Meeting minutes
Peter: looking for status updates on VISS, Charter, etc
Ted: I need to bring v1 to Director for review for Proposed Rec but charter privacy topic has given me pause as we lack ACLs even in v1
… summarizes conversation with Wendy and Sam, next step
Peter agrees more a best practices topics
MagnusF: is the bar is too high, the OEMs will simply walk away
… OEM usually owns both ends of data at present, Massachusetts referendum aside
… it is also a legal issue
… like you (Ted) am a privacy pundit but that is personal opinion. idealistic and reality can clash
… I can perhaps have an informal discussion with Toyota legal
Ted: nearby on privacy topic is NSF CCRI proposal I'm working on with U Memphis and SRI, essentially our graph project https://
Proxy reencyption
Isaac: proxy reencryption allows you start with a public key in the vehicle, all information leaving car would be encrypted with it
… later on you can decide who can decrypt without having to change anything on the car
MagnusF: proxy owns the private key?
Isaac: the private key that corresponds to the public one in the car, owner, fleet etc has it and can use proxy to reencrypt for third parties
MagnusF: today we have keys in a keystore that hits an edge server which is owned by the OEMs themselves
… data is typically scrubbed of personal information before reencrypted, sold and shared
… how is this different?
Isaac: the data manager, OEM in this case, can access the data in the clear
… this is encrypted end to end, including to third parties
Rudi: I have two concerns, first is PKI infrastructure and second is asymetric keys and compute intense
… large amount of data would consume too much resources. would prefer symmetric keys created on originating device
… server only has to modify reentitlement
… I don't consider data streams any different from media streams
Isaac: proxy would be same way
Ted: more on the 25th, wanted to provoke thought and attendence on that call. we often hear every byte counts so need to be mindful of that and would like to see something that can be selective in what it can reencrpyt based on sticky policy but maybe not doable on encrypted data in cloud
Isaac: you can stack data and use parameters and there are multiple proxy encryption schemes
… I wouldn't be too concerned about performance. we can figure out which scheme applies to requirements, what we want to do
Gunnar: very interesting and still reading up on how the proxy doesn't know about private key
Isaac: I'll send some good samples plus challenges
… some schemes are succeptible to collaborative attacks (eg data consumer and proxy)
… you should also have a separate key pair to authenticate the individuals
VSSo kickoff
Ted: the Auto Ontology CG is rebooting to address additional use cases and needs for vehicle data
… the timing is perfect as VSSo, the ontology for vehicle telematics signals received end of last year as a Member Submission
… VSSo uses the core vehicle ontology the CG created, and work for that is also kicking off
… we will be starting in the Auto BG for now, this work is in draft Auto WG recharter
Auto Ontology coordination page
Daniel: VSSo was based on VSS1, there were a few issues that came up and influenced refactoring on branches and positioning for example and now part of VSS2
… we can now start on ontology again. we have a chance to automate the process in order to keep VSSo in sync with VSS
… we have a proposal and repo
… if interested please join the call
… we submitted a paper to IEEE which sums up our thinking and can send to member-automotive@w3.org but please don't distribute it