W3C

W3C Transportation Workshop

13 Sep 2019

Attendees

Present
Peter van der Veen (Apple), Dan Rabe (Apple), Adnan Bekan (BMW), Martin Kurze (Deutsche Telekom AG), Elias Arnestrand (Drive Sweden), Megan Katsumi (University of Toronto), Duncan Deveaux (EURECOM), RJ Rittmuller (Federal DOT), Taki Kamiya (Fujitsu Limited), Steve Crumb (GENIVI Alliance), Glenn Atkinson (Geotab), Amir Sayegh (Geotab), Ulf Björkengren (Volvo Cars), Harjot Singh (Geotab), Julian Rojas (Ghent University), Cheryl Scott (HERE), Rudolf Streif (W3C Invited Experts), Jenny Huang (iFOSSF), Seyhan Ucar (Toyota Motor North America), Adrian Collier (Microsoft), Dr. Ghislain ATEMEZING (Mondeca), Ben Gardiner (NMFTA), George (Open Geospatial Consortium), Brent Massey (Ridar Systems), David K A Mordecai (NYU), Joseph Etris (Continental Automotive), Deborah Shands (SRI International), Takamasa Higuchi (Toyota InfoTech Labs), Ed Fok (Federal Highway Administration), Luis-Daniel Ibáñez (University of Southampton), Mark Fox (University of Toronto), Ted Guild (W3C/MIT), J. Alan Bird (W3C/MIT), Wendy Seltzer (W3C/MIT), Ian Zhang (NIO USA), Khanh Hoang, Janina Sajka (Linux Foundation), Lothar Determann (Baker McKenzie), Gaurav Tungatkar (Uber), Joshua Shinavier (Uber), Jennie Nguyen (Uber), Jon Freer (Uber), Anand Mundada (Uber), Richard Roy, Peter Winzell (Volvo), Jay Hum (Autonomics), Carlos Garcia (Autonomics)
Regrets
Chair
Joshua Shinavier, Ted Guild
Scribe
Ted, Ben, Harjot

Contents

Extensible Entity Data Modeling

Anand Mundada, Gaurav Tungatkar - Uber [slides]

Anand: we have driver rider and vehicle, you request a trip and magically it drops you off at your destination

<ted> [transportation today]

<ted> various modes of transportation, personal, food deliver, bikes and scooters... freight, fleets

Anand: when looking at all these customer types we see some key things that need to be addressed
… privacy and security, support user and business accounts
… need to consider the relationships between entities

<ted> [privacy and security]

Anand: for a given customer you have a lot of potential policies surrounding authorization
… as noted we have a number of different customers types, many things in common but also special considerations
… driver has to have good ratings, driver license and so on and customer a payment method

Gaurav: [describes extensible data model]
… we think of modeling in three components, uuid, base schema and extensions

… we use protocol buffers to express these schemas
… we talked about consumers, eaters today. you have base model uuid for the customer
… all these products can build upon common capabilities (inherit them)
...at the same time generally new products want agility and extensibility
...in our case the extensions are owned by the respective project leads
...there is a base customer and model for the businesses
...if you think of your business relationships in the real world, think of it as b2b relationship
...you could drop car off at service center and they could have a ride share available for you as you drop it off and bring you back when it is done
...relationship comes into play here. think of it as join tables but in a distributed nosql environment
...between two entities there can be multiple relations
...if there is data on the edge there is the same mechanism to model it
...this is how we model it. source is the user (employee in dealership example), destination their place of business or home...
...that was about entities and relationships
...we go a step ahead and shield some of these platforms
...you can come up with a new product idea as an extension and leverage all the existing capabilities

Dick: does Uber rate their riders? I know I can rate the riders

Gaurav: Uber does not...

Jay: @@

Carlos: how do you manage versioning?

Gaurav: we always have to be forward and backward compatible
...we eliminate breaking backwards compatibilities

George: slide you had wrt model for relationships with names and properties
...at the graph workshop there was question whether you should have metadata on the relationship or not
...you have a specific query language?

Gaurav: not right now

DavidM: there is how you can address extensible, how are folks suppose to go back and check for evolution of use cases
...how do you add properties to those edges without conflating and making sure the data is accurate for associations

Gaurav: what we are mainly concerned about are the data models themselves whereas you're talking about infrastructure, os or bugs or misuse of data

David: misuse, spoofing can occur at sensors and many layers

Gaurav: I am sure we have people looking at information security but have not thought about it from a graph perspective
...we have had iterations of the customer model itself

Anand: we control when you add extensions, ensure your use cases warrant a new type of customer
...we need to know which are used by what

Personalized and privacy-aware route planning with SOLID

Julián Rojas - Ghent University [ Slides]

[slide 1]

Julián: we need data, about what, mobility preferences... how do they want to travel
...what kind of service subscriptions and accounts they have, do they have a metro card, uber/lyft, bike share, wheelchair or have other special requirements
...we need to be able to use but protect this data
... this is where SOLID (Social Linked Data) comes in
... solid allows you to use the apps you need while storing the data you want

https://solid.mit.edu

Julián: instead of being in silos like facebook, linkedin etc; solid it is a decentralized mindset
...web on applications are often designed with hardcoded links to data sources on their end, not taking advantage of data on the web
... service requests access to use their data from the user
... combination of W3C standards are behind SOLID RDF, WebID-TLS, Linked Data Platform (set of protocols for handling access)
... important to gain adoption to have some tools for the developer [tools slide w/ links]
... GraqhQL-LD is a wrapper to translate to SPARQL queries underneath, results in RDF
... important for traveler profile to have their needs, similar for a car's capabilities as EV can go into zero emissions zones for example
... thanks to GDPR, De Lijn a Flemish language transportation provider is working with us to give the users back their data
...SOcial LInked Data (SOLID)
...Data is personal, should be in the control of the user. SOLID decouples the data from the logic of the applications.
...Traditional apps are based on centralization of data. SOLID takes the opposite approach.
...each person has 1 or more of their own data 'pts' and they decide to whom access is given.
...SOLID uses RDF for data repn / WebID for IDs / WebID-TLS for authentication / Linked Data Platform for data access interfaces

Julian: we need to describe user preferences, mobility needs, service subscriptions etc as ontologies
...plenty of tools available already including node.js server, readct generator, angular generator and graphql-ld

Deborah: what sort of identifier used for an individual. take rental car scenario, what data about me belongs to them?
... is there a standard notion of it being encapsulated

Julian: unsure of the protocol details but it negotiates what can be [re]used by the rental company

* question from Debra on _how_/what data is used to identify users? is there a standard notion of how my data is tagged? A: AFAIU WebID defines how to handle the uniqe IDs that go inside the pot. Permissions need to be granted first before anything is shared.

<ted> Adnan BMW

<ted> Inrupt, Timbl's startup. He is on sabbatical from MIT & W3C at present. SOLID work continuing at MIT

* q from Anrnad: at BMW we tend to look to wards the GDPR. e.g. renting a vehicle requires reading the agreement because there the rental company captures data basedon that vehicle account.

Portability Across telematics service providers

Ben Gardiner - NMFTA [ Slides]

Ben: our members are freight carriers, we started interviewing them on needs and the telematics service providers(TSP) like Geotab
... I have a cybersecurity engineer background but not breaking stuff at present. we are non-profit, not sales pitch
... working in HVCS (Heavy Vehicle CyberSecurity)

[Motivation]

Ben: freight deliveries is a very lean business, data helps them optimize but also required not by safety regulations
... concern is TSP can go out of business and leave fleet operator in the lurch
... TSP interaction is not dictated, we are only interested in how the things are handled in the cloud not how it gets there

[Portability Use Cases]

Ben: compliance and safety monitoring, ERODS, quality of data, monitor vehicle status, etc
... we interviewed our carriers to create these use cases, they really want all this stuff

[State of health]

Ben: all TSP are required to give to the regulators, what if that goes away - they're out of compliance and need a fallback

RJ: also for roadside inspections

Ben: ELD need to be ready to do data transfer at the side of the road too
... the fleet operators want to be able to get data export on daily basis, not necessarily to their infrastructure but somewhere to put a copy
... driver routing and trailer packing requires coordination, think of pallets like passengers in a plane (but making multiple stops and wanting to optimize boarding groups...)
... fleet operator often needs to be able to send out a geofenced broadcast to all their drivers
... also being able to respond from drivers

[Compliance and safety monitoring]

[In field Maintenance]

[Estimate on data quality]

Ben: Geotab does a different sampling method than the rest of the carriers
... need to be able to compare apples to apples

@@harjot

Ben: we learned suprisingly some wanted the raw signals (heavy vehicle signals actually standardized unlike auto CAN, SAE J1939)
... they use this to give themselves some portability

[Monitoring Battery Use Cases]

Deborah: does it require authentication to get J1939

Ben: no, some are using a preshared secret and SAE is working on auth

Carlos: what trends and use cases are you seeing?
... EV and AV are starting to emerge

Ben: EV being used more for local delivery than long hauls at present given recharging time

Carlos: what other metrics besides fuel and battery do they care about?

Ben: fuel optimization is a huge part
... they need sufficient location history to predict usage and prebuy gas

Jay: how is this being utilized?

Ben: what we did was work with TSP to understand what they already do with TSP

Bringing the Car to the Internet

Rudolf Streif, ibeeto [Slides

Rudi: I am working with clients to bring proof of concept solutions to production and consulting W3C
tr ... I was a consultanting system architect with JLR for 5 years, heavily involved and chaired activities at W3C and GENIVI
... W3C Auto WG about developing specs for open web platform. we created Vehicle Information Service Specification (VISS)
... challenge is how to provide vehicle status in a consistent way across manufacturers without having to reverse engineer OBDII for each manufacturer
... also varies by model over the years or even change with software updates over the years complicating this further
... JLR wanted to solve this problem and be able to create apps to run on the head unit without having to rework them
... convential approach is a "Fat API", the problem is every time you add new signals you need to update the spec for addition methods which is tedious
...The w3c auto group missign is to dev specss for an open web platform for developers to get access to vehicle data via IVI systems and vehicle data protocols
...many mnay participants from multiple OEMs and suppliers
...The challenges with creating the VSS include: OEMs want to extend an API, security mechanism are required that provide authentication adn authorization, application devs want to have a way to rapidly deploy apps across as many vehicles as possible
...The typical 'fat' API approach of a getting data values via named functions comes with the problem that every time you update the set of data provided you also need to update the specification of the API via it's function names
...VSS takes a different approach

Rudi: we looked at doing something different, Vehicle Service Specification is the data model at GENIVI which we settled on
... for the VISS API we only needed a handful of methods to expose the signal tree

[Vehicle Signal Tree]

Rudi:Each part of the vehicle is repn'd as a node. The signals and controls are leaves on these nodes. The nodes can have multiple instantiations (e.g. 4 seats in a car)

Rudi: green parts, branches, blue nodes the leaves which may be a sensor or actuator, red the attributes
...Wildcards allow access to entire sets of signals.
...The structure is 'discoverable' by developers who aren't necessarily indoctrinated into the usual automotive cryptic nomenclature

Rudi: we followed Keep it Simple and provide developers more intuitive

Josh: those relationships have semantics?

Rudi: not really

Ted: @@BMW/EU...

Carlos: you have average consumption, why is that in the taxonomy?

Adnan: you want to make it available instead of requiring each making it from scratch
... we should note we have a pending pull request for VSS2.0 that reworks things somewhat

* q from Carlos: why do we have to moel something like 'average' in the hierarchy. That is an aggregation of a signal. Why is it included in the taxonomy. Adnand andwers: this singal is actualy by calculated on the behicle. They decided that since it is beging calculated already tat it should be forwarded on to consumers. Also this is v1 and would like to improve.

[Addressing example]

[Spec format[

Rudi: spec is in YAML
... min, max, unit...
...The signals in this tree can be addressed via a dot-notation. Leading path components represent the brnaches. Last component is a leaf
...the specification format is YAML lists. includes data type, unit min/max and comments

Rudi: we have parsers to generate additional formats JSON, Franca, CSV...

https://github.com/GENIVI/vehicle_signal_specification/

[Vehicle Data Interfaces Architecture]

[VISS Overview]

Rudi: the specification format is YAML lists. includes data type, unit min/max and comments
...The repo includes tools to generate other specification formats. Following GENIVI project model.
...The repo uses 'typical' github fork/branching flow
...This data model is used in both the IVI headunit runtime and also REST interfaces exposed as internet-facing services.

[Service Messages]
...Also a websocket based server on-vehicle. Javascript libraries are made available for easy integration.
...The API include authorize cmmand to implement access control . Request are made with security token which are later used to gain access to trees of signals (conditional on permissions granted to the tokens)
...Plans for future work include hosting a micro-service REST server on-vehicle for easier integration with HTML5 based apps in IVIs

github.io/w3c/automotive

* an attendee at the back notes that there is a reference impl available also

W3C Automotive overview

[Slides]

Ted: W3C is doing automotive standards to: make a robust app ecosystem, increase interoperability, enable use of the much larger web-devloper talent pool
...still working on the rich ecosystem target ; we are currently focused on signals
...The VISS (as distinct from the VSS) was created for telematics: notifications, media, LBS/Nav, Payments, other under construction
...future specs will enbale taking data and services external to the car and making them available to apps in the car
...There is so many examples of data-driven decision in vehicles -- we need to normalize and standardize so that we can each leverage work and not each re-implement our own solutions

<Harjot> re OTAPI presentation, 4 types of engine data for ELD logs: Engine Hours, Odometer, Engine Based Road Speed, VIN

<ben> thanks Harjot!

q ben: what is the relationship btw VISS and VSS. * VISS is the API interface which uses VSS.

* q from David M. maybe there should be work on diagnostics of data quality? maybe work on integrity of sensor signals (e.g. cypher physical security)? A: we hare having those discussios in out task force on data

<Harjot> Q: Difference between VSS and VISS | A: VSS (vehicle signal specification) is the data model for how the information is structured (trees / node hierarchy). VISS (Vehicle Information Service Specification) consists of the lightweight APIs used to access data from (complex) data models. Links: https://github.com/GENIVI/vehicle_signal_specification & https://www.w3.org/TR/vehicle-information-service/

Integration of Vehicles into the Web of Things

Adnan Bekan - BMW

Adnan: for IoT we wanted to think of creating different experiences for our drivers
... we did a map of what is existing, quite a few different standards efforts and solutions
... to come closer we needed an ontology to create a W3C Web of Things (WoT) thing description
... VSS was a great data model for us to build an ontology on called VSSo
... we build a setup with node-red, originally developed by IBM. it was perfect for our demo

[filled out WoT thing description]

[flow example]

[video of demo]

Adnan: we had a smartphone device sending position of vehicle, it could auto lock if you went 50m away for instance
...They have built a VSS ontology, VSSo. covering SOSA and VoT
...They also implemented a PoC integrated with a BMW i3
...built a flow in Node-RED. intrgrated a B<W i3 with a node-red flow to do e.g. unlock/lock, blinking lights etc.
...then they a feature: when the user is far from the unlocked vehicle, the vehicle lock is activate.
...shows a video of the demoy

Josh: can any BMW owner use this?
...q from Josh: is this something that any BMW owner could do? A: no. we are not opening up the API. You can do this via some reverse engineering.

Adnan: no, we are not supporting that nor exposing API at this point

Dick: have you thought about the security aspects

Ted: its a demo, of course they are thinking about security before making it available

Adnan: yes, there are ways we can authenticate device, owner etc...

* q from Dick R: this is a cool demo, have you planned out how to do auth? a: we ave a security team , with the VoT you do get the ability to use stack elements like OAuth.

Data Privacy and Ownership in the Open Car

Lothar Determann - Baker McKenzie [ Slides]

Lothar: if you are interested in attendeing the World Economic Forum on October 2nd
... some of the points are already well know for this audience
... there is a battle for data access going on right now
... data exists in physical realm, our minds, on hard drives..
... the definition for personal data is pretty broad
... from a privacy perspective mindset in US goes back to the 4th ammendment
...The california privacy act of 2018 takes effect in Jan 2020. Applies to any information that can be linked to a person or household.
...speaker asserts that pretty much anything can be linked to a person or to a household
...(generally) no one really has ability to solely claim ownership of data.
...data created by these systems is not owned. in the sense of property law, you cannot prevent access to it. Lawmakers are carving out ownership from data privacy laws.
...speakers thinks that the genie is out of the bottle. data minimization will not solve the problems. neither will data ownership
...minimum periods of data retention -- is an inaffective (primary) method to faciliate data privacy
...the genie is out of the bottle. data minimization will not solve the problems. neither will data ownership
...all of the concepts in data protection are separate: privacy / data security / data privacy / data protection / data ownership / data retention / data residency / trade secret protection. They often get mixed up for advocacy, political reasons
...we don't want to bring concepts from ownership of property into data; we don't want anyone to own info that is in our head which is ultimately where information resides
...trend predictions: restriction on data sharing, selling (impact on competition, innovation) / data protection as trade measure / data residency / data security threats / privacy law enforcement
...data retention and data residency laws are contrary to the notion of data privacy. Ensure access to data by regimes
..."I am not a very private person despite dealing in privacy issues"

SPECIAL - EU Project on privacy policies

Martin Kurze - Deutsche Telekom [ Slides]

[EU Project, partners, credits]

Martin: ULD, lawyers are supportings this project

[GDPR - Global Data Business Preventer]

Martin: not as bad as it seems...
... what is allowed, how do you make things legal
...GDPR is 'not as bad as it might seem' -- the basic rule is everything is forbiddne but then there are several hundred pages on what is allowed.

* speaker thanks the lawyers b/c the laws are there to product people and in this case, their data

"for a specific purpose" is an important aspect

[SPECIAL Objectives]

Martin: transparency is easier than enforcement

[scalable policy aware linked data architecture]

Dick: I noticed you didn't mention ownership but control
... can you help me understand what that distinction is?

Martin: there is data related to you largely not owned by you but you should be able to have some control over it
... granular definition, what data to which parties for what purposes
... clear transportation has sizable data needs and it includes personal data
...the project, SPECIAL, objectives include a policy management framework. givens users control of their data / a transparency framework / a scalable linked data archticture / a pilot implementation / collab+dissemination+standardization

* q from Dick R (long) about ownership, licensing, control... A Martin: we have policies, we can control, etc. A Lothar: this is a non-issue. people can sell what they do not own. e.g. in china people sell fresh air from canada, they do not own the air in canada.

[Special approach: policy language, vocabulary and policy engine]

Martin: policies are in theory enforced during interaction but in actuality that is difficult

[Telecommunications perspective]

Martin: with 5G we will have an opportunity to collect more data but also increased responsibility
...the approach in the SPECIAL project: take as inputs: payload data, permission, policies. Policies are persisted along with the data. Querying exposed by APIS is provided in a policy-aware way.
...DT imagines that it will fit into tomorrow's world of transportation by being a trusted 3rd party and a service provider

Martin: this group is probably aware of W3C ODRL (policy language)

Mark: cell provider can track consider amount of information and correlate that with other data to basically understand all your actions throughout the day
... we leave digital traces everywhere. there is recognition of control, ownership etc but not anything on de-anonymizing and usage independent of control
... the CA law is interesting on a case by case basis
... we are thinking less about the purposeful use of the data
... I understand how this technology can help us a great deal

Martin: actually DT doesn't sell data because they are restricted which is why they are interested in these sorts of projects to be able to responsibly

* q from Mark: given the existnce of businesses that exist to de-anonymize based on cell phone data, how will these policies effectively protect people's private data? how do we deal with this reality? A: 1) DT is almost bankrupt because they do not sell the data 2) transparency and trust is key with this approach you give the user control and visibility into their data and its uses

Lothar: I am against massive restrictions. there is adequate harm based law to leverage instead

* the lawyer weighs in: in the US there are harm-based privacy laws. So consequences can happen for cases where harm is found to be caused by data sharing

Practical privacy for drivers

Arjun Hassard, NuCypher [ Slides]

[practical privacy]

Arjun: privacy capabilities becomes important when combined with presentation
... what this boils to is access control
... I'll explain cryptographic protection
...Trust minimizing tooling for the automotive sector
...pactical privacy defn: do useful & typical things with data e.g. m->m sharing
...privacy-preservation defn: preserve encrypted state or avoid unnecessary decryption
...it all boils down to enforcing access control. clasical approach is trusted third parties.
...nucipher approach is threhold proxy re-encryption & decentralization

Arjun: let's work through a sharing scenario
... alice's data takes decryped into it is key encrypted and share with bob and charlie
... to encrypt to share with a specific individual you need them to be online to get their key
...why not pubkey crypto? the problem happens when data needs to be re-shared with other recipients. Requires decrypt-then-encrypt. Where the decrypt happens could mean privacy is not preserved

[How proxy re-encryption works]

[animated example]

Arjun: you can include arbitrary conditions (eg payment)
... if you distribute/decentralize this architecture you protect against ddos, outages etc

Rudi: how does the re-encryption take place w/o Alice's private key

Arjun: we have a lengthy white paper explaining in more detail
... this is policy driven and Alice can decide which individual[s] or organizations to share with

[interaction diagram]

Arjun: Alice doesn't need to negotiate access to Bob's public key
... you can apply this to many use cases in transportation

[slide with high level use cases]
...proxy re-encryption. Alice shares a re-encryption key with a server, the server performs re-cryption with Alice's permission when given Bob's public key. Furthermore, nucipher uses split keys to prevent denial-of-reencryption-service by a single proxy.
...scheme name umbral
...in automotive application: alic give public key to vehicles OBD device. Device stores data encrypted with alice's public key. Alice creates a policy and gives acces to the insurance company. Insurance company gets encrpted data and request re-encryption to them from nucypher network.
...more applications than just insurance

Arjun: who creates the sharing policy, where is it enforced - on the car or cloud?
... this raises the question at what point does granular access become a burden to the customer?
... without becoming a UX disaster

David: is your tokenization dependent on etherium blockchain?

Arjun: some metadata that ends up on chain

[discussion of economics of sharing proxies]

Rudi: this is related to what media is doing to protect media streams
... entitlements are handed to subscribers

vehicle can write to policy but private key remains with Alice

before going for re-encryption

Open Process for the Development of a City Data Standard

Mark Fox - University of Toronto [ Slides]

Mark: ISO JTC WG11, mandate includes data ontologies for smart cities
... challenge is access to the specs or ontologies in ISO
... I want to have an open process and help me develop what that is
... we need something openly for the data world
... this is a set of proposed new work projects, focus on data models
... not limited to transportation per se
... from yesterday you remember the model levels we are doing for city data. foundational (time, location...), city and service
... we want to identify those common concepts, what they can contribute to
... at service level, they are created by one but available to other services
... we are not trying to reach down to individuals vehicles but stay at a higher level
... it is about commonality

David: is this clustering (aggregation)?

Mark: that could be the case and certain types of information may make it way out towards us
... how do we do this?
... appreciate W3C bringing us together for this conversation
... my goal is to not create a closed process but open one
... what I am proposing is to use an open tool, not necessarily github, so they are openly available to see, people can register and comment

[Open Development Process]

Mark: want to take a minimalist view, why the properties being proposed are relevant in city scope

Dick: one of the concepts for L2 concept was need for multiple use cases to justify existance, why?
... others should be able to make a decision

Mark: at service level, go ahead, at city level demonstrate other use cases

Dick: is there a graduation process to move it to next level?

Mark: there is a process for handling this
... that is the point of an open process is for those types of things to occur

Deborah: concept of parking space can go from household to office

Mark: we are not trying to do the detailed work taking place at other organizations

Lightning Talks

[see https://www.w3.org/auto/events/data-ws-2019/schedule]

Grade Crossing Behavior Model RJ Rittmuller

Rudi: you are training on model of good behavior, not bad

RJ: we are
... you can simulate behavior

Open Telematics API, Ben Gardiner

ADEPT – a Limited Iterative Ontological Notation, Gregory Sharp

David Mordecai

[background and coordination with other universities and NYU]

[refer to video in lieu of slides]

Cheryl Scott

[EU data safety project video, see zoom recording]

Breakout Sessions

Inter-SDO Coordination

Standardized Entities for transport

Aftermarket

Privacy/Security

<jasont> data for road safety video https://www.youtube.com/watch?v=zfNeHtUNRlA

Brent: we focused on aftermarket such as a more advanced tpms being able to provide additional signals
... challenges on how to get access to this in the vehicle and send this to the cloud
... for fuel %of full as in rental car market. they are inconsistent in practices and even tank size per vehicle sometimes
... atmospheric pressure and other influences

Josh: we had standardized entity types
... observed considerable overlap in schemas presented and ours for things like devices, sensors, users, trips
... thought it would be useful to create a shortlist and we actually came up with quite a few more
... different perspectives on what a trip is
... a trip can start when it is turn on, duration and route taken until it is turned off
... need to look at schema.org to see which are already have notions established to build on

Ken: we talked about how to make inter-SDO happen
... we modified the pyramid model I showed. worked to merge it with JTC-1 City concepts
... model is no longer an ITS model but more an IoT model
... encourage industries and other groups to fit that
... it should be divided up into different standards and parts. ontologies, issue handling etc needs to be public and considering using github for that
... we need to figure out logically which SDO or entity is the driver
... this requires us to go back to ISO to see if this is possible from their perspective
... not detailed modeling rules

Deborah: we talked considerably about security issues, looking at the gaps, the now and what is coming down the path
... we are not implementing the known basics, integrity protection, encryption etc what is being done elsewhere
... manufacturers know this and working toward solution but not fast enough
... scalable attacks are more pronounced, concern about over the network attacks in particular
... SOTA as a practice that needs to be used widely and ensure not provide an attack surface

Notes:

      Security breakout: what are the gaps/challenges?
Rudy; security in V2X space; 
Red shirt/shorts: network security; we’ve done this before—solved, not adopted; multiple trust roots
RJ: Vendors not implementing standards, e.g., authentication, Android auto —failure to follow reference implementation; lack of technical know how
Red shirt: Cost of ECU with hardware security modules
RJ: not implementing the basics
RJ: some vendors are monitoring their networks—Tesla is monitoring their networks; have a security gateway
RJ: ECU failures from exploited vulnerabilities can be catosrtophi
Rudy: remote access enables scalable attacks
Amir: would not see evidence in telematics data of vehicle controls sent to vehicle
RJ: USB-connected cameras watching the freight 
Amir: Geotab does passive collection; other telematics companies are offering control of the vehicle though the CAN bus 
Red shirt: need certified dongles
Khanh Hoang: Q: does Geotab dongle have built in GPS? A: Amir: no wifi, cellular back end
Khanh: Cadillac on super cruise is geofenced
Amir: slowing down stolen vehicle
Amir: options offered: remote start, lock/unlock
RJ: example of Tesla owner giving cross-site scripting attack as name of vehicle; ran when service person opened up vehicle record; could have affected fleet
Rudy: too many problems with CA-based models — doesn’t scale/isn’t tractable in vehicle space 
Challenge: fast recovery from attack is essential; need detection/isolation/fallback in spite of persistent threat
RJ: network segmentation would help
Rudy: Need resilience/recovery; can’t get completely hardened
RJ: software updates are critical; need secure OTA updates
Rudy: need ECUs with TEE capabilities and secure (unique) key distribution
Rudy: safe-mode: limp home mode, slow with hazards flashing lights 
RJ: this happens with sensor malfunction
Rudy: limp home mode differs between manufacturers; maybe 2nd gear; due to engine sensor problem, transmission failure
RJ: A/C shuts off; could engage via cyber attack
RJ: Cummings engine ECU does checksum at startup
RJ: modern vehicles don’t “turn off completely” ; phone app can communicate with vehicle even when you’ve turned it “off”
Rudy: telematics unit stays up for a few hours; turns off after a few days; SMS  is first service available when modem connects to base station
Rudy: wakes up every few seconds (programmable); Qualcomm chip sets

[video]

[discussion of Sensoris video]

Cheryl: those who opt in need to make their data available and cannot hoard. consent and neutral server concepts in discussion

Freight Data Models

Jennie: in 2016 when we started we had 40ish loads per day
... I want to introduce freight specific terminology

[Load]

Jennie: they are essentially same as Uber rides
... customers for Uber rides is individuals, for freight it is companies
... we partner with carriers to fullfil shipments
... we knew we wanted first class freight models and handle how they differ from Uber rides

[early data model]

[assumptions]

[carrier]

Jennie: only 5 at first, now up to 63 fields
...started in 2016 as MVP, then launched in 2017
...This is diffferent from uer ride, but similar. Longer duration, higher price and customers are businesses
...Uber Freight partners with carriers to fullfill shipments
...First model was a simple ; they assumed 1 load = 1 carrier & 1 load = 1 source + 1 destination

Jennie: we experienced pain points pretty quickly, needed a load to be handled by multiple carriers etc

[fastest growing logistics company in US]

Jennie: you can imagine the use cases we need to support today are more complex than in the past
... how do we refactor and grow along with the business
... Jon has some new use cases to share

Jon: with all this growth comes challenges, new opportunities and strategies

[load]

Jon: load and job model. load has 5 main abstractions, commodities being shipped. items are grouped to a purchase order
...First model was a simple ; they assumed 1 load = 1 carrier & 1 load = 1 source + 1 destination
...This had limitations; there was no distinction between shipment obligation and fulfillment strategy
...no support for: shipments with multiple stops; shipments with actions at the end of trips (either required by uber or the shipper)

Jon: job, tasks

[new model]

[multi-stop]

Jon: seeing some major gains. we have PO as a first class citizen
...the fastest growing logistics company in US history
...The model now has two large domains : Load Model and Job Model
...Load Model has Purchase Order // Item // Stop // Stop Task
...Job Model has Job // Waypoint // Waypoint Task
...the new model has already decoupled shipment obligation (load) and fullfillment (job) and now can have multiple pickup or dropoff operations at a single place

Jon: we can now handle more than two stops per shipment

[breakdowns]

Jon: original job is driver arriving at point 1, transporting it to 2 destination
... we wanted a really good audit log of how this happened

[Truck order not used]

Jon: driver arrives but shipment missing or not ready
... a single carrier may have multiple drivers for a shipment

[Bundles or chains]

Jon: more complex models where we group jobs, optimize routes
... may be priced differently than single shipment jobs

[relays]

Jon: multiple carriers and possibly an exchange, differs from multi-driver in trailer is switched or unloaded and repacked into next container

[powerloop]

Jon: this is more about moving trailers around, empty or full for optimization

[cross border]

Jon: carriers may not be certified to cross borders which may necessitate a change in carrier

[expedited]

Jon: some customers may want things delivered quicker and beyond the parameters of ERODS (driver hours)
... (HOS)

[intermodal]

Jon: we want to include multiple modes for a shipment, could include rail, ship, truck etc
...This enables some new use cases:
...multi-stop
...breakdowns
...bounces (need to remove a carrier from responsibility of shipping)
...Truck Order Not Used (shipment is ready but when driver arrived there is no shipment to pickup)
...multi-driver (single carrier wants to use two drivers)
...bundles/chains (a grouping of jobs that can be advertised as a single unit -- gives uber the power of advertising multiple jobs as a unit)
...relays (mulitple carriers execute one shipment, performing an exchange in the middle)
...trailer swap (two drivers pass each other and swap trailers -- keeps drivers local to a region)
...PowerLoop (uber has a partnership with another entity whose goal is to move items in cycles to create more fluid markets of goods -- enables uber to pickup and drooff empty trailers)

Jon: those were the primary use cases we wanted to tackle
...Cross-border (not every carrier has the permission to cross the national borders)
...Expedited (team driving -- modeled as a two driver exchange)
...Intermodal (e.g. boat to truck)

George: you handling different sized loads, refrigerated, etc

Jon: we have load requirements that do take that into consideration

Joseph: this dynamic or fixed pricing?
...The majority of their shipments managed by Uber are full truck load

Jon: there are some dynamic aspects in the pricing

Jay: some loads treated differently, more challenging and priced differently?

Jon: we are not getting into hazardous loads, but categorizing more difficult ones

Jason: what is the tracking, progress etc?

Jon: a single load can have multiple actions

Luis: what kind of db are you using for this?

Jon: relational for now and may choose something else later, primarily transactional

[hotshot trucking]

Jay: how did you decide on your initial set of use cases?

Jon: based on having the right people in the room, learning from those with freight backgrounds
... what are the critical use cases for our business goals. expanding into a new freight modality was more important than a new geographic market
... we wanted to go deep on a strategy to learn from it

George: this using h3 spatial model for load balancing

Jon: our marketplace is pretty much from scratch

Ted: purchase order terminology seems off, sounds more like shipping manifest. some of these are variations and hope you first commonalize and then deem customization to avoid duplicating definitions

Jon: yeah, we will be going that way
...we could recomend to w3c that a new group should be formed on coordinating automotive data standardization (then lists all the steps -- it will take a while)
...an idea is leverage the fact that the geospatial group is up for re-chartering: use it as the platform for making the coordinating auto data standards
...someone should catalog these other ontologies. schema.org is a good starting point.
...There were a small number of position statmeents -- but many projects and ontologies shared.
...We need to go through all the link dumps and identify where we can unify
...If we don't get the ontologies setup early then there wil be lots of work to do in the future on interop and that work will be effort that could have been saved.

Ted: @@outline

George: you identified area of common interests
... we got together and talked, are there things we want to work on
... can we get these organizations to work together?
... as for the entities list, yeah there are things I want to work on

Josh: I think the breakout groups were all in scope
... accessibility track from yesterday too
...george asks what is the scope of what we will work on? a: the items circled on the whiteboard from the standardized entities for transport are topics that he wants to work on

George: formal coordination takes time
... the more parties you try to coordinate the more difficult, sure aspire to that but meanwhile people should continue on current efforts
... similarly to get OGC engagement, need to see if there is interest
...george suggests to take each of those entiteis and identify who has a pieve of each and then compare who has what and try to harmonize

Peter: part of the Auto WG and need to see the ontology being worked on get uptake

Mark: from JTC-1, there are a number of entities on the board that should be a direct focus
... share the view we do not want to wait on established coordination
...george suggests to take each of those entiteis and identify who has a pieve of each and then compare who has what and try to harmonize
...volvo says that they are working on VSS right now and they really need an ontology on top of that _yesterday_
...mark shares the view that waiting on formal coordintion isn't possible. this needs to be worked on now

Carlos: we want to get moving and need it moving now too
... we have a number used internally and agree to the list on the board, see what we want to work on

Ken: first and foremost we need to identify major entities that need to agree on, two organizations either started on the area or should take lead and that will help us move quickly
...ken asserts that first and foremost we need to identify the major entities on which we need to agree. then identify people to lead those entities

Mark: Ken and I will put together a document
...if we want this all to come together then each group needs to use the same modeling rules
...setting baseline concepts early on will make it more likely to have all the models come together
...Mark and Ken will be drafting a document on modeling rules
...Mark asks if we can use the email list. Ted will create a mailing list.
...Ted has another idea: pick on entity that is a top priority item. Start looking at defining what are the criteria of teh work that needs to be setup. e.g. who is the lead? How do we influence it?
...Ted suggests Route ; Josh says 'trip' for Uber byt Route is very similar

George: difference between trip and route?

Josh: trip is a route taken including timestamps

Ken: trip could be multi-modal

trip, route, observations...

George: routing api would be a really good thing

Josh: we are doing quite a bit with apis already

David: @@737
... as we increase abstraction remember the impact to the physical world

@@mailing list, report, assessment of route models suggested as an early starting point

Jason: @@

* Jason @ here suggests that the level of verbosity and complexity should vary between the application of the data model. e.g. VSS is simple a low-verbosity and fits in the embedded space; but at loud exchange the format might need to be more verbose and ready for higher throughput

Summary of Action Items

Summary of Resolutions

[End of minutes]
Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2020/05/05 14:31:44 $