J2945/5_202002 Service Specific Permissions and Security Guidelines for Connected Vehicle Applications

The Technical Committees under the SAE Vehicle to Everything (V2X) Steering Committee are developing a series of standards that specify a set of applications that use message sets from the SAE J2735 data dictionary. The communications for these applications are secured using digital signatures and IEEE 1609.2 digital certificates, which indicate the permissions of the senders using Provider Service Identifiers (PSID) and (optionally) Service Specific Permissions (SSPs). The PSID in a certificate governs the certificate holder’s permissions to engage in any communications activities associated with that application; the SSP allows more specific statements of the holder’s permissions within the universe of that application. For any given application based on SAE J2735, a complete application specification will include a specification of how the contents of the PSID and (if present) SSP fields in a given certificate correspond to the application activities that certificate holder is entitled to carry out. This document establishes principles that can be used by future application specifiers to (1) specify the syntax of SSPs, and (2) determine which fields and activities should be subject to SSP constraints. It also addresses the development of SSPs for scenarios not addressed in the original application specification; for example, arising from regional extensions, changes in application functionality, or future expansions of the base SAE J2735 standard.