ISO 20078-1:2021

INTERNATIONAL ISO
STANDARD 20078-1
Second edition
2021-11
Road vehicles — Extended vehicle
(ExVe) web services —
Part 1:
Content and definitions
Véhicules routiers — Web services du véhicule étendu (ExVe) —
Partie 1: Contenu et définitions
Reference number
© ISO 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
3.1 Roles and entities . 1
3.2 Technical concepts and terms . 3
3.3 Identifiers . 5
3.4 Credentials . 6
4 Abbreviated terms . 6
5 Convention . 7
6 Relationship of defined entities . .8
6.1 Overview of entities . 8
6.2 Roles and relationships of entities . 9
7 Identifiers . 9
7.1 General . 9
7.2 Direct identifiers . 9
7.3 Correlation identifiers . 9
8 Resource categories .10
8.1 General . 10
8.2 Anonymous resources . 10
8.3 Pseudonymized resources . 10
8.4 Technical (vehicle) resources . 11
8.5 Personal resources . 11
9 Resources .12
9.1 Superset of resources . 12
9.2 Resource groups . 12
9.3 Resource .12
9.4 Containers . 13
9.4.1 Container . 13
9.4.2 Management of containers . 14
10 Representation .15
10.1 General . 15
10.2 JavaScript Object Notation . 16
10.3 Extensible Mark-up Language . 16
Annex A (informative) Roles and responsibilities covered by the ISO 20078 series .17
Bibliography .19
iii
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 22, Road vehicles, Subcommittee SC 31,
Data communication.
This second edition cancels and replaces the first edition (ISO 20078-1:2019), which has been technically
revised.
The main changes are as follows:
— revised Clause 3 "Terms and definitions";
— removed the subclause “Key Value List” including related requirements, as it was not used in the
ISO 20078 series;
— added new definitions for request/reply (3.2.10), push (3.2.12) and subscription profile (3.2.13);
— revised the subclause 9.4 "Containers".
A list of all parts in the ISO 20078 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
iv
Introduction
This document was developed to address the needs of different parties to access data, aggregated
information and functionalities (resources) from connected vehicles in a standardized, safe and secure
way. A framework is defined for interoperable web services used by several parties via the internet
by adapting current and widely used IT approaches based on OAuth 2.0 and OpenID Connect 1.0 (see
ISO 20078-3).
As personal data protection rights are becoming stronger in several countries, this document also
defines and recommends common methods to handle data protection and data privacy issues when
accessing personalized vehicle data, information or functionalities via web services.
The ISO 20078 series is supported by the fact that vehicle manufacturers (VM) include telematics
support for their vehicles, making vehicle data, information and functionalities available at their VM
backend system. Thus, instead of installing additional third-party telematics equipment in the vehicle
to achieve intended service goals, the already existing infrastructure can be (re)used via interoperable
web services. Such web services allow a third party to (re)use the infrastructure in same manners as
the VM uses it.
NOTE Web service interfaces have been available and have been offered by VMs previous to this document
but lack of standardization over the VMs, especially on authentication and authorization, led to the fact that third
parties accommodate and design for several different VM implementations.
The ISO 20078 series is applicable for any application or service that intends to use web services.
The ISO 20078 series does not cover requirements for specific applications, resource definitions or
XML/JSON schemas. These are described in the specific application or use case; e.g. see ISO 20080
remote diagnostics support.
This document, ISO 20078-1, defines all entities and roles that are used over in the ISO 20078 series.
It standardizes how an offering party defines resources. Depending on resource category, the offering
party uses different kind of identifiers. Such resources can be exposed directly or through containers. It
also describes different ways of representing resources in web services, such as JSON and XML.
ISO 20078-2 defines the usage of a common communication protocol that enables access to resources
(URIs), thereby standardizing how an accessing party can access resources via web services of an
offering party, using Hypertext Transfer Protocol (HTTP) over Transport Layer Security (TLS); i.e.
HTTP secure (HTTPS). The Representational State Transfer (REST) is selected for using a common way
to represent data, aggregated information, and functions (resources).
ISO 20078-3 standardizes the security model of the web services, including different roles and entities
involved in an authorization policy. Three roles are defined: identity provider, authorization provider
and resource provider at the offering party. Additional roles are the accessing party and the resource
owner. The resource owner is in charge of its resources. The role model is defined as a reference
implementation of OAuth 2.0 and OpenID Connect 1.0 compatible frameworks.
ISO/TR 20078-4 summarizes this document, ISO 20078-2, and ISO 20078-3 by logical processes
[4]
for displaying the interaction of all defined roles a
...