Ted: in talking to more people, our placeholder for EV signals is more glaring. I am hoping we can get one of our OEM participants to find people working on EV to provide us with starting point for signals
Daniel: I still need to work on process from BMW side by a week or two and then possibly start a proposal
Ted: as VSS is GENIVI repo we don't have to worry about BMW/W3C relationship but we could wait a bit longer for that to work out
Daniel: it might confuse things with VSS2 as well
Gunnar: there are some signals already and you can check internally if that is enough
Daniel: we have discussed internally how to model it and need to work on process part
Ulf: I tried once previously to find appropriate people within Volvo and will try again
Gunnar: I don't see a second branch on VSS yet
Daniel: we will create issues first in github and discuss how to tackle them
Gunnar: also up to JLR on maintenance
Ted: from JLR perspective they will be happy with VSSv1 snapshot and for us to backport new signals which I am willing to do and suspect Adam would be interested
Gunnar: I believe we have an outstanding pull request
Daniel: correct and opened a corresponding gh issue and discussed with Ulf
Ulf: I am sure we will find a solution
Daniel: type was mixed and Benjamin had a proposal to abstract that out and seeking comment from JLR
Gunnar: I am focused more on git perspective and want to see clarity on branching occur
Ted: [description on tokens and tls
in VISS]. as we start on v2 of VISS spec we should discuss
potentially what else we should incorporate in the design
... most of my thinking in sandboxing applications and what would
help in that effort that could go into a manifest would be more
guidelines than in the standard
Glenn: with respect to security,
there seems to be some work already taking place elsewhere to
potentially draw in
... there is the open connectivity foundation work on digicert
and we should keep an eye on that
... we should probably start collecting these efforts in one
place
Ted: that would be helpful and will start a wiki page for that. we will likely want to coordinate with these groups and reach out to them
Glenn: US DOT and motor fleet transportation have some baseline reference work
Magnus: I have known Jonas
(assured.se) for quite some time. he has been doing pen testing
for Volvo trucks and know they are involved in security design
documentation
... we will need to get more information from him
Ted: we are premature but want us to design in security more than applying it as an afterthought
Gunnar: agree we are on design
side and not at pen testing nor PKI
... it would be inappropriate to mandate a specific cert
provider and I think it is authentication for services being
defined and where we can seek expertise
... certs or other on protocol
... assured.se seems to be focusing on doing tls correctly
Magnus: they have offered spec
review
... they can help with authorization as well
Gunnar: makes sense and should be sure to include Patrick since it sounds like they already have something in mind that is workable
Ted: the authorization part is
reminding me of the policy language discussion in the data task
force, what signals an application is authorized to see, change
and send off-vehicle
... Is the GENIVI Security Expert Group that Stacey Janes leading
still active?
Gunnar: yes, every other week on
Thursdays
... there are some high level discussions on liability, risks
and non-technical topics
... there is some linux hardening taking place
... nothing near what we are discussing here
... as we moved with FASTR we involve participants from that
organization
Ted: there people in the group we could potentially draw on for review as we start sketching this out more
Gunnar: more academic paper
review
... I feel we should be working on the protocol now
Ted: agree we need something for
people to
look at, also want to avoid having it as an afterthought more
an iterative
... in summary for now we will continue to seek experts to draw in at
later stages when more appropriate, find outside efforts to align
with, draw from policy and other work in the data task force
Ulf: I have pushed two documents,
core and transport to github on generation two branch
... we can start working on pieces in parallel
https://github.com/w3c/automotive/tree/generation_two
Ulf: I have something on being
able to handle the protocol across two different transports and
believe it is possible to have the payload the same on
both
... I would be open for how to coordinate on parallel work
Gunnar: there a convenient way to view gh-pages on github.io, there something for this branch?
Ted: rawgit.com is gone and will look for something similar
[adjourned]