RE: Terminology

So now we have 3 entities:
The entity "carrying" the target
The entity that legally/contractually owns the location information
The entity that asserts the policy.

I don't have a real philosophical problem with 3 entities,
but I wonder if there really are cases where "carry" and "assert"
are actually two different entities?

Brian

> -----Original Message-----
> From: Ajith Narayanan [mailto:ajithn@sg.ibm.com]
> Sent: Wednesday, December 12, 2001 3:59 AM
> To: Rosen, Brian
> Cc: 'John Morris '; 'geopriv'
> Subject: RE: Terminology
>
>
>
>
>
> 1. "owner" and "policy proponent" (new), "policy decision point"
>
> The word "owner" is probably good, but I'd hope for a better
> word. The
> problem I see is this -- by calling this entity the "owner"
> we suggest
> that he/she has some rightful ownership of the location
> sighting (where
> location sighting = the information that a certain target is
> sighted at a
> certain location at a certain time). When the "user" has the rightful
> ownership of that information (i.e., owner == user) he/she is
> likely to
> have the best possible control of their privacy. However, in
> some settings
> -- e.g., the cases where the "carrier" (e.g., a Voluntary Location
> Processor) legally owns the location sighting information --
> the user will
> not have claim to such ownership, strictly speaking.
> However, privacy may
> still exist because of a contract between the "user" and the
> "owner" (the
> VLP carrier, in this case). The carrier owns the information, but may
> allow the "user" to exercise control over its disclosure.
> Thus the user
> exercises policy control over how the location sighting is
> used, without
> having to be the owner of the information per se. This is
> not the best
> scenario for privacy, but I think we need to be able to talk
> about such
> scenarios, and refer to such a user who exercises control
> over location
> disclosure policy.
>
> So I would like to propose the term "policy proponent" to refer to an
> entity that proposes a policy which should govern the disclosure of
> location sightings. An entity who wants to protect their
> privacy would do
> so by becoming a policy proponent. I visualize multiple
> policy proponents,
> one of whom is possibly the user, who may or may not be the owner.
>
> The reason I say "a policy" in the above paragraph, as
> opposed to "the
> policy" is that there may be multiple policy proponents and
> their policies
> may potentially conflict with each other. For example, take
> the situation
> in which the State (a policy proponent) mandates full
> disclosure for E-911
> or for cases covered by a judicial court order. The
> "policy decision
> point" is an entity that processes multiple policies applicable to a
> location sighting, resolves policy conflicts according to a resolution
> algorithm, and outputs a go/no-go disclosure decision.
>
> If we are talking about ownership of information, I think the
> terms we use
> should preferably be close to the terms used by laws that
> address ownership
> of information (I am not sure what those terms are). If we
> don't have a
> better term, then I'm happy with "owner" for the most part, though I
> would prefer the term "owner of the sighting" to make it even
> clearer. The
> term "sighting" itself is well defined in literature in location-aware
> computing, as a 3-tuple consisting of <target-identity,
> location, time>.
>
> 2. "user"
>
> For the "user carrying the target"... I propose "co-located user" or
> "co-sighted user". Sometimes the co-located (co-sighted)
> user does not
> exist or has no meaning (e.g., in asset tracking). Also, we
> may even get
> by without ever referring to the co-located (co-sighted) user in cases
> where he/she is neither the owner nor a policy proponent.
>
> 3. "server", "client"
>
> How about "location server" and "location client" ? I think
> these terms
> avoid the confusion that arises with client/server roles at
> the protocol
> level (e.g. HTTP). Commenting on John Morris's proposed "ultimate
> location recipient", I agree that we may need to distinguish between
> "direct" and "indirect" recipients of location information. The
> information is passed from a "location server" to a "direct location
> recipient" ("direct location client") who in turns serves as
> a "location
> server" and passes it (possibly translated, obfuscated...etc) to an
> indirect location client. Direct and indirect are relative
> to the first
> location server. If a certain location client guarantees to not
> propagate location information further (e.g., it may be technically
> incapable of doing so, or be contractually bound), then we
> may call it an
> "ultimate location recipient". In my view this qualification
> is a strong
> privacy statement, so the distinction is important to make.
>
> In item (1), I realize that I used the term "Policy Decision
> Point" which
> is probably not a term used by policy folks. Please correct me !
>
> Cheers
> -- Ajith
>
> | Ajith Narayanan
> | IBM Emerging Technology Centre
> | ajithn@sg.ibm.com Tel: (65) 320-1939 Fax: (65) 224-5260
> | IBM Singapore Pte Ltd, IBM Towers, 80 Anson Rd, Singapore 079907
> --
>
>
> "Rosen, Brian" <Brian.Rosen@marconi.com> on 12/12/2001 08:47:44 AM
>
> To: "'John Morris '" <jmorris@cdt.org>,
> "'geopriv@mail.apps.ietf.org '"
> <geopriv@mail.apps.ietf.org>
> cc:
> Subject: RE: Terminology
>
>
>
> Henning suggested "owner" for the policy determining entity, so
> why don't we agree to that.
>
> I'd actually like a more descriptive term for the entity "carrying"
> the target than "user". Anyone got suggestions?
>
> Henning, like you, did not like "client' or "server". He suggested
> "location provider" and "location seeker". I have no problem with
> those choices.
>
> I don't yet appreciate the difference betweeen an involuntary
> and a voluntary provider. Please give me some hint of why
> differentiating might affect the design of the object, the protocol
> or the privacy considerations. It seems to me that voluntary
> or involuntary, you treat the data the same way.
>
>
>
> -----Original Message-----
> From: John Morris
> To: geopriv@mail.apps.ietf.org
> Sent: 12/11/01 6:54 PM
> Subject: Re: Terminology
>
> Brian,
>
> I strongly agree that we should start with definitions and
> terminology,
> and
> I include some comments and suggestions in line below. But
> first, three
>
> preliminary comments:
>
> 1. There are at least two places below where I suggest that we create
> two
> definitions where you suggest only single definitions. I expect that
> your
> reaction to at least one of my two suggestions is that my
> distinction is
>
> irrelevant. But I ask you to at least concede that the distinctions I
> am
> drawing are factually accurate. It may well be that two different
> categories of actors will in the final analysis be treated exactly the
> same
> (which is a conclusion that you suggested yesterday), but I
> think in our
>
> definitions we should still identify the different categories
> of actors
> and
> then later decide, if appropriate, to group two categories together.
>
> 2. I suggest a couple of new terms below. I do not care about the
> precise
> words I have suggested, only about the conceptual categories. So if
> anyone
> has better words to describe the relevant categories, please
> offer them
> up.
>
> 3. My comments below focus on your suggested definitions, without
> addressing whether the WG wants or needs to have a definition of
> "location"
> or types of location. We can discuss that in a later e-mail.
>
> On to my comments:
>
> At 12:43 PM 12/11/01 -0500, Rosen, Brian wrote:
> >I'd like to start a discussion of terminology.
> >
> >I think we all agree on the term "target"; it's the device
> >that has a location.
>
> Fine.
>
> >We usually use the term "user", in two contexts. One is that
> >the target is usually described as associated with the user.
> >We really want the location of the user, but until we get
> >implanted with GPS receivers and radios, we have targets
> >that are separate from the user. The other context we
> >use "user" is that the user is the source of the privacy
> >concern. Ultimately, it is the user that grants rights to
> >some other entity to learn the location of the target.
>
> I would split this into two, along the lines of:
> "user" is the person (if any) who is directly associated with the
> target
> device (by carrying the device, or driving it, etc.)
> "owner" is the person or entity (if different from the user) who is
> the
> appropriate person/entity to set privacy rules
> To be clear, in some cases there may be no user at all -- an owner
> simply
> wants to locate the target device, and the device is not a proxy for
> person.
> Also to be clear, in many cases the user and owner may be one and the
> same. But clearly there will be scenarios in which the user and owner
> are
> not the same. In the final analysis, it is possible that this
> distinction
> may not be all that relevant, but I for one cannot prejudge
> that at this
> point.
>
> > >From there, we tend to fall apart on generally accepted
> >terminology. I'd like to propose that we use the policy
> >terms like 'Policy Determination Point' and 'Policy
> >Enforcement Point' which have accepted meanings when we
> >discuss the application of the users policy on the
> >location dissemination. Is that acceptable?
>
> Personally, I do not yet clearly understand how you would define those
> two
> terms. I can imagine their definition, and I think that I
> could get on
> board with some definition, but can you spell out two separate
> definitions?
>
> >Finally, I'd like to take a stab at convincing you that
> >there are only two other entities (nouns) in this process.
> >I think many have in mind that there are several other entities,
> >but in my mind, there are only two.
> >
> >A Server is an entity that knows the location of a target.
> >A Client is an entity that wants to find out the location
> >of a target.
> >
> >See, wasn't that easy?
>
> Too easy, in my view!
>
> First, I agree with you that we may be able conflate many potential
> categories of actor into a single term like "server." So I
> accept your
> effort to simplify. I am not happy with "server" or "client" because
> they
> mean too many things already, but this concern is fairly minor.
>
> More importantly, let's come back to the debate you and I had
> yesterday
> in
> the WG about whether my use of the term "carrier" was accurate and/or
> relevant. You quickly convinced me that the word "carrier" is wrong,
> but I
> persist in thinking that there is a potentially relevant distinction
> here. Let me reformulate my distinction as follows (and
> please, I hope
> someone comes up with better words than I have here):
>
> an "involuntary location processor" is an entity (like, e.g.,
> a wireless
>
> carrier or a dial-up ISP) that unavoidably learns or can learn the
> location
> of the target, simply as a function of the role the entity
> plays in the
> target's communications capability. Thus, unless a cell phone user
> simply
> decided never to turn on the device, there is likely nothing
> the user or
>
> owner can do to stop the wireless carrier from learning the
> location. (Indeed, U.S. E911 laws may make this situation obligatory
> for
> the U.S.).
>
> a "voluntary location processor" is an entity that (a) receives the
> target's location with the consent of the owner and (b) in most cases
> takes
> some action with the information (e.g., serves it, translates
> it, stores
>
> it, obfuscates it, returns other info to the target based on it).
>
> Now, I admit that ILPs and VLPs may well in the end be treated exactly
> alike, and so you may be correct in suggesting that the distinction is
> irrelevant. But again, I for one doubt that the distinction will be
> irrelevant, and I certainly cannot at this point in the analysis say
> that
> the ILP should not receive special attention. Let's identify two
> definitions and decide to conflate them later, if appropriate.
>
> Now, to round out my suggested terminology, I probably would
> substitute
> something like "ultimate location recipient" instead of
> "client," but I
> do
> not think this is critical. The key, in my mind, is that the recipient
> is
> the last entity to receive the location information, and this
> recipient
> may
> well not need to know the full details of the owner's privacy rules.
>
> >Now, let's look at scenarios. Please remember that these
> >are logical functions, and a physical device can have
> >multiple functions implemented in it.
>
> I agree that we should look at scenarios very soon, but I do
> not want to
>
> delay my thoughts above until I can get more time to comments on your
> scenarios. Also, reaching tentative consensus on the terminology is
> probably a good first step.
>
> John
>
>
> ----------------------------------------
> John B. Morris, Jr.
> Director, Internet Standards, Technology
> & Policy Project
> Center for Democracy and Technology
> 1634 I Street NW, Suite 1100
> Washington, DC 20006
> (202) 637-9800
> (202) 637-0968 fax
> jmorris@cdt.org
> http://www.cdt.org
> ----------------------------------------
>
>
>
Received on Wed Dec 12 10:29:09 2001