W3C home > Mailing lists > Public > public-autowebplatform@w3.org > March 2018

Re: Initial draft of agenda for upcoming April f2f in Munich

From: Stiepan Aurélien Kovac <skovac@sunrise.ch>
Date: Fri, 23 Mar 2018 12:46:24 +0100
To: "Foster, Jeremiah" <JFoster@luxoft.com>, Paul Boyes <Paul.Boyes@inrix.com>, Peter Winzell <peter.winzell@jayway.com>
Cc: public-automotive <public-automotive@w3.org>, public-autowebplatform <public-autowebplatform@w3.org>, 이원석 <wonsuk.lee@etri.re.kr>
Message-ID: <8f5f0e0d-cf3f-c1d1-ce6f-a93b814590cc@sunrise.ch>
Hi Jeremiah,

Please find my in-text reply hereafter:

On 03/22/18 16:14, Foster, Jeremiah wrote:
>> Hi, I may prepare a presentation on what would be needed for Android/AOSP to be secure and safe for use in applications where safety is critical such as cars, based on my own experience in a project I am coordinating with my company and my previous research
>  on the subject of mobile security in general.
>
> JF - Are you referring to ISO 26262 certification? I think that is really the only relevant benchmark for safety-critical software in vehicles. OEMs want to have multiple displays in the vehicle and have functional safety information, like telltales, appear on any screen. This domain interaction (functional safety domain and infotainment domain) is GENIVI's focus now.
For now our focus has been on MISRA, but we will definitely take better
into account all applicable ISO norms for the future, not only for
safety but also for other domains, thank you for your comment.

>> Likewise, when it is used for in-car entertainment purposes only, I may provide my perspective on making it compatible with the upcoming GDPR (May!).
> JF - This is hugely important as the EU plainly states that GDPR is relevant for vehicles. Also, the emerging idea of 'industrial data rights' in relation to vehicles is an area that ought to be addressed I believe (PDF: http://www.grur.org/uploads/tx_meeting/01-Wiebe_Presentation_Brussels.pdf) in relation ti GDPR. Personally I feel that W3C has not been as robust as it might have here in promulgating standards around data usage. I think the work is being done in other places. W3C needs to clarify its relevance to not just the GDPR but to other emerging IPC and display standards.

Regarding GDPR, now that the EU has a digital strategy (according to the
cited PDF, Comm. Oettinger said in 2015: „EU lacks a data strategy“), we
seek to provide means to implement it, as the worse would be that it
remains "lettre morte" and companies infringing the GDPR "simply" see a
4% tax increase: on the contrary, they should take this opportunity to
improve their products (we can help). Likewise, GDPR is one thing as you
rightly put it, but we should also look at what other countries are
doing in this direction, which would be coherent with better taking into
account all applicable international norms.

>
>> Last but not least, if possible, I would like to invite a speaker from a German university who could provide interesting insights on the current mobile base band attack surface, OS-independent (i.e. not restricted to Android/AOSP in particular), with the  goal to identify areas that need to be improved upon, thereby avoiding scenarios like getting one's connected car stolen (or worse) with the use of a rogue/manipulated mobile network cell. I know, this is about web technology and I am considering the full stack, but since we speak about Android... Pick your favorite!
>> JF - Interesting stuff and well worth discussing. But there is a lot of automotive specific security work done in other places. Firstly, each OEM has a robust security shell that they deem crucially important. Along with their own approach, they have their own service level agreements and other contractual obligations that they place on their suppliers (right to inspect, vehicle lifetime, etc.). AGL has developed its own security framework, Android obviously has its own. Hypervisors are another layer that are selling security and isolation capabilities (with containers making inroads). In addition, GENIVI has a security expert group and that group coordinates with other groups globally, like FASTR and ISAC, though the bindings to these other initiatives might benefit from greater coordination. In general I worry that there is a surfeit of standard bodies and a paucity of real standards. I wonder what the W3C hopes to do to address this?
Well, I was referring at physical layer security, if you wish (or more
correctly, of the software inside the "black boxes" that are phone's
radio interfaces, which include hypervisors, often outdated versions
however). I think that between ISO and W3C in the overall automotive ICT
security standardization landscape, there's the ITU-T's SG-17, but I
might be biased as a part of the SG-17 study group (and this is only my
personal opinion). W3C may send a liaison to that group though, that
could be a first step and then we could move on from there. Should you
wish to do so, please write to my company e-mail stie at itk dot swiss
and I will transmit it to the corresponding SG17 question rapporteur.
> Regards,
>
> Jeremiah
>
>
>
> On 03/21/18 21:56, Paul Boyes wrote:
>
>
> I changed to Android in Automotive.
>
>
>
>
>
> Paul J. Boyes |
>  INRIX | Director of Telematics and Standards - OpenCar  |  206-276-9675 | paul.boyes@inrix.com | www.inrix.com
>
>
>
>
>
> On Mar 21, 2018, at 1:51 PM, Peter Winzell <peter.winzell@jayway.com> wrote:
>
>
>
>
> HI, so we should change the agenda item from Android auto to Android Embedded/AOSP ?
>
>
> Br
>
> Peter Winzell
>
>
> 2018-03-21 13:49 GMT-07:00 Peter Winzell
> <peter.winzell@jayway.com>:
>
> Sure, sounds good.
>
>
>
>
> On Wed, 21 Mar 2018 at 13:21, Paul Boyes <Paul.Boyes@inrix.com> wrote:
>
>
> Peter,
>
>
> You can pin that one on me.  I am seeing Android (not just Android Auto) pop up in automotive quite a bit and am interested in hearing thoughts and discussing it in relationship to the Automotive WG and experience in general.   Make sense?
>
>
>
>
>
> Paul J. Boyes |
>  INRIX | Director of Telematics and Standards - OpenCar  |  206-276-9675 | paul.boyes@inrix.com | www.inrix.com
>
>
>
>
>
>
>
>
>
> On Mar 21, 2018, at 11:53 AM, Peter Winzell <peter.winzell@jayway.com> wrote:
>
>
>
>
>
> Hi Wonsuk!
>
>
> I was just wondering why we are having phone mirroring(android auto) on the agenda for the f2f ? What is the idea behind that (sorry for have missed the meeting)
>
>
> Br
>
> Peter WInzell
>
>
>
>
> 2018-03-06 21:34 GMT-08:00 이원석 <wonsuk.lee@etri.re.kr>:
>
>
>
> Hi. Guys.
> I made an early draft of agenda below for upcoming f2f in Munich. It’s only have input from Paul and me. So please review and let us know your view!
> https://www.w3.org/auto/wg/wiki/Auto-f2f-april-2018
>
> Thanks!
>
> Cheers,
> Wonsuk.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> --
> Stiepan A. Kovac
> M Sc ICT Security
> IT+Tech. Tel. Eng.
>
> T: +41 22 734 59 96
> M: +41 76 382 59 96
> skovac@sunrise.ch
>
>
>
>
> ________________________________
>
> This e-mail and any attachment(s) are intended only for the recipient(s) named above and others who have been specifically authorized to receive them. They may contain confidential information. If you are not the intended recipient, please do not read this email or its attachment(s). Furthermore, you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachment(s) is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this e-mail and then delete this e-mail and any attachment(s) or copies thereof from your system. Thank you.
Regards,
Stiepan

-- 
Stiepan A. Kovac
M Sc ICT Security
IT+Tech. Tel. Eng.

T: +41 22 734 59 96
M: +41 76 382 59 96
skovac@sunrise.ch
Received on Friday, 23 March 2018 11:47:06 UTC

This archive was generated by hypermail 2.3.1 : Friday, 23 March 2018 11:47:07 UTC