Re: Terminology

How about 'owner' for the entity that is the person or entity that can
make decisions for a target? Ownership reflects the notion of
(temporary) control and legal responsibility. We have too many users
here - of the information provided, for example.

It would be nice if we could come up with something other than 'client'
and 'server'. The problem is that this tends to imply both a data
relationship (client gets data from server), but also a protocol
relationship (TCP connection, HTTP connection, etc.). It is not clear
that those always have to be aligned. For example, the 'client' in your
example could well be contacted by the 'server' to deliver information
to it, based on some subscription/event model, say. That makes the
discussion very confusing. (We've had a similar issue in SIP, where many
people speak of client and server when they mean user agent and proxy
server.)

Something like 'location provider' (or supplier, holder, custodian) and
'location seeker' (querier, customer, ...) seems less entertwined with
protocol messages, but I'm sure there are other, better terms.

"Rosen, Brian" wrote:
>
> I'd like to start a discussion of terminology.
>
> I think we all agree on the term "target"; it's the device
> that has a location.
>
> We usually use the term "user", in two contexts. One is that
> the target is usually described as associated with the user.
> We really want the location of the user, but until we get
> implanted with GPS receivers and radios, we have targets
> that are separate from the user. The other context we
> use "user" is that the user is the source of the privacy
> concern. Ultimately, it is the user that grants rights to
> some other entity to learn the location of the target.
>
> >From there, we tend to fall apart on generally accepted
> terminology. I'd like to propose that we use the policy
> terms like 'Policy Determination Point' and 'Policy
> Enforcement Point' which have accepted meanings when we
> discuss the application of the users policy on the
> location dissemination. Is that acceptable?
>
> Finally, I'd like to take a stab at convincing you that
> there are only two other entities (nouns) in this process.
> I think many have in mind that there are several other entities,
> but in my mind, there are only two.
>
> A Server is an entity that knows the location of a target.
> A Client is an entity that wants to find out the location
> of a target.
>
> See, wasn't that easy?
>
> Now, let's look at scenarios. Please remember that these
> are logical functions, and a physical device can have
> multiple functions implemented in it.
>
> First is the simple case of the target actually knowing
> its own location (using, say, GPS), and it having enough
> horsepower to be a PDP/PEP. Then the target has the Server
> and the PDP/PEP collocated in it. A client gets authenticated
> by the server. The server consults its PDP to determine
> if location should be given to the client, applies the
> appropriate policy (PEP) and then sends the result to the
> client.
>
> Next, let's assume that the target knows it's own location,
> but does not have enough horsepower to do all the policy
> application. In such a case, we employ a Proxy Server.
> This is a back to back Client and Server. So, the target
> has a server that has exactly one client, the client side of
> the Proxy Server. The proxy server has the PDP/PEP and other
> clients authorized by the user's policy get location information
> from the server side of the Proxy Server.
>
> Now lets assume that the target doesn't know its location,
> but some other entity does. That entity is just a Server;
> it knows the location of a target, and provides it to clients.
> That server could have the PDP/PEP, or it could use a Proxy
> Server as above.
>
> Now take a translator. It is another instance of a Proxy
> Server that transforms the data between the client side
> and the server side. It, of course, could have the PDP,
> or just the PEP, or it could be, as above, serving only
> one client, which is another Proxy Server that has the PEP.
>
> Of course, in single client servers, PDP and PEP are implemented,
> they are just very simple. So, in reality, every server
> has at least a PEP.
>
> Now we can get arbitrarily complex. Suppose there was a system
> where there were a bunch of targets all served by a "carrier"
> (we don't really care what the thing that serves all these client
> is, it could be an enterprise device), where the server could
> provide a reasonable set of policies and enforce them. A user
> created a policy for that server that applied to a range of
> clients. However, suppose that the server is not all that clever,
> and some enterprising dotcom offers a service to the user that
> provides a more rich policy mechanism than the "carrier" does.
> So, the user authorizes the carrier server to supply location
> to the dotcom, which is another proxy server. The user then
> authorizes another set of clients to the dotcom server.
>
> Either or both of the "carrier" server and the dotcom server
> could provide translation or obfuscation services.
>
> I think that is all we need for nouns.
>
> Brian
Received on Tue Dec 11 15:37:53 2001