Hello,
due to recent discussions, I have some comments.
First of all, as this is an IETF-WG, we seem to focus too much on UMTS and
other mobile (and already existing) technologies. Im my opinion, we should
discuss issues regarding any imaginable platform, because future systems will
bring much more sophisticated features regarding location support than
nowaday's. I think, considering only current technologies would restrict our minds
too much.
For that reason, I wonder if it would help to just assume one arbitrary
party having the users' location information. Whether this is the location
database of a UMTS provider, any other third party (e.g. a new Location Service), a
combination of those or something else is not very relevant in my opinion.
This entity maintains all the location information, arising about the users
(e.g. the location information from the mobile network operator, from the
users' GPS device, from any other locating infrastructure like Active Badges or
whatever is imaginable).
This entity would know very accurate location information about the users.
Because that information has to be prevented from being linked to the users'
identities (as I depicted in my mail from July, 12th), this Location Service
must be usable pseudonymously.
Everyone, needing location information has to query this Location Service
(except of course the mobile device using its own GPS information). Therefore,
the access rights (or the profiles) are needed just there. In my opinion,
this entity does not need to distinguish different applications querying
location information, because it just needs to offer a simple interface for
accessing location information (perhaps a query about an object's position and a
query about all objects in a given area). So the profile simply needs to contain
the permissions, querying subjects have regarding location information of a
target (like max. allowed accuracy, time, max. frequency of queries, location
dependent restrictions, ...). Of course, in the case a third party (e.g. a
tracking service) queries in behalf of another user, the permissions of this
user have to be relevant for accessing the location information.
So, what I would propose is, that we try to find privacy issues and
mechanisms / principles to deal with these issues, regardless of any possible (or
existing) implementation in order to find universal solutions being applicable
for whatever future will bring.
Is this the view you share?
Best regards
Christian Hauser
Institute of Communication Networks and Computer Engineering
University of Stuttgart, Pfaffenwaldring 47, 70569 Stuttgart, Germany
-- Sent through GMX FreeMail - http://www.gmx.netReceived on Fri Jul 20 10:34:51 2001
This archive was generated by hypermail 2.1.8 : Thu Jan 22 2004 - 12:32:22 EST