Re: [Minutes] Auto WG 2016-09-06

On Tue, 2016-09-06 at 18:39 -0700, Song Li wrote:
> I missed the security part of the discussion - I would suggest we
> include certificate management in our security model. It should cover
> (but not limited to):
> How to create certificates
> How to deploy certificates to in-vehicle servers
> How developers authenticate the server via certificates
> How to revoke and renew certificates

Hi Song,

I had given some thought on an app market eco-system that would go
beyond what we're standardizing and started an article, never published
and still drafty, that starts to touch on certs. You'll probably
recognize some bits from a phone call we had some time ago.

https://www.w3.org/2016/04/guidelines-article.html

The purpose of the article is to give background to those not familiar
with this space and to try to attract more experts to work on privacy
and security guidelines. I am not seeing the level of cooperation yet
among OEM/Tier 1s nor with 3rd party developers that would be necessary
for such marketplaces.

Certs, app package management, OS privilege management etc is elsewhere
in the stack than web layer. With Genivi Security Expert Group being
restarted and their interest in working with us we should explore these
area which is why I added Jeremiah to the Cc.

Steve Crumb had asked for someone from W3C to attend a "Standards
Integration Workshop (End to End Security)" meeting in Ann Arbor on 5
October. I will not be able to attend and have been unsuccessful so far
in finding a W3C colleague to attend. It is too far for someone from
Asia or Europe to go for a half day meeting. I believe our Chairs also
expressed regrets. I should have thought to ask if you could go. If not
I suspect there be some sort of report and opportunity during Genivi
AMM to get swapped in and continue the conversation.

-- 
Ted Guild <ted@w3.org>
W3C Systems Team
http://www.w3.org