I am concerned at the strong language in the charter
about security concerns. In general, I have no quarrel
with normal "commercial" use of geolocation, and the
need to have stringent controls.
However, geolocation is a very vital piece of information
in an emergency; it is REQUIRED information (legally in some
cases). However, emergencies arise in circumstances where
authentication is not practical.
Consider walking up to a random sip phone (not yours), and making
a an emergency call (911/112/..). You may not be "logged in"
to that phone. In fact no one may be logged in.
Yet an emergency call must go through, and it must report
location. Furthermore, the device may be mobile, and roaming.
Emergencies on sip devices involve several entities - the
user agent in the phone, one of several proxy servers in the
path of signalling the call and the user agent in the
Public Service Access Point (PSAP). In some systems, the end
device knows it's location. In this case, I propose that no
authentication is needed when the device knows that it's an emergency and it
supplies the location with the call.
When the location is not known by the end device, either the
end device user agent, or the PSAP user agent may have to
ask for location. If the end device asks, we may have a
problem - it can't authenticate, and without authenticating
it is hard to know who is asking. If the PSAP asks, then
IT can authenticate, but in this case it is authenticating a
s a PSAP, and must be given location of a third party (the
one in distress). This is much different from the normal
authentication mechanisms you imagine, but can reasonably
be made secure.
In terms of requirements:
1. entities which have location information and place
emergency calls where location is required to be reported must
be able to send such location without requiring user
identity or any other form of authentication not provisionable
in the end device itself.
2. PSAPs must be able to request location of any device
placing an emergency call from any service that has such
location. The PSAP must authenticate itself as a PSAP.
3. End devices placing emergency calls must be able to request
its own location from any service that has such location without
requiring user identity of any other form of authentication
not provisionable in the end device itself.
4. Any privacy control mechanisms specified as required in
emergency calls must be able to be completed in an expeditious
manner, when conditions are far from ideal (consider disaster
situations, for example). Thus the choice of mechanisms and
algorithms must take into account impaired networks, etc.
Brian
Received on Fri Jul 13 14:36:58 2001
This archive was generated by hypermail 2.1.8 : Thu Jan 22 2004 - 12:32:22 EST