CfP in Automotive Privacy and Security Task Force

This is a call for participation in a Security and Privacy Task Force.
It will be a joint task force comprised of the W3C Automotive and Web
Platform Business Group [1] and the W3C Automotive Working Group [2].
Participants need to belong to either the Business Group (BG)or
Working Group (WG).

If you are interested in participating in this task force please
contact either one of the staff contacts (Kaz Ashimura or Ted Guild)
or chairs (Paul Boyes or Adam Abramski), their contact information is
in the cc line of this email.  Do encourage participation from security
experts you are acquainted with at your organizations and those you
collaborate with.

The Working Group is chartered [3] to bring a vehicle API and data
specification through W3C's Recommendation Track.  Any work that will
directly influence specifications needs to be worked on solely within
the Working Group to ensure contributions are made under the Patent
Policy [4].  Deliverables that have no direct impact on the
specification can be worked on jointly.

The Business Group is presently undergoing rechartering after handing
off its draft specifications to the newly formed Working Group.  Its
charter will include Media Tuner API and Navigation/Location Based
Services initially and will be revised as other incubator activities
gather interest and momentum.

This task force will be exploring security primarily from the
perspective of standards being worked on in the WG or under early
exploration in the BG, focusing on potential attack vectors being
created.  Some consideration may be given on broader aspects of
security but unless those areas of the purvey of other groups in W3C
or other organizational liaisons they will be considered out of scope.

Privacy similarly will remain focused on data being exposed by
standards emerging from the WG and BG but may broaden to potential use
cases of applications based on that data, API interaction, user data
rights and clearly communicated opt-in sharing arrangements.

It is not the intent of this task force to try to address broader
concerns of automotive and web platform.

This task force intends to liaise with the following W3C groups:

* Web of Things (WoT) Interest Group [5]
* Privacy Interest Group [6]
* Web Application Security Working Group [7]
* Web Security Interest Group [8]

Potential deliverables:

* Use cases
* Best practices
* Challenges
* Requirements

To avoid cross posting to BG and WG mailing lists this task force will
use public-auto-privacy-security@w3.org as a dedicated list instead.
It is publicly archived [9], task force participants are automatically
subscribed and only participants are allowed to post messages.  We can
revisit the configuration later if warranted.

Follow responsible disclosure practices [10] and do *not* post any
sensitive security information to this mailing list but instead send
any discrete messages to chairs and staff contacts.  If necessarry we
can create an unarchived list for confidential discussions.

List of task force participants is available to W3C Members [11].

[1] https://www.w3.org/community/autowebplatform/
[2] http://www.w3.org/auto/wg/
[3] http://www.w3.org/2014/automotive/charter
[4] http://www.w3.org/Consortium/Patent-Policy-20040205/
[5] http://www.w3.org/WoT/
[6] http://www.w3.org/Privacy/
[7] http://www.w3.org/2011/webappsec/
[8] http://www.w3.org/Security/wiki/IG
[9] https://lists.w3.org/Archives/Public/public-auto-privacy-security/
[10] https://en.wikipedia.org/wiki/Responsible_disclosure
[11] https://www.w3.org/2000/09/dbwg/details?group=78932

-- 
Ted Guild <ted@w3.org>
W3C Systems Team
http://www.w3.org

Received on Wednesday, 3 June 2015 16:40:10 UTC