-
Notifications
You must be signed in to change notification settings - Fork 68
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consideration of wwwivi hostname #223
Comments
@anawhj Thank you for your feedback. It is very much appreciated. I am hearing the concerns about the GTLD (Generic Top Level Domain). As far as the possible solutions are concerned:
|
I agree the concerns about both discovery and out of scope. Does a subdomain of w3.org means 'wss://vis.w3.org' allows web app to locally connect to VIS in the car without a request to a external server (w3.org)? |
vis.w3.org would need to be resolved into an IP address. That can be done locally (for Linux/Unix typically /etc/hosts) and telling the resolver to use the local files first (for Linux/Unix typically set with /etc/nsswitch.conf). I admit hijacking a TLD and adding a subdomain that's locally resolved might not be very elegant. |
Hi,
If the owner of w3.org hopes, vis.w3.org can be resolved to 127.0.0.1 by a
global DNS. CAs are allowed to issue certificate for this domain name, so
we don't need self signed certificate. That is I asked an d an expert
answered at a breakout session in the last TPAC.
Junichi
2017/07/15 午前1:00 "Rudolf J Streif" <notifications@github.com>:
Does a subdomain of w3.org means 'wss://vis.w3.org' allows web app to
locally connect to VIS in the car without a request to a external server (
w3.org)?
vis.w3.org would need to be resolved into an IP address. That can be done
locally (for Linux/Unix typically /etc/hosts) and telling the resolver to
use the local files first (for Linux/Unix typically set with
/etc/nsswitch.conf). I admit hijacking a TLD and adding a subdomain that's
locally resolved might not be very elegant.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#223 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AA-qrmKzBN9zo9eUrgCowQ82lZlkCJIvks5sN5CLgaJpZM4OWqQN>
.
|
That could be the default solution to resolve the name to localhost IP. It then could still be overwritten by a local configuration if an implementer chooses to do so. |
Well, please keep mind that VIS might be used from an external device, so
it might not be 127.0.0.1 in all cases
On Fri 14. Jul 2017 at 19:26 Rudolf J Streif ***@***.***> wrote:
If the owner of w3.org hopes, vis.w3.org can be resolved to 127.0.0.1 by a
global DNS. CAs are allowed to issue certificate for this domain name, so
we don't need self signed certificate. That is I asked an d an expert
answered at a breakout session in the last TPAC.
That could be the default solution to resolve the name to localhost IP. It
then could still be overwritten by a local configuration if an implementer
chooses to do so.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#223 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ADiF7c4BsqMu5uJb6OYKtO5iSXD4EEu4ks5sN6TWgaJpZM4OWqQN>
.
--
- Patrick (Mobile)
|
I think that the use case is out of scope for now. I guess the external
device is a normal Android phone and has only well-known CA certificates
inside. To obtain certificate that can be verfied by these CA, the domain
name must be resolved by global DNS. Resolved IP can be a private address
such as 192.168.1.2 but the actual value depends on local network
environment.
2017/07/15 午前5:59 "Patrick" <notifications@github.com>:
Well, please keep mind that VIS might be used from an external device, so
it might not be 127.0.0.1 in all cases
On Fri 14. Jul 2017 at 19:26 Rudolf J Streif ***@***.***> wrote:
If the owner of w3.org hopes, vis.w3.org can be resolved to 127.0.0.1 by a
global DNS. CAs are allowed to issue certificate for this domain name, so
we don't need self signed certificate. That is I asked an d an expert
answered at a breakout session in the last TPAC.
That could be the default solution to resolve the name to localhost IP. It
then could still be overwritten by a local configuration if an implementer
chooses to do so.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#223 (comment)>, or
mute
ADiF7c4BsqMu5uJb6OYKtO5iSXD4EEu4ks5sN6TWgaJpZM4OWqQN>
.
--
- Patrick (Mobile)
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#223 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AA-qrgbnAnpDMQPQJUUXydg50NTxkwEcks5sN9amgaJpZM4OWqQN>
.
|
There would be no case to resolve from TLD to IP locally without a DNS involvement from what I know, even though it could technically be operated in VIS. In case of resolving from TLD to 127.0.0.1 by a global DNS, it could not be a common approach especially from a standard point of view regardless of the certificate issue, even if it's technically available. I think the following precondition should be considered before our discussion:
I would suggest that the related research could be found to review these issues (other groups in W3C/IETF, OEMs and Tier 1s' approach). |
What we are discussing is an issue of local https server and as far as I
know, there are no perfect solution.
I'd like to share my investigation in the last TPAC again:
https://www.w3.org/wiki/images/4/43/Http-migration-in-local-network.pdf
I don't think we should treat this issue in Automotive WG because it
requires to be solved in more general level.
As for the spec we would have two options: (1)to remove "wwwivi" or (2)to
make "https" optional.
Because http connections will cause mixed content issues, I would suggest
(1).
2017/07/17 午前10:50 "hyojin" <notifications@github.com>:
There would be no case to resolve from TLD to IP locally without a DNS
involvement from what I know, even though it could technically be operated
in VIS. In case of resolving from TLD to 127.0.0.1 by a global DNS, it
could not be a common approach especially from a standard point of view
regardless of the certificate issue, even if it's technically available.
I think the following precondition should be considered before our
discussion:
- The WS connection should be available, even offline (no support of DNS)
- External devices could be available to connect to VIS (If not, few
meaningful as a standard)
I would suggest that the related research could be found to review these
issues (other groups in W3C/IETF, OEMs and Tier 1s' approach).
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#223 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AA-qrivdiZjxvF_bVGJGxq4u02aDqKcyks5sOr3MgaJpZM4OWqQN>
.
|
In general, a particular vehicle instance will not be contactable until it first reaches out to a well known endpoint in the internet. This is because it will typically be assigned a new IP address either by the Mobile Network Operator (MNO) or via a local WiFi network when it first connects to these networks, and of course a vehicle could lose connectivity and be assigned a different IP address during a journey. In part for this reason, the model for the VISS WebSocket server is that is accessible from in-vehicle clients only, but of course, there is nothing to stop an in-vehicle agent or other in-vehicle software service acting as a bridge/proxy routing requests between the VISS server and any offboard entity (that by some means e.g. the agent reaching out to it, has the vehicle's current IP address). Reason for choosing wwwivi was that there could be other WebSocket servers implemented at other endpoints on the same vehicle, so we wanted a way of 'finding' the VISS WebSocket server. Agree with Rudi that we could have a different name e.g. w3civi and like Rudi, I would prefer not to go down the route of using a discovery service (unless we have to ) or reducing level of standardisation by making name optional. |
So, have we reached consenus on this one ? Continue with wwwivi or change to W3civi ? |
In a couple of WG calls, this issue was briefly discussed but it was difficult to reach consensus. I totally agree to stay it away from both adding discovery phase and specifying out of scope. The remaining concern is
The I listed several candidates to indicate the VISS WebSocket server with
Who is the handsome address? It seems absolutely difficult to reach the decision(voting!), so I mentioned naming issue would be less important in the description of this thread. But we should prepare the reasonable evidences for VISS to CR against expected objections as we've already gotten before. The approach of hijacking a TLD might not be very elegant as @rstreif mentioned. I would suggest that we can consider using p.s. In the chapter 7 in VISS spec, |
What we should not do is to have a name that in any way indicates where the server should actually be implemented. .To me .local does imply that the server resides on the IHU or at least locally in the Vehicle Network, and how weird it still may seem that it is not , it could in theory be implemented elsewhere. |
@peterMelco As far as I know, vehicle WebSocket server should be on the IHU or internal somewhere in vehicle so that we can safely protect secure information provided by IVI(In-Vehicle Infotainment) system. As @drkevg mentioned above, some bypass methods like both in-vehicle agent and a bridge/proxy routing could be available to connect the vehicle WebSocket server from offboard entity, but I'm not sure why we should consider to put the server out of a vehicle.
|
@anawhj Firstyly, I think it is a misunderstanding that this specification only targets infotaiment. It is a specification that standardise how to expose car signals. In my world IVI is one of many possible use cases. I do agree that for the traditional IVI system your argument makes sense for what our idea of an IVI system looks like today. However, I do believe that we not should make such assumptions when we don't need to. |
So, then I guess that I really don't like IVI either since :). So questions:
|
@peterMelco It seems to have a discussion in public-automotive. |
Believe that we need to keep sub-protocol (as this is associated with a specific VSS version), but re. hostname 'wwwivi', could the best solution be to simply state that this will be defined by the implementer? [Adam & Kev] |
In response to action on WG call on 19th to add example scenario where vehicle network could need to support more than one VIS Server. Scenario: More than one product team decides to implement VIS Server This scenario is somewhat artificial, but the main point is that believe we need to enable a client to connect to a VIS Server where there is potentially more than one available on the vehicle sub-net. |
The TAG was asked to take up this issue by Ted Guild and we had a lively discussion about it at our Nice F2F. We're encouraged by the possibility of using web technologies in automotive environments to make vehicles part of the open web in an appropriately secure way, and our feedback can be summarised as:
We also discussed the choice of websockets for the protocol and would like to understand more about the choices in the design of the protocol for the APIs. An explainer would be useful. |
The feedback from TAG makes me clear with the great explanations. I have totally been thinking the same as the above points. Honestly, TV industry used to have the similar experience in trying to make unified APIs incl. connectivity with mobile for the compatibility. But it was very difficult to get the consensus among TV makers with web-based platforms. As the result, even now, web-based TV app developer should consider the specific guideline provided by each web platforms even though the app consists of HTML, CSS, and JavaScript, so that we couldn't catch the big advantage of the web. I really hope that W3C Automotive WG can make the meaningful standards for OEM vendors and (web) app developers. As I see, one of VISS's major roles is to provide a standardized way to connect to VSS server. For the standardized way, we can define both (1) the unified address that can be accessible to VSS server, and (2) the relevant JS API. I think the unified address would be useful for developers, but regarding the relevant JS API, it seems premature status as @triblondon mentioned. I'd like to put on two opinions while reminding the purpose of our works for vehicle standardization.
|
I would add a personal observation to those of the TAG: use HTTPS. Every time we thought that it was sufficient to control access to the network to provide security, we've been sorry.
That's not true. And please don't consider raw UDP. How about HTTP? |
I totally agree that we should consider using the HTTP(S)-based approach. In W3C Automotive BG, the approach has been considered in RSI TF, and you can see the initial draft as follows.
In I'm not telling the features for raw UDP in the web, because app developers shouldn't care the low-level network mechanism. What I want to say is that we need a new API, not using WebSocket() method if we'd like to use the In my opinion, there seems no great solution if we doesn't accept the // As-is (ivi.local can't be replaced with wwwivi)
var vehicle = new WebSocket("wss://wwwivi", "wvss1.0");
// To-be (fetch would be replaced with a new API)
let vehicle;
fetch("ivi.local").then(wsAddr => {
vehicle = new WebSocket(wsAddr, "wvss1.0");
} |
I don't understand the comment. |
Sorry for interrupting with a side topic but another TAG's comment is more
significant for me.
I don't understand why they don't agree with VIAS. Isn't it written in the
WG charter?
|
Can I clarify, is there a consensus emerging to specify (as the default) ivi.local instead of wwwivi but to specify that implementers could define in their documentation an alternative (to enable more than one VISS server to be on same network)? |
Hi. However, I think this 'certificate for localnetwork' issue is a not-yet-solved problem and also not automotive specific issue. |
Squatting on a hostname -- even if in |
We discussed yesterday during the WG call, no concensus was reached. Most agree discovery is the right thing but it introduces complexity for the developer and may open up security concerns. Development hassle can be addressed with common library so each app doesn't have to do its own discovery. In the simplest and most common case of one service per vehicle, doing rediscovery on each reboot of the car seems like a waste. One idea would be an app installer stores zeroconf results as static conf. Some wonder if a static default fallback would be acceptable. |
If you must have a static hostname, have you considered using one in w3.org or similar space? As long as you own the domain, it's not squatting. |
That has come up and is a consideration. |
We have been struggling for quite a few months to get agreement on how to resolve the hostname (wwwivi) issue (#223). Can I suggest that we resolve the impasse by saying that the implementer will document how the hostname is obtained, but a default for the VIS Server that is hosted on the IVI ECU. Hence, propose that we add statements like: /* Start of change */ The implementer of a VIS Server will document how an in-vehicle client can obtain the hostname that is needed to connect to that VIS Server instance. This could be using a Discovery Service (that is outside of the scope of this specification) or by configuration. By default, the VIS Server deployed on the In-Vehicle-Infotainment system will have the hostname 'ivi.w3.org.local' but the implementer may specify a different value'. We would then change our example statements to use 'ivi.w3.org.local' as hostname instead of wwwivi I'm not entirely sure that adding a '.local' extension to 'w3.org' doesn't violate other conventions, but logically it takes account of the feedback on the issue (of not cyber-squatting and making clear that its a local name) Believe that in practice an onboard client is likely to have a config file (or a Registry or similar) that can be used to define the runtime configuration, so if the default is not suitable it can be configured prior to deployment OR could make use of a Discovery Service if implementer has stated this will be available. I didn't want to tightly couple the spec. to a particular Discovery protocol or mechanism (as these could evolve over time and couldn't think of a better compromise or route out of this issue - hope the group agrees to the above, but if it doesn't get consensus, very happy to consider other alternatives... [Perhaps we can settle on this for now, and if there is strong views later about an alternative, we re-open the issue at that point] |
Agree
fre 20 okt. 2017 kl. 02:55 skrev drkevg <notifications@github.com>:
… We have been struggling for quite a few months to get agreement on how to
resolve the hostname (wwwivi) issue (#223
<#223>).
Can I suggest that we resolve the impasse by saying that the implementer
will document how the hostname is obtained, but a default for the VIS
Server that is hosted on the IVI ECU.
Hence, propose that we add statements like:
/* Start of change */
"A vehicle may have more than one VIS Server that can be accessed by a
client running on an ECU connected to the in-vehicle network.
The implementer of a VIS Server will document how an in-vehicle client can
obtain the hostname that is needed to connect to that VIS Server instance.
This could be using a Discovery Service (that is outside of the scope of
this specification) or by configuration.
By default, the VIS Server deployed on the In-Vehicle-Infotainment system
will have the hostname 'ivi.w3.org.local' but the implementer may specify a
different value'.
/* End of change */
We would then change our example statements to use 'ivi.w3.org.local' as
hostname instead of wwwivi
I'm not entirely sure that adding a '.local' extension to 'w3.org'
doesn't violate other conventions, but logically it takes account of the
feedback on the issue (of not cyber-squatting and making clear that its a
local name)
Believe that in practice an onboard client is likely to have a config file
(or a Registry or similar) that can be used to define the runtime
configuration, so if the default is not suitable it can be configured prior
to deployment OR could make use of a Discovery Service if implementer has
stated this will be available.
I didn't want to tightly couple the spec. to a particular Discovery
protocol or mechanism (as these could evolve over time and couldn't think
of a better compromise or route out of this issue - hope the group agrees
to the above, but if it doesn't get consensus, very happy to consider other
alternatives...
[Perhaps we can settle on this for now, and if there is strong views later
about an alternative, we re-open the issue at that point]
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#223 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AMBf_irgx51YsHKoPYFPPT_nzhqHdBjUks5suG4PgaJpZM4OWqQN>
.
|
I briefly followed the previous discussion in this thread and public-automotive mailing list. I'd like to summarize the current situation with my opinions so that it would be helpful for an agreement. Specifying a static hostname for connecting to VIS Server (e.g. wwwivi)The following statements would be important for making a decision (See Appendix G in RFC6762)
According to the guideline above, ".local" could be used for a discovery phase(multicast), but not for a static hostname(unicast), so the candidates for the static hostname is as follows (in order of a personal priority).
Discovery mechanism (e.g. mDNS) for searching the address of VIS ServerUsing ".local"-based address, we can discover VIS Server to be connected locally. Looking closer, "abc.local" is basically resolved to 224.0.0.251 with 5353 port number while "abc" is added in the UDP header. The term like "abc" seems difficult to be standardized in consideration of the internal procedure while I couldn't find any relevant cases using the standardized term for ".local" yet. Any DNS query for a name ending with ".local." MUST be sent to the mDNS IPv4 link-local multicast address 224.0.0.251 (page 5 in RFC6762) In addition, the common discovery methods based on UDP couldn't likely guarantee the reliability between heterogeneous devices. As an exceptional case, Apple provides Bonjour service internally using mDNS for their products with an acceptable reliability, but in general, it would be difficult to assure the compatibility for the discovery between devices made by several manufacturer. For an instance, in home network scenario, there have been several multi-screen use cases with TV and mobile using the local discovery phase, but most of them wouldn't be successful so far. I experienced DLNA, Smart TV Alliance, etc. more than a decade ago, but there were several problems such as difficult to use, unreliable connectivity, inconsistent compatibility. In this background, I would suggest that the discovery-based approach put out of scope in VISS spec. Meanwhile, in Open Screen Protocol, there has been some discussion how the Web can support the discovery functionality. We could align the discussion with VISS, but it would spend a considerable time to make progress. (put it on the future work) Multiple VIS Server in the same vehicleWe could consider several options as follows:
In my opinion, I'm not sure app developer should specify the location of VISS. If there are several options for the VIS Servers, the selection UI could be provided in the system(eg. browser), not app developers. It seems to depend on the environments (in-vehicle app, portable device app), but I don't know the exact situation since I'm not familiar with the whole automotive system. Certificate for a secure connection in a local networkIt is not a problem only for automotive, but for several industries (e.g. WoT). In VISS, this issue could be specified as a note to be solved in other space of W3C. I hope the following CG would provide a great way to handle this issue (HTTPS in local Network CG: https://www.w3.org/community/httpslocal). === |
: @anawhj It is not a problem only for automotive, but for several industries (e.g. WoT). I agree. The UC-4 of the HTTPS in Local Network CG is similar to the use case about a car dashboard monitor. Also, the VIS server could be on local network in a vehicle as the other use cases of the CG. I think the solution should be a common to the Open Web. UC-04: Embedded system monitoring and controlling for display-capable devices |
As many contributors on this thread have pointed out , the problem of finding or discovering service endpoint is a general problem and not one that is particular to VISS. The same problem affects WoT, TV etc Also, the problem is of course logically recursive, in the sense that you need to define (one or more) standard mechanism(s) to reach something that is then capable of resolving the question 'how do I connect to X' I would suggest that the VISS should not try to solve this problem, and that for the VISS we simply specify: 'The implementer of a particular VIS Server instance will define how to connect to that VIS Server.' At a later point, the VISS can potentially be updated to reference an agreed approach for resolving how to connect to a particular instance, ideally referencing the same W3C approach that WoT, TV etc uses. [Agree that it is not ideal, but the HTTP protocol effectively takes this approach. The W3C didn't previously try to define in the HTTP spec. how to find every Web Server / Web Application instance that could be connected to...] |
I agree with you Kevin. It would be nice if we the names could have reflected the ECU they were running on, but that will nit even work for one single OEM since the naming convention is constantly changing.
Br
Peter W
… On 7 Nov 2017, at 03:04, drkevg ***@***.***> wrote:
As many contributors on this thread have pointed out , the problem of finding or discovering service endpoint is a general problem and not one that is particular to VISS. The same problem affects WoT, TV etc
Also, the problem is of course logically recursive, in the sense that you need to define (one or more) standard mechanism(s) to reach something that is then capable of resolving the question 'how do I connect to X'
I would suggest that the VISS should not try to solve this problem, and that for the VISS we simply specify:
'The implementer of a particular VIS Server instance will define how to connect to that VIS Server.'
At a later point, the VISS can potentially be updated to reference an agreed approach for resolving how to connect to a particular instance, ideally referencing the same W3C approach that WoT, TV etc uses.
[Agree that it is not ideal, but the HTTP protocol effectively takes this approach. The W3C didn't previously try to define in the HTTP spec. how to find every Web Server / Web Application instance that could be connected to...]
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#223 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AMBf_oOuaz_RutjfnIqt4gW9uYXdGJMdks5s0Dk2gaJpZM4OWqQN>.
|
We've investigated
Once someone put the updates in VISS spec (probably VIAS as well), the issue would be closed. |
Whats going on with this ? Who is up for specifying the guidline ? |
Added paragraph (based on wording provided by Ted) summarizing the discussion within the WG and after consultation with the Technical Architecture Group. Paragraph makes clear that determining the hostname will be implementation specific using either a discovery mechanism or by configuration and that the value 'wwwivi' should be treated as an example. |
As far as I know,
wwwivi
has been one of the major issues until even recently (e.g. Mozilla's objection). It allows clients such as web app, native app, and embedded(in IVI) app to connect to the WebSocket server in IVI system to get/set/sub a data. I have a few concerns about it, so put some opinions and suggestions as follows:1. Problems
wwwivi
is a hostname likelocalhost
that can be mapped to '127.0.0.1', sowwwivi
could be mapped to some IP and port to locally access the WebSocket server in IVI system. '192.168.0.0/16' is commonly used as the local gateway(router) address. In case of IVI system, the address could be mapped towwwivi
with 443 port depending on the IVI system local network policy. For the purpose,wwwivi
can be used to connect to IVI system locally so that we could make some great demo using the keyword. But the problem is howwwwivi
keyword can be looked upon with favor from other standards(IETF, GENIVI), car venders, and any other related field experts. In the traditional network theory, a fair number of people are most likely unfavorable stance about awwwivi
usage as a new GTLD due to several reasons (mozilla's comment). In addition to the issue above, there would be more concerns about a self signed SSL certificate, related security issues. While our specifications proceed to be formal recommendation, we should receive reviews from external stakeholders. So we should carefully handle major issues includingwwwivi
that is referred in VISS/VIAS.2. Alternatives
I can come up with the following a couple of alternatives to mitigate the problem. If any reasonable candidate, we can develop the details.
add a discovery phase
To use
wwwivi
, the application should run on same local network with IVI system. IEEE 802.11(Wi-Fi) would be one of the candidates to put on the local network with IVI system. In the same local network, we can use a discover protocols like SSDP, mDNS, so we can add this phase before a connection to IVI system. In W3C Second Screen CG, Open Screen Protocol has been developed since early of this year. It allows user agent to send and receive a discovery packets to connect between devices. We can join the activity or refer the technical approach of the group.put it on 'out of scope'
We can put
wwwivi
on 'out of scope'. It meanswwwivi
could be referred as optional, not required in the specification. In this case, there would be no oppositions though our specifications as standards would have less meaningful,3. Naming
If we would like to stick to
wwwivi
for the time being, I think the terminology would be changed. The reason, it could be used in native app, embedded(in IVI) app using WS protocol, so the 'world wide web' doesn't fit for the purpose. Web Sockets have been embedded in all browsers, but it would be difficult to see as using only for the Web. I came up with some other alternatives as follows, but it would be less important than above issues.The text was updated successfully, but these errors were encountered: