RE: Mobile Location Based Service user privacy (commercial issue)

There is no real privacy difference between push
and pull. It is also easy to convert pull to push,
but it's harder to go the reverse unless you always push
either on a schedule or when there is a sufficient
change in location.

My personal preference is a pull model with explicit
support for proxies. The proxy pulls the actual location;
other clients pull from the proxy. The proxy needs to
be trusted. I like this model because it has a small load
on the actual device; which often has constrained compute
power and bandwidth. The proxy can support push or pull.
I believe the work of this group should support both.
I don't think we are doing a protocol, so issues like
my proxy model are largely not in scope, but recognizing
that proxies will happen, and defining transitive trust
relationships that have to be in place may be needed.

It's also very easy to offload the authorization
process using a subscription model. If you WANT to
individually authorize geolocation, the model doesn't
matter; you have to do the authorization one at a time.
If you are willing to use a policy based authorization,
and you have a trusted third party, you could delegate all or
a portion of your authorization load to the proxy.
I think allowing subscriptions (persistent, but revocable
authorization prior to allowing access to geolocation) is
a requirement.

Please also remember that authorization is not necessarily
binary - you could easily imagine authorizing a specific
accuracy, depending on the requestor. Accuracy is
a required component of authorization, I think.

Combining these, you might allow any of your fellow employees
accuracy to within, say, a city, if you were not in the building,
but within a room if you were.

Brian

> -----Original Message-----
> From: Christian Hauser [mailto:lobase@gmx.net]
> Sent: Monday, July 23, 2001 9:35 AM
> To: john.loughney@nokia.com
> Cc: geopriv@mail.apps.ietf.org; geopriv@mail.apps.ietf.org
> Subject: RE: Mobile Location Based Service user privacy (commercial
> issue)
>
>
> Hello,
>
> I have some comments reflecting my personal opinion on that topic:
>
> > Exactly. Further more, if once the father the daughter's
> location, what
> > prevents him from sharing it with someone else?
> I think, there will never be any possibility to prevent this.
> Once, somebody
> does know an information, he will be able to share it with
> everybody (at
> least by other communication paths like personal speech).
>
> >
> > Replace daughter/father with employee/employer or customer/service
> > provider or even citizen/government & you will quickly realize that
> > this is one messy problem.
> >
> > I think PULL model will not & should not work here.
>
> In my opinion, a PUSH model will not be sufficient since every time,
> somebody wants to know your location, you must push your
> location to him (and click
> on your device; at least if you do not have stored a profile for the
> requestor).
>
> So I think, we should also consider a PULL model for being
> universal and
> considering all possibilities. Therefore, we should search
> for meanss to protect
> access to location information for that purpose.
>
> Best regards,
>
> Christian Hauser
>
> Institute of Communication Networks and Computer Engineering
> University of Stuttgart, Pfaffenwaldring 47, 70569 Stuttgart, Germany
>
> --
> Sent through GMX FreeMail - http://www.gmx.net
>
Received on Mon Jul 23 10:28:59 2001