See also: IRC log
paul: spec timeline, security update, etc.
-> https://www.w3.org/auto/wg/wiki/Main_Page#Publication_Schedule publication schedule so far
kaz: we should update the
timeline
... FPWD already done
<paul> https://www.w3.org/auto/wg/wiki/Main_Page
kaz: and we're preparing the second draft
paul: LC/CR should be later
kaz: maybe Q2 2016
paul: so PR and REC for Q4 2016
paul: we'll work for the testing
and implementation as well next year
... Genivi is doing one
peter: started to see how to
implement on Chromium
... and outlook how to test it
... collaboration with Genivi would be good
paul: right
... willing to take an action to see what would happen in US
and Genivi
... we can get some small loop to work together
... making proposal and align things
peter: started with
Chromium
... how to add interfaces
... you can use the browser itself
... I don't know if that is the best choice, though
paul: anybody who work with
Chromium could use that, so that's good
... for typical cars
peter: think so
... but don't think you can do that on your PCs
... could do if you have some recorder
paul: Kevin and Adam?
kevin: not typically CAN
logs
... but we could do
peter: we've been testing head units
dave: think ACCESS has something
paul: we can record data and use
some simulator
... JLR has some mechanism
... let me sense
... have to see definition
... any comments from Urata-san?
urata: using some property from
dongle
... getting CAN data via the dongle device
... translate CAN data to JSON
... could be a reference model
paul: Dave, do you have any experience?
dave: open xd has some
project
... hardware is open
... proprietary binary format
... convert the output data to JSON
paul: also interested in what
Google is doing
... how we can get/record data?
... e.g., using chrome
... various possibilities
peter: would take an action to
see what would be available
... not sure what the actual state
paul: most people should consider
peter: try to contact Genivi
paul: e.g., Gunnar?
peter: yes
... will ask him
... the best is something open
dave: would see OpenXC
paul: anything from JLR?
kevin: CAN data database
paul: Kevron or somebody from
Poland
... non-production implementation
... Peter, you sent an email regarding what the test plan would
be
peter: part of the implementation I'm doing
paul: would people be interested in TF work?
peter: working on that everyday
paul: is anybody else interested?
peter: interested in how ACCESS thinking about testing
dave: interested in how the other groups working on testing
kaz: usually groups form a TF for
testing
... and people work collaboratively for that purpose
paul: yes, that' my
suggestion
... urata-san, are you willing to join it?
urata: interested but have time
restriction...
... can contribute very little...
paul: would send out a message to
ask people for participation
... we can coordinate
... understanding implementation, etc.
dave: interested
paul: will send an email
then
... peter, you can arrange the agenda
peter: ok
kevin: interested and possibly make contribution
kaz: we'll discuss not only implementation experience but also testing mechanism?
paul: yeah
kaz: we need to generate test
assertions and test suite
... also would be nicer to have testing environment
dave: automated tools would be helpful and worth consideration
junichi: access control
... for auto makers and implementers
... have been looking Web security specs
... manifest is permission list
... focused on icons
... another one is application mechanism
... controlled by implementers
... difficult to use for access control by auto makers
... we should consider approval of developers
... approving specific URL domains
... thinking of some root certificate
... vehicle APIs only approved domains
... would finish by the end of this month
... do you like the idea?
paul: yeah
junichi: feasibility, urata-san?
urata: with the restricted domain list?
junichi: usually all APIs are openly used by any domains
urata: W3C widgets spec is kind
of old
... but handles manifest and packaged apps
... maybe similar to your idea
junichi: currently we don't have a packaged format
urata: Firefox can use packaged
formats
... from app security perspective, that kind of packaged apps
would be effective
... maybe one candidate
... would listen to other approaches as well
kevin: token?
... basically have an authentication service
... to authenticate and verify the app
... e.g., using password
... facial recognition
... optionally authenticate the vehicle or infrastructure,
local government, highway agency, etc.
... assistance to get vehicle location, etc.
... authentication token attached to the HTTP header
... authorizing the access to the data
junichi: do we need to introduce a new HTTP header?
kevin: two tokens on a
request
... one token representing the user and another representing
the vehicle or something
... separate tokens are possible
junichi: several approaches we
discussed during TPAC f2f
... token was one of them
... another was having a proxy
kevin: like having a secure proxy
junichi: introducing a big
mechanism would cost much for implementers
... so would start with light-weight approach
kevin: in terms of modification
of spec, there would be minimum changes
... not mandatory
... happy to write an idea to access tokens
... not clear how to handle that within the spec, though
paul: we could add that as
informative notes
... basically we could add that to some informative section
kevin: can write some
wording
... for an informative section
kaz: yes, we can do so
paul: makes sense
... Kevin will generate some description
... Hashimoto-san, are you interested in adding something?
junichi: yes
paul: Peter will work on
implementation/testing TF
... myself will work with Adam and Dave for Genivi
AdamC: still not much discussion
on event handling
... would be great to have input from Urata-san, etc.
... vehicle enum should be changed
paul: Adam, you might want to summarize the discussion
kaz: should we ask TAG for some more help?
paul: Tobie made some suggestion during TPAC
kaz: yeah, Generic Sensor style is one possibility
paul: can send a message to
TAG
... anything else?
(nothing)
paul: will have the next call next week.
[ adjourned ]