Who am I?

• Web geek since 1993
• Joined W3C in 1999
• Presently responsible for the W3C technical mission and all of the Groups,
  co-Chair of the W3C Process Community Group
• I care about the Web

Why am I here?

1. The Web is a platform for applications:
   • Smart Phones, Smart TVs, Smart Watches, VR headsets
   • COVID certificates, Fediverse
2. The Vehicle is a device in need of a platform for applications

Brief History

Inventing the Web Platform - 1995 to 2005

HTTP serving HTML, CSS, DOM, and Javascript became the core technologies for the Web

Making the Web Platform Solid, Open, Interoperable - 2006 to 2019

Make the Web platform work better

The Present: Our Situation

The Web is a clear public good, taken for granted, and "too big to fail"

History of the W3C

W3C’s Vision for the World Wide Web

• The Web is for all humanity.
• The Web is designed for the good of its users.
• The Web must be safe for its users.
• There is one interoperable world-wide Web.

Vision of the W3C

[...] provide a consistent architecture across the rapid pace of progress in the Web
[...] improving the Web’s fundamental integrity, while continuing to expand the Web’s scope and reach
[...] continually striving to make the Web better through these principles and the Ethical Web Principles

From Vision Task Force

Driven by principles

• Ethical Web Principles
• Device Independence Principles
• Privacy Principles
• Ethical Principles for Web Machine Learning
• Web Platform Design Principles

… and multiple set of guidelines

Some learnings along the way

• The Web is a medium-term to long-term strategy
• Profiling the Web for your own purposes will likely bite you
• Ignoring the Web will bite you in the long term

Web?

The Web is not just inside your Web browser

Web User agents

CSS, GPU, Machine Learning, Payments, Performance, Content Guidelines, Notifications, WASM, ...

Web Data

RDF, XML, JSON-LD, Verifiable Credentials, Dataset Exchange, Distributed Tracing, Web Of Things

Technical needs

1. Maintain the current platform: CSS, Geolocation, SVG, ...
2. Improve the current platform: HDR, Codecs, Authentication, Identity, ...
3. Expand the scope: Immersive, Publication, Automotive

The Vehicle as a device

Moving living creatures and goods around

1. Move safely, securely, reliably, comfortably, timely, …
2. Be smart
3. Be more autonomous

It's a mechanical device with 2+ digital units and a lot of data/sensors

COVESA and W3C goals

COVESA

Enable a platform for data and APIs for the entire Auto industry

W3C

Enable automotive use-cases and requirements that can be leveraged by multiple industries

The Web as an Auto platform

• Lock/Unlock the device: Authentication
• Secured communications: end-to-end encryption, verifiable credentials
• Can't trust applications: secured environment, source code transparency
• User experiences: Gamepad, VR

Security and the Web

• Challenge: the Web runs arbitrary and untrusted code
• Web Authentication: enable public key-based credentials to authenticate users
• Permissions:
  • user's choice to allow or deny access to "powerful features"
  • developers may enable and disable features
• WebRTC Encoded Transform: enable end-to-end video encryption

Web Authentication

• Passwords are unsecure
• Strongly authenticated users: creation and use of strong, attested, scoped, public key-based credentials
• Uses cryptographic entity, existing in hardware (eg USB keys) or software (eg Mobile or OS apps)

Permissions

• Permissions API:
  • interact with browser permissions, representing user's choices
  • applications may query and be notified
  • used by powerful features, ie platform features (usually an API)
• Permissions Policy:
  • allows developers to selectively enable and disable use of various features and APIs
  • prevent own and third-party content executing within their application
  • enable certain types of "fast path" optimizations in the browser

Secure Payment Confirmation

• Payment Request API meets Web Authentication...
• New payment method for Payment Request
• WebAuthn Extension: "payment"

Privacy

• Conflict between monitoring and users' privacy
• Insatiable crave for data: Performance, Reliability, Advertising, …
• you're being watched: oversharing, search warrants

Private Advertising

• Privacy-Enhancing Technologies (PETs): address advertising use cases while meeting privacy guarantees.
• attribution and reporting using private computation
• multi-party computation (MPC) vs trusted execution environments (TEEs)
• W3C is about to launch the Working Group

Neural Network API

Web Neural Network API,
W3C Candidate Recommendation Draft, 6 June 2023

• Hardware-agnostic abstraction layer for NN inference
• Use cases: Person Detection, Style Transfer, Image Captioning, Detecting fake video
• Sync/Async build and execution, device selection (cpu/gpu), power preference
• Operands: sigmoid, softmax, slice, gru, hardSwish, squeeze, etc.
• Issue #350: Apple's CoreML can distribute a workload within a single ML graph across multiple devices including the Apple Neural Engine

Ethical Principles for ML

Ethical Principles for Web Machine Learning
W3C Group Draft Note, 29 November 2022

• Documents ethical issues associated with using Machine Learning on the Web
• general consideration of harms, risks and mitigations relevant to Web ML
• Accuracy: deviation from a true value can affect life, including credit scoring, loan approval
• Bias: systematic deviation can disproportionately affect individuals or groups
• Privacy: operating without a user’s knowledge/consent, scraping personal information to train models

Notifications

• Notifications API (WHATWG), Push API (W3C)
• Challenges:
  • Abuse/Spam
  • "Important" notifications
  • Various rings
  • Channels
  • Energy use
• Declarative Push Notifications

Immersive Web

• help bring high-performance Virtual Reality (VR) and Augmented Reality (AR)
• Specifications:
  • WebXR Device API
  • WebXR Augmented Reality Module
  • Layers API, DOM Overlays Module, Lighting Estimation, Gamepads, Depth Sensing, Hand Input, Hit Test

Devices and Sensors

• interact with device capabilities
• Specifications:
  • Generic Sensor API
  • Magnetometer, Proximity Sensor, Gyroscope, Accelerometer, Compute Pressure, Geolocation, Battery Status, Contact Picker, Device Posture, Device Orientation, Ambient Light, Screen Wake Lock

MiniApps

• facilitate the development of interoperable and robust MiniApps
• Specifications:
  • Manifest
  • Packaging
  • Lifecycle
  • Addressing

Web Of Things

• enable easy integration across IoT platforms and application domains
• Specifications:
  • Architecture
  • Thing Description

Web-based Digital Twins for Smart Cities

• forum for technical and business discussions related to those services
• support various services within Smart Cities through their use of Web technologies
• *work in progress*

VISS

• W3C Working Drafts
• VISS version 2 - Core:
  • messaging layer for accessing vehicle information
  • work across different protocols
  • created principally with VSS taxonomy in mind
• VISS version 2-Transport: HTTPS, Web Socket, MQTT

Deployment

From Verifiable Credentials and DiDs - Manu Sporny

Web Identity?

• Attempt to merge Mobile Document Request API (WICG) and Federated Credential Management (FedID CG)
• Web Identity Credential Working Group Charter(*)
• API to request identity credentials or assertions from users
• ISO/IEC 18013-5 mobile documents (mDoc), W3C VC /VP, OpenID Connect ID Tokens, and SAML assertions

(*) work-in-progress

What's next?

• Beyond VISS: waiting on deployment/adoption
• Leveraging the Web platform: medium/long term strategy
  • Automotive ecosystem is evolving
  • Cross-learning needed
  • Identifying intersections: smart cities, privacy, etc.

Thank you

• COVESA goals: Enable a platform for data and APIs for the entire Auto industry
• W3C goals: Enable automotive use-cases and requirements that can be leveraged by multiple industries

https://w3.org/2023/10/web-automotive