RE: Requirements Document

Let's be practical:

There are services, and networks, where there will be no implied consent,
or lawful mandate requiring location to be revealed without explicit
action. In those services and networks, there needs to be appropriate
controls on the divulgence of location which may need a UI mechanism.

In some of the services, it may be that the user desires to give consent
IN ADVANCE. Thus it is not possible to have a mandatory TO USE mechanism
to supply such consent at the point when the location is to be divulged.
It could be possible to specify a mandatory-to-implement mechanism
for cases where consent is not given in advance.

There are cases where as condition of obtaining service, or by law,
location information must be divulged without explicit UI or other
consent. In those cases, it must be possible to use the geopriv
mechanism.

In all cases, we can reasonably expect to require authentication
that the entity that is the recipient of the location is the one
where consent has been provided (implicit or explicitly). It is
also possible to protect the information to guard against
eavesdropping.

Brian

> -----Original Message-----
> From: Randy Bush [mailto:randy@psg.com]
> Sent: Friday, August 17, 2001 1:40 PM
> To: John W Noerenberg II
> Cc: geopriv@mail.apps.ietf.org
> Subject: Re: Requirements Document
>
>
> > So part of the protocol exchange is a request from one endpoint to
> > the other for a location. The response I envision must allow for I
> > consent/I forbid/I don't care responses to the location request.
>
> i think that is the core of what this wg was charterd to do,
> requirements
> for privacy/security. to quote
>
> "The primary task of this working group will be to assess the the
> authorization, integrity and privacy requirements that
> must be met in
> order to transfer such information, or authorize the release or
> representation of such information through an agent."
>
> note that authentication of the requestor is of interest,
> though possibly
> less so when the host being asked to divulge its location placed the
> 'call'. while i have 'divulge-to-family' turned on, how does
> the device
> know the requestor is my spouse?
>
> and precision is also of relevance. two extremes:
> o i only want to divulge my exact location under very restricted
> circumstances
> o i want to divulge my mobile phone's time zone to anyone, as i want
> them to use that info to decide whether it is polite to call me.
>
> note that a cruise through the archives (i am not sure if
> this list and its
> predecessor share archive(s)) will show that this has been
> discussed before.
>
> randy
>
Received on Fri Aug 17 14:50:24 2001