• No results found

Minutes 4 th Meeting of the IHO Data Protection Scheme Working Group. 1 Feedback from IHO CHRIS 16 and future work in DPSWG

N/A
N/A
Protected

Academic year: 2021

Share "Minutes 4 th Meeting of the IHO Data Protection Scheme Working Group. 1 Feedback from IHO CHRIS 16 and future work in DPSWG"

Copied!
11
0
0

Loading.... (view fulltext now)

Full text

(1)

Minutes 4

th

Meeting of the

IHO Data Protection Scheme Working Group

Attendance: Michel Huet (MH), Tony Pharaoh (TP), Ken Barbor (KB) – IHB

Gert Büttgenbach (GB) – SevenCs

Bernhard Nöggerath (BN) – SAM Electronics

Andrey Vorobiev (AV), Konstantin Ivanov (KI) - Transas Jonathan Pritchard (JP), Chris Smith (CS) - UKHO Robert Sandvik (RS) – Primar Stavanger

Date: 22-23 June 2004 Place: IHB, Monaco

The main objectives of the meeting were to:

• Review feedback received by users of the S-63 standard and supporting documents

• Review feedback from OEMs on Guidance Notes questionnaire and agree proper follow up actions

The draft agenda was accepted and a copy is attached in annex 1.

A review and status of the actions from previous DPSWG meetings are attached in annex 2.

1 Feedback from IHO CHRIS 16 and future work in

DPSWG

The conclusions from CHRIS16 meeting 27-31 May 2004 related to the work of DPSWG were summarised as:

• Development of a S-63 e2 is deferred pending further experience and feedback with S-63, and a clear requirement for change is demonstrated. S-63 e1 is frozen. • A question raised by industry at the meeting about what impact the next version of

the ENC Product Specification or S-57 e4 will have on S-63

• DPSWG to prepare a new work plan and revised Terms of Reference to reflect the directions provided by CHRIS on future work

A discussion on possible impacts of a new edition of S-57 concluded that S-63 will only be affected if there are changes in the encapsulation or file structures.

A4.1 TP monitors the development in TSMAD of the new ENC Product

Specification and S-57e4.0 and informs the DPSWG if there will be changes in the encapsulation or file structures because it might impact the S-63 standard. Also specifically review the future use of DSID-ISDT and CATD-COMT fields which are currently referenced in the S-63 documentation.

(2)

DPSWG Work Plan

Consensus among the DPSWG members and with the new directions by CHRIS that we are entering a phase where we actively encourage full implementation of the S-63 standard and monitor its progress.

A review of possible new work items:

• Active encouragement of the industry for an immediate and full implementation of the S-63 standard

o Use the OEM questionnaire to monitor status and progress of implementation

o Encourage the reporting of S-63 issues for the immediate resolution and guidance to the industry

• Explore possibilities for the development of a software library with source code with proper implementation of certificate and authentication management • Interface with TSMAD to early assess if the development of a new ENC Product

Specification will have an impact on the S-63 standard

• Interface with other organisations and working groups who are working with the S-63 standard to provide support and ensure a correct implementation of the standard

A4.2 RS to prepare a new version of the DPSWG work plan based on feedback provided at the meeting and circulate it for review and approval by DPSWG before submission to CHRIS June 2005.

DPSWG Terms of Reference

A4.3 RS to prepare a new version of the DPSWG Terms of Reference early 2005 based on the work plan and current market status, and circulate it for review and approval by DPSWG before submission to CHRIS June 2005.

2 Status and Feedback S-63 Documentation

DPSWG reviewed feedback on the various S-63 documentation and other sources used to inform about the S-63 standard. The following conclusions and actions were agreed based on feedback from the industry representatives.

Test Data Implementation Guide

A4.4 RS coordinates the preparation of an updated version of the Test Data Implementation Guide with the following corrections and amendments: • CS to prepare a preamble for the tests defined in section 7

• CS/JP to correct the encrypted updates 2, 3, and 4 in keyset 1 in test 7.1 • CS/JP to correct the permit files issued for keyset 1 in test 7.1

• RS to include PRODUCTS.TXT and SERIAL.ENC files for the new test 7.2

• RS to review the description for test 7.2 and harmonise the wording with S-63 chapter 9.2.2

(3)

• RS to review the wording for test 4.2

A4.5 RS distributes the new version of the Test Data Implementation Guide to the DPSWG OEM representatives by 30.06. The DPSWG members will have 2 weeks for quality checking the amended testdata and description. TP to publish the approved version of the S-63 testdata (Appendix 1) on the IHO website and a notice in the S-63 discussion forum about its availability. IHO WEB Pages

A4.6 IHB to amend their S-63 web pages to improve how information is presented to its readers by:

• Grouping the OEM Agreement/OEM Request Form and the Data Server Agreement/Data Server Request Form

• Include a link to enable the download of the S-63 Guidance Notes by OEMs

• Include a listing of the OEMs and Data Servers who have signed up with the IHB and are participating in the S-63 protection scheme. Include the 2 character Data Server code used to identify the organisation (see chapter 3 of the minutes). Must NOT publish the M_ID and M_KEY codes.

Open ECDIS Forum (OEF)

The S-63 discussion forum has been used by the industry to raise support questions and the members of the DPSWG have provided replies. DPSWG considered the discussion forum to be a valuable and effective mechanism to provide S-63 support and provide information to the OEMs.

All new OEMs signing the OEM Agreement shall automatically become a member of the S-63 discussion forum on the OEF.

DPSWG also considered the DPSWG discussion forum on the OEF to be an appropriate mechanism for communication within the working group.

GB informed they are testing a new upgrade of the Open ECDIS Forum software that can resolve some of the shortcomings discussed, e.g. archives, replies. He hopes to be able to set the new server software in operation in the near future even without any funding!

Guidance Notes

A4.7 CS/JP coordinate the preparation of an updated version of the Guidance Notes with the following corrections and amendments:

• CS to review with the OEMs in DPSWG the recommended action in chapter 4.6 for OEMs not to use the PRODUCTS.TXT file since this can cause problems during cancel cell operations

• CS to include flow chart prepared by GB and reviewed by DPSWG at the meeting on how to handle Cell Permits from multiple sources (ref A4.10)

(4)

• CS to include proposal from S63x to specify origins of the Cell Permit with guidance to compare it with the origin filed in SERIAL.ENC

3 Review

Feedback

from

OEM on Questionnaire

Even with a reminder from IHB, only 3 OEMs had answered the questionnaire. The replies had been made anonymous and were handed out at the meeting. The following conclusions were supported after a review of the responses:

• The proposed roadmap to introduce full compliance with S-63 was supported by the OEMs

• Incomplete functionality for the management of the SA certificate

• Incomplete authentication of the Data Server Certificate in the ENC signature files • Requirement for Data Servers to include the PRODUCTS.TXT and SERIAL.ENC

files in their ENC service

• Cell Permit handling is understood and basically implemented, but some amendments are required to manage multiple or merged permits from Data Servers

• Long transition period will be required to set S-63 in full operation

DPSWG must monitor the progress among the OEMs to develop full compliance with S-63 and strongly encourage the industry to implement required changes. DPSWG members are also encouraged to promote the use of the S-63 standard whenever possible.

AV said the industry is responsible and will implement the changes, but the end-users are slow in requiring updated systems and are not willing to carry the upgrade costs. It requires the OEMs to support old versions of their systems for a long time.

It was expected that a requirement from type approval authorities could enforce the OEM industry to develop support for S-63 more quickly. GB also suggested that if type approval authorities waived the requirement to test ENC decryption and import, it would enable the OEMs to implement necessary changes without re-applying for ECDIS type approval.

A4.8 Chairman drafts a letter for IHB which can be sent to the convenor of IEC to inform about the availability of the S-63 standard and that a majority of the commercial ENC services are protected using the S-63 standard. Request IEC to assess if this can impact IEC TC80/WG7 and their review of IEC 61174. Also inform IMO about the possibility to include a reference to the delivery of protected ENC services compliant with S-63 in the future amendment of the IMO ECDIS Performance Standard.

There was a suggestion to develop a small SW kernel endorsed by DPSWG which can perform a recommended authentication of Data Server certificates and ENC

signatures, which is a common task among all OEM applications and is also considered to be non-competitive. Permit management is considered to be a competitive issue among the OEMs and will not be included in a software kernel.

(5)

A4.9 JP will request feedback from OEMs in the S-63 discussion forum if they believe the development of a software kernel for authentication is of value to them. Also ask if any of the OEMs can make such a kernel available for distribution with S-63, timeframe and identify any commercial conditions. Kernel must be made available with source code in C++ and for the Microsoft Windows environment.

Reported problems with handling multiple Cell Permits

BN and GB reported two problems they had experienced with their systems or ENC service where they requested guidance from DPSWG:

1. Two IC-ENC VARS have issued Cell Permits for the same ENC cell to be

installed in an OEM application. There were problems with overwriting the permit files or using the incorrect permit file to decrypt the ENC.

2. An IC-ENC VAR has issued a Cell Permit for an ENC in his service. Vessel receives a CD from a different VAR and OEM application reports error messages since it is unable to decrypt the same ENC on the other CD.

Market situation requires an OEM to handle multiple types of permits from multiple suppliers for a single ENC cell. It requires the OEMs to store the origins of the Cell Permits and compare it with the Data Server code provided in the SERIAL.ENC file on the ENC media.

The IHB is requested to issue a 2 character code to identify all Data Servers. An HO will use its Producing Agency code defined in S-57. If the Data Server is a producer registered with Open ECDIS Forum, it should use the code registered with OEF. If the Data Server is a private company not registered with OEF, IHB should issue a 2 digit code for the Data Server.

A4.10 IHB issues and distributes a 2 digit code to all Data Servers registered with the scheme when the next version of the Guidance Notes are available and make reference to how it should be used.

GB prepared a flowchart, which was reviewed by DPSWG. It will be included in the Guidance Notes together with the proposal by S63x to include an identifier in the Cell Permit. It recommends the OEM application to verify that the Data Server code for the Cell Permit is identical to the Data Server code included in the SERIAL.ENC on the ENC media before the ENC is decrypted.

4 Review of S-63 OEM Agreement

DPSWG members agree that an OEM Agreement is required, but industry

representatives want the wording to reflect that implementation and operation of S-63 must be in a partnership between IHO and OEMs.

The current agreement is based on the former Primar agreement, and was reviewed by the DPSWG and IHB Directing Committee before publication.

(6)

• Ch 2.1: Amend wording to reflect that the OEMs applications will be compatible with the S-63 standard and the Guidance Notes which defines interim measures which must be followed to ensure a successful transition to S-63.

• Ch 2.3/5.3/8: Question whether IHO shall have a requirement to audit an OEM implementation as described in 2.3. Agreed to remove wording in 2.3, keep 5.3 and amend wording for the process to be defined in 8 to reflect the OEM can provide documentary proof of compliance or agree with IHB to perform an audit in cases where there is a suspicion of breach of confidentiality.

• Ch 2.7 and Definitions: Must make a distinction between an end-user on a vessel and an OEM serviceman which is also a user requiring detailed knowledge about the system to perform his duties.

• Ch 2.8: Amend wording to clarify it only applies to ENCs made available to the user in a protected form. Condition does not apply to ENC data provided unprotected or an end-users own electronic chart data.

• Ch 2.15-2.17: Question whether text was applicable considering the new wording in S-63 and the Guidance Notes. Agreed to keep the wording to prevent and stop the setting-up of an operation of other data protection schemes not endorsed by IHO.

• Ch 2.20: Wording is accepted, but we should be aware that operating systems have functionality that can enable the copying of the temporary unprotected ENCs.

• Ch 2.21: Intention of wording is not to store e.g. the encrypted Cell Keys or Expiration Date contained in a Cell Permit in a user readable form, or enable a user to manipulate this information to break his ENC license conditions. • Ch 3.3: The OEM Hardware ID and customer information in chapter 2.8 is

commercially sensitive and confidential information. Add a new chapter 3.3 to enforce a duty on the IHO to manage confidentially of any information received by the OEM which are properly marked “Confidential”.

• Ch 6.1: Amend the wording to reflect that IHO will not claim royalty payments from OEMs who have signed the OEM agreement for the use of the S-63 or participation in the S-63 security scheme.

• Ch 7 and Definitions: Agreed to change the agreement to make it more specific which information is confidential. IHB will mark the M_ID/M_KEY spreadsheet “CONFIDENTIAL” the next time it is distributed to Data Servers. The S-63 standard must never be marked Confidential.

• Ch 8: Agreed to make the termination clauses symmetric/unilateral between IHO and the OEMs to maintain also their interests. Wording shall reflect that

termination is possible for breach of confidentiality if it is not rectified by the OEM.

• Ch 8.2: The intention is understood, but the process should be more clearly defined. One month for rectification is not considered enough. Agreed to have a 2 or 3 stage process where IHB can issue a warning, OEM to respond and rectify within a time period. Arbitration shall also be considered.

• Ch 9.1: Try to make the wording symmetric regarding which laws shall be used for the interpretation of the agreement depending upon whether IHO or the OEM opens a legal case.

IHB confirmed that the preparation and issue of a new OEM Agreement was a

(7)

a choice of signing the new version. Do not expect any problems since the new OEM Agreement will be less restrictive.

Based on the discussions, the following actions were agreed:

A4.11 It was agreed to apply the following procedure to prepare a new version of the OEM Agreement:

1. GB drafts a new version with his proposed changes to the OEM Agreement and forwards it to CS.

2. CS amends his changes to the OEM Agreement and circulates it for review among the DPSWG members.

3. An agreed version of the OEM Agreement is forwarded for approval by the IHB Directing Committee

4. The approved OEM Agreement is published by IHB on the IHO website and a note about the availability of a new OEM Agreement is also published on the S-63 discussion forum.

A4.12 CS to review the Data Server Agreement and ensure commonality in wording where applicable between the Data Server and OEM agreements. The review, approval and distribution process is as defined for the OEM Agreement in A4.11.

A4.13 IHB to mark the M_ID/M_KEY spreadsheet “Confidential” next time it is distributed to Data Servers.

5 Work in S63x and Possible Impact on DPSWG

GB informed about the S63x and their work:

• Membership comprises Data Servers/IC-ENC VARs and OEMs, many of which are also participating in relevant IHO working groups and activities. They want a discussion forum for the members with a commercial mindset free of all the political IHO or HO issues.

• They recognise that a base standard like S-63 cannot quickly adapt to rapid changes or emerging market requirements.

• S-63 and S-57 shall define the core mechanisms for defining and protecting ENCs, while S63x defines additional information which will be required to provide and deliver effective distribution services to end-users; e.g. ECDIS passport, types of units, archives etc.

• S63x will not make changes to S-63 or S-57, but define fields and files on top of the IHO standards for additional service information and try to standardise it among the Data Servers/VARs and OEMs

• Want to use S63x as a branding name which will also support the uptake and proper implementation of S-63

• S63x is also a forum for exchanging operational experiences and making pragmatic interpretations of relevant standard issues. Also acts as a test

environment for new proposals where applicable feedback will be forwarded to IHO.

• S63x will when required forward proposals for change to IHO standards to the applicable working groups

(8)

• Members are currently working on the first version of the S63x standard and have agreed an implementation period of 12 months

• There is no formal relationship defined or required between IHB/DPSWG and S63x. IHB requested that S63x amends their introductory web page to inform that IHO is not responsible for the extensions or implementations defined in S63x • IHB has invited the S63x members to arrange their next meeting in Monaco late

October 2004

• Information about their work is available on www.s63x.org

A4.14 GB to liase with S63x to amend the wording on the S63x introductory web page about the relationship between IHO and S63x.

A4.15 IHB to include a link to S63x on the IHO web pages.

6 Any other Business

The working group agreed that there was no need to agree a specific date for a new meeting, but it could be called if important issues were raised. Tentatively agreed that a new meeting could be held in Monaco end of May 2005. More information to follow next year.

Stavanger 30.06.04 Robert Sandvik

(9)

Agenda

4

th

meeting of IHO DPSWG

22-23 June 2004 IHB, Monaco

1. Feedback from IHO CHRIS 16 on the work of DPSWG

• Prepare an amended work plan • Agree amended Terms of Reference

Sandvik/Huet

2. Status and feedback from maritime community on S-63 documentation

Sandvik/IHB 3. Review of feedback from OEMs on

questionnaire enclosed with the published Guidance Notes, and identify follow up and support activities

All

4. Review of S-63 OEM Agreement Buttgenbach

5. Work in S-63x and assessment of possible impact on the work of DPSWG

Pharaoh/ Buttgenbach 6. AOB

The meeting will commence 09:00.

(10)

List of Outstanding Actions from Previous DPSWG Meetings A3.1 IHB will remove the “draft” status on the “Test Data Implementation”

document and publish it on the IHO web site.

Completed in the revised version discussed during the meeting.

A3.2 ECC and IHB will write a common letter to all OEMs to inform about the transition of the SA role from ECC to IHB. The OEMs are also requested to sign an agreement with ECC to terminate the Primar Confidentiality

Agreement and sign the new IHO OEM Agreement for the continued use of the M_ID/M_KEY. Must make sure the wording is structured so that they can not sign the termination agreement without entering into the new IHO OEM agreement. UKHO will assist IHB in drafting the letter. Distribution will be by IHB in their capacity as SA.

IHB sent OEM Agreement and a reminder to OEMs, but only received signed agreement from 4 manufacturers. The Electronic Chart Centre (ECC) to send termination letter for the old Primar Confidentiality Agreement to OEMs who have signed the new OEM Agreement with IHB.

A3.3 IHB is requested to include a reference to S-63 in their list of available publications on their web-pages.

Completed.

A3.4 IHB to publish the S-63 FAQ (Frequently Asked Questions) prepared during the meeting on their web-pages.

Completed.

A3.5 UKHO to complete and publish first draft of roadmap, guidelines and questionnaire to OEMs. DPSWG to review and agree information before publication on the IHO web pages and the S-63 discussion group on the Open ECDIS Forum. IHO SA to publish questionnaire to OEMs and collect replies before the next DPSWG meeting.

Completed.

A3.6 Primar Stavanger to prepare a S-63 testdata set containing one bundled exchange set with ENCs from two Data Servers.

Reviewed during the meeting and will be included in the next version of the S-63 Appendix 1 scheduled for release during the summer.

A3.7 GB coordinates the establishment of the DPSWG and S-63 discussion groups on OEF and provides any applicable support information if required. The Chairman writes an intro/welcome for the DPSWG and the UKHO for the S-63 discussion groups.

Completed.

A3.8 Chairman invites technical representatives from Furuno, Maris, Transas, SAM Electronics and Sperry to DPSWG (selected because of their number of S-63 compliant systems installed on vessels). Ensures upon confirmation that they will also have access to the DPSWG discussion group.

(11)

Completed – only Transas and SAM Electronics have responded and they

accepted the invitation. Send a copy of the minutes of the 4th meeting and a

reminder to participate in DPSWG.

A3.9 Chairman writes a letter to the Chairman of IHO CHRIS before their next meeting with a proposal to remove paragraph 4 (e) from the DPSWG TOR.

Action replaced with new action to prepare new Terms of Reference for the DPSWG.

References

Related documents

UPnP Control Point (DLNA) Device Discovery HTTP Server (DLNA, Chormecast, AirPlay Photo/Video) RTSP Server (AirPlay Audio) Streaming Server.. Figure 11: Simplified

reconciled. The Committee considered the recommendation relating to control of panel papers to be particularly important. While the difficulty of implementing such a control was

If the roll is equal to or higher then the model's shooting skill then it hits and wounds as described in close combat.. If the roll was lower then the model's shooting skill then

Hotelling yang ditampilkan pada Gambar 4. diketahui bahwa proses produksi transformator hermetically sealed 100 kVA belum terkendali secara statistik dalam mean

were considered to a greater extent than social implications. This is evident in participants’ first thoughts regarding joint and several liability, where all

Smith added he planned to discuss the timeframe with Tom Sinclair (Program Contractor for the peer review process) to ensure a reasonable schedule is developed for this

Even in ordinary classes, connecting with universities, music schools and art schools allows students to enjoy high levels of specialised learning at primary and secondary

Hypothesis: After controlling for differences in average labor income tax rates between the highest hours worked countries and the lowest hours worked countries, there is a