Separating this as an issue, independent of the philosophical pieces:
I think we need to distinguish a number of different operating
scenarios, each with different requirements:
- Location information is embedded in another protocol by the user.
Thus, the user decides (in some generic sense, i.e., this could be
configured permanently or per request or any complicated logic, e.g.,
depending on the location itself)
. who this information is made visible to at what precision
. whether the recipient needs to be authenticated
I don't see where a protocol gets involved here, beyond the "mother"
protocol that carries this information. In this mode, authentication
will likely be performed in the mode best suited to the "mother"
protocol, e.g., TLS for HTTP.
- Location information is known to some server controlled by the user
and available for special-purpose queries. Here, the user has to tell
the server what to do, either interactively or by some logic. The latter
case is essentially the same as in the first case, i.e., no protocol is
needed.
- Location information is known to some server controlled by the user,
but inserted into another protocol "along the way" (e.g., in a proxy
server). Similar to the previous case, except that the "location release
authorization" may well need to be embedded in the "mother" protocol to
make sure it reaches the right server.
Received on Sat Aug 18 12:33:40 2001
This archive was generated by hypermail 2.1.8 : Thu Jan 22 2004 - 12:32:22 EST