Dan: leaves a comment
Comment by @torgo Dec 13, 2022 (See Github)
Hi folks - just to echo @rhiaro - we really require filling out the security & privacy questionnaire for TAG reviews. It applies to all kinds of specifications – not only specs that deal with PII directly.
Discussed
Dec 19, 2022 (See Github)
Amy: they haven't responded...
bumped to next year
Comment by @rhiaro Feb 9, 2023 (See Github)
I discussed this with @maxpassion and @hadleybeeman in our virtual face-to-face today. We would like to re-iterate the need to fill out the Privacy & Security questionnaire for both Core and Transport, and to write the explainer with a focus around user needs, where users include drivers/occupants of vehicles, not only the vehicle manufacturers and software authors (please see the priority of constituencies). There is some information on how to write a suitable explainer here.
Discussed
Mar 13, 2023 (See Github)
Dan: comment from Amy from 9 feb
Hadley: we're waiting form them to write an explainer...
Yves: they are working on it...
Discussed
Mar 27, 2023 (See Github)
Hadley: did they check back?
Max: not yet.
Dan: puts on agenda for 10-april week if we haven't heard back by then maybe we close.
Discussed
May 15, 2023 (See Github)
Hadley: still stalled.
Comment by @hadleybeeman May 15, 2023 (See Github)
Hi @tguild — is there anything we can do to help move this along?
Discussed
Jul 17, 2023 (See Github)
Amy: Explainer, no user needs, too high level - we asked them to re-write - they have also not filled out the security & privacy questionnaire. No action recently.
Dan: marks as stalled and closes
Comment by @torgo Jul 18, 2023 (See Github)
Hi folks – as this seems stalled, we're going to close the issue on our end. However, when you're ready with some user needs and an updated security & privacy questionnaire (as noted above) please ping us to re-open.
Comment by @tguild Nov 28, 2023 (See Github)
The W3C Auto WG has met with PING on a couple occasions, describing the political/legal landscape challenges, our access control architecture and recently added consent management framework hooks to support and out of band consent management system we are encouraging in COVESA.
We had also added privacy/security principles statements to the specifications with similar wording of other W3C specifications.
We have prepared responses to the Societal Impact and Security and Privacy questionnaires.
As for the an architectural diagram, there are several ways VISS can (and is) be used.
- vehicle to cloud interactions, limited and controlled by vehicle manufacturer
- in-vehicle API to support headless applications for data sampling, currently AutoSAR is evaluating VISS in their collaboration with COVESA for this purpose
- web based apps running in a browser in the head unit (stereo/infotainment system) - implementation by BMW on Android Automotive
- web based apps running from a paired smartphone either directly to VISS on the vehicle or indirectly (for security and other considerations) from data off-boarded and residing in the cloud
See also COVESA Architecture Miro
Discussed
Jan 1, 2024 (See Github)
Martin: WG has closed
[poke around what status the spec got to, doesn't seem to be far]
Hadley: closes
Comment by @hadleybeeman Jan 25, 2024 (See Github)
Hi all. Thanks for your patience on this. We are feeling out of the loop here — it looks like this working group has closed. If anyone from the new community group wants us to review any of their work, please do open a TAG review request for those pieces. Thanks!
Comment by @tguild Jan 30, 2024 (See Github)
@hadleybeeman the group is being permitted to continue and is not seeking an extension or recharter. The intention is to wrap up W3C VISS version 2, ideally bringing it to REC and going forward with AutoSAR and COVESA for a v3
OpenedAug 31, 2022
Wotcher TAG!
I'm requesting a TAG review of VISS 2 specifications.
[One paragraph summary of idea, ideally copy-pasted from Explainer introduction]
VISS is specifying a means to access vehicle signals data in a standardized way. The Data model is defined in another specification (VSS, jointly developed by W3C and COVESA).
Explainer¹ (minimally containing user needs and example code): https://github.com/w3c/automotive/blob/gh-pages/viss2-explainer.md
Specification URL: https://www.w3.org/TR/viss2-core/ and https://www.w3.org/TR/viss2-transport/
Tests: [wpt folder(s), if available] None
User research: [url to public summary/results of research] N/A
Security and Privacy self-review²: The scope of this specification is narrow and does not describe a specific data model (VSS does describe such a model). That makes it rather difficult to analyze the privacy risks (in particular identify the information that could be particularly sensitive, although PII is not the core of data like what VSS describes). The WG and CG have also worked on best practices (https://www.w3.org/community/autowebplatform/wiki/Best_Practices). VISS 2 has improved on security and privacy thanks to the access control features of the protocol (see https://www.w3.org/TR/viss2-core/#access-control-model). The WG has also started studying other privacy-improving techniques like geofencing but it is clearly out-of-scope for these specifications.
GitHub repo (if you prefer feedback filed there): https://github.com/w3c/automotive
Primary contacts (and their relationship to the specification):
Organization(s)/project(s) driving the specification: W3C Automotive WG, COVESA
Key pieces of existing multi-stakeholder review or discussion of this specification:
External status/issue trackers for this specification (publicly visible, e.g. Chrome Status):
Further details:
We'd prefer the TAG provide feedback as (please delete all but the desired option):
🐛 open issues in our GitHub repo for each point of feedback