RE: Requirements Document

Sure. I agree. But this is 100% an implementation
and/or deployment issue, and not a protocol or "object" issue.
We can offer advice on the subject, but I can't see how
you would write anything stronger.

I really DO want to use policy systems in some cases.
I really DO want to have delegation mechanisms in some cases.
I really DO want to have cryptographically secure authentication
in many (most) cases.

What I don't want is to have this group specify any of them.

Use words like "recommend" and "should consider", and not
"must" and "mandatory-to-implement". The field of use
for this object is way to wide to do more.

Brian

> -----Original Message-----
> From: Randy Bush [mailto:randy@psg.com]
> Sent: Monday, August 20, 2001 4:35 PM
> To: Rosen, Brian
> Cc: 'Adam Shostack'; Henning Schulzrinne; john.loughney@nokia.com;
> behcet.sarikaya@usa.alcatel.com; geopriv@mail.apps.ietf.org
> Subject: RE: Requirements Document
>
>
> > Do you object to a requirement that it must be possible to
> > deploy the geopriv object in a standards based manner
> > such that authorization to reveal location information is <<<==
> > handled out of band (by contract for example), rather than
> > by explicit user action at the point of use?
>
> s/is/might also be/
>
> and i see it as a general issue of delegation of authority,
> with its own set
> of attendant authentication and authorization issues. e.g. i
> want to know
> to what agent i am delegating, and to be able to restrict that agent's
> abilities to act in my place, in to whom they reveal, what
> they reveal, and
> if and what they may subdelegate.
>
> randy
>
Received on Mon Aug 20 17:08:36 2001