[Openid-specs-ab] FYI: W3C and Automotive Industry Start New Web Standards Work for Connected Cars

Nat Sakimura sakimura at gmail.com
Wed Feb 4 02:31:34 UTC 2015


A few days ago, BMW ConnectedDrive feature revealed a security hole that
doors of the cards with the feature can be opened by a smartphone. Not sure
what they were doing, but from the press, I read that they fixed it by
using HTTPS, so it sounds like they were sending a bearer token in the
clear.

People like us, who is in the wild wild west of the internet knows quite
well that's something you do not want to do, but it seems it is not quite
well known outside. So, W3C starting work on the subject is very welcome.

At the same time, we may want to liaise with them about what we do so that
we can feed OpenID Connect etc. to them. Anyone interested in doing it?

-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150204/38493ee6/attachment.html>


More information about the Openid-specs-ab mailing list