- From: Ted Guild <ted@w3.org>
- Date: Wed, 03 Jun 2015 12:40:03 -0400
- To: public-autowebplatform <public-autowebplatform@w3.org>, public-automotive <public-automotive@w3.org>
- Message-ID: <1433349603.2786.167.camel@w3.org>
This is a call for participation in a Security and Privacy Task Force. It will be a joint task force comprised of the W3C Automotive and Web Platform Business Group [1] and the W3C Automotive Working Group [2]. Participants need to belong to either the Business Group (BG)or Working Group (WG). If you are interested in participating in this task force please contact either one of the staff contacts (Kaz Ashimura or Ted Guild) or chairs (Paul Boyes or Adam Abramski), their contact information is in the cc line of this email. Do encourage participation from security experts you are acquainted with at your organizations and those you collaborate with. The Working Group is chartered [3] to bring a vehicle API and data specification through W3C's Recommendation Track. Any work that will directly influence specifications needs to be worked on solely within the Working Group to ensure contributions are made under the Patent Policy [4]. Deliverables that have no direct impact on the specification can be worked on jointly. The Business Group is presently undergoing rechartering after handing off its draft specifications to the newly formed Working Group. Its charter will include Media Tuner API and Navigation/Location Based Services initially and will be revised as other incubator activities gather interest and momentum. This task force will be exploring security primarily from the perspective of standards being worked on in the WG or under early exploration in the BG, focusing on potential attack vectors being created. Some consideration may be given on broader aspects of security but unless those areas of the purvey of other groups in W3C or other organizational liaisons they will be considered out of scope. Privacy similarly will remain focused on data being exposed by standards emerging from the WG and BG but may broaden to potential use cases of applications based on that data, API interaction, user data rights and clearly communicated opt-in sharing arrangements. It is not the intent of this task force to try to address broader concerns of automotive and web platform. This task force intends to liaise with the following W3C groups: * Web of Things (WoT) Interest Group [5] * Privacy Interest Group [6] * Web Application Security Working Group [7] * Web Security Interest Group [8] Potential deliverables: * Use cases * Best practices * Challenges * Requirements To avoid cross posting to BG and WG mailing lists this task force will use public-auto-privacy-security@w3.org as a dedicated list instead. It is publicly archived [9], task force participants are automatically subscribed and only participants are allowed to post messages. We can revisit the configuration later if warranted. Follow responsible disclosure practices [10] and do *not* post any sensitive security information to this mailing list but instead send any discrete messages to chairs and staff contacts. If necessarry we can create an unarchived list for confidential discussions. List of task force participants is available to W3C Members [11]. [1] https://www.w3.org/community/autowebplatform/ [2] http://www.w3.org/auto/wg/ [3] http://www.w3.org/2014/automotive/charter [4] http://www.w3.org/Consortium/Patent-Policy-20040205/ [5] http://www.w3.org/WoT/ [6] http://www.w3.org/Privacy/ [7] http://www.w3.org/2011/webappsec/ [8] http://www.w3.org/Security/wiki/IG [9] https://lists.w3.org/Archives/Public/public-auto-privacy-security/ [10] https://en.wikipedia.org/wiki/Responsible_disclosure [11] https://www.w3.org/2000/09/dbwg/details?group=78932 -- Ted Guild <ted@w3.org> W3C Systems Team http://www.w3.org
Received on Wednesday, 3 June 2015 16:40:09 UTC