W3C home > Mailing lists > Public > public-automotive@w3.org > September 2016

Re: [Minutes] Auto WG 2016-09-06

From: Jeremiah Foster <jeremiah.foster@pelagicore.com>
Date: Wed, 7 Sep 2016 11:00:23 -0400
Message-ID: <CADVDRBinDtLsa4nxzOHK_UOzD+0m33hOX60-hVru4MXTr8aaEg@mail.gmail.com>
To: Song Li <ls@newskysecurity.com>
Cc: T Guild <ted@w3.org>, public-automotive <public-automotive@w3.org>

@Song Li: I'll see if there are any credentials required for you to attend
the meeting remotely.



On Wed, Sep 7, 2016 at 10:06 AM, Song Li <ls@newskysecurity.com> wrote:

> Hi Ted,
> Thanks for the article, very insightful and I'm glad that the most
> important aspects of vehicle security are listed. Also thanks for
> introducing Jeremiah, nice to e-meet you, Jeremiah.
> Unfortunately I have another travel plan that's overlapping with the Ann
> Arbor meeting, I'd love to provide my input remotely if that's possible,
> or, as you said, continue the conversation during other meetings.
> Regards
> Song Li
> Co-founder and CTO
> NewSky Security <https://newskysecurity.com>
> On Wed, Sep 7, 2016 at 5:45 AM, Ted Guild <ted@w3.org> wrote:
>> On Tue, 2016-09-06 at 18:39 -0700, Song Li wrote:
>> > I missed the security part of the discussion - I would suggest we
>> > include certificate management in our security model. It should cover
>> > (but not limited to):
>> > How to create certificates
>> > How to deploy certificates to in-vehicle servers
>> > How developers authenticate the server via certificates
>> > How to revoke and renew certificates
>> Hi Song,
>> I had given some thought on an app market eco-system that would go
>> beyond what we're standardizing and started an article, never published
>> and still drafty, that starts to touch on certs. You'll probably
>> recognize some bits from a phone call we had some time ago.
>> https://www.w3.org/2016/04/guidelines-article.html
>> The purpose of the article is to give background to those not familiar
>> with this space and to try to attract more experts to work on privacy
>> and security guidelines. I am not seeing the level of cooperation yet
>> among OEM/Tier 1s nor with 3rd party developers that would be necessary
>> for such marketplaces.
>> Certs, app package management, OS privilege management etc is elsewhere
>> in the stack than web layer. With Genivi Security Expert Group being
>> restarted and their interest in working with us we should explore these
>> area which is why I added Jeremiah to the Cc.
>> Steve Crumb had asked for someone from W3C to attend a "Standards
>> Integration Workshop (End to End Security)" meeting in Ann Arbor on 5
>> October. I will not be able to attend and have been unsuccessful so far
>> in finding a W3C colleague to attend. It is too far for someone from
>> Asia or Europe to go for a half day meeting. I believe our Chairs also
>> expressed regrets. I should have thought to ask if you could go. If not
>> I suspect there be some sort of report and opportunity during Genivi
>> AMM to get swapped in and continue the conversation.
>> --
>> Ted Guild <ted@w3.org>
>> W3C Systems Team
>> http://www.w3.org

Jeremiah C. Foster

Pelagicore AB
Ekelundsgatan 4, 6tr, SE-411 18
Gothenburg, Sweden
M: +1.860.772.9242

(image/png attachment: PELAGICORE_RGB_Black_horizontal.png)

Received on Wednesday, 7 September 2016 15:00:56 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:06:00 UTC