RE: Terminology

it may not be an actual element in the protocol, but I suspect
you need to describe that entity when discussing privacy.

We need it to at least hold the discussion.

Brian

> -----Original Message-----
> From: Valentin Christoph [mailto:christoph.valentin@siemens.at]
> Sent: Wednesday, December 12, 2001 5:26 AM
> To: 'Rosen, Brian'; 'John Morris '; 'geopriv@mail.apps.ietf.org '
> Subject: RE: Terminology
>
>
> Inline one little comment.
>
>
> > -----Original Message-----
> > From: Rosen, Brian [mailto:Brian.Rosen@marconi.com]
> > Sent: Wednesday, December 12, 2001 1:48 AM
> > To: 'John Morris '; 'geopriv@mail.apps.ietf.org '
> > Subject: RE: Terminology
> >
> >
> > Henning suggested "owner" for the policy determining entity, so
> > why don't we agree to that.
> >
> > I'd actually like a more descriptive term for the entity "carrying"
> > the target than "user". Anyone got suggestions?
> [Christoph]
> I think, the entity "carrying" the target should be out of
> scope of this WG.
> The relationship between the location of the target and the location
> of the entity "carrying" the target may be known by the
> client, because
> he got this information from the owner of the target using
> some mechanism
> out of scope.
>
> >
> > Henning, like you, did not like "client' or "server". He suggested
> > "location provider" and "location seeker". I have no problem with
> > those choices.
> >
> > I don't yet appreciate the difference betweeen an involuntary
> > and a voluntary provider. Please give me some hint of why
> > differentiating might affect the design of the object, the protocol
> > or the privacy considerations. It seems to me that voluntary
> > or involuntary, you treat the data the same way.
> >
> >
> >
> > -----Original Message-----
> > From: John Morris
> > To: geopriv@mail.apps.ietf.org
> > Sent: 12/11/01 6:54 PM
> > Subject: Re: Terminology
> >
> > Brian,
> >
> > I strongly agree that we should start with definitions and
> > terminology,
> > and
> > I include some comments and suggestions in line below. But
> > first, three
> >
> > preliminary comments:
> >
> > 1. There are at least two places below where I suggest
> that we create
> > two
> > definitions where you suggest only single definitions. I
> expect that
> > your
> > reaction to at least one of my two suggestions is that my
> > distinction is
> >
> > irrelevant. But I ask you to at least concede that the
> distinctions I
> > am
> > drawing are factually accurate. It may well be that two different
> > categories of actors will in the final analysis be treated
> exactly the
> > same
> > (which is a conclusion that you suggested yesterday), but I
> > think in our
> >
> > definitions we should still identify the different categories
> > of actors
> > and
> > then later decide, if appropriate, to group two categories together.
> >
> > 2. I suggest a couple of new terms below. I do not care about the
> > precise
> > words I have suggested, only about the conceptual categories. So if
> > anyone
> > has better words to describe the relevant categories, please
> > offer them
> > up.
> >
> > 3. My comments below focus on your suggested definitions, without
> > addressing whether the WG wants or needs to have a definition of
> > "location"
> > or types of location. We can discuss that in a later e-mail.
> >
> > On to my comments:
> >
> > At 12:43 PM 12/11/01 -0500, Rosen, Brian wrote:
> > >I'd like to start a discussion of terminology.
> > >
> > >I think we all agree on the term "target"; it's the device
> > >that has a location.
> >
> > Fine.
> >
> > >We usually use the term "user", in two contexts. One is that
> > >the target is usually described as associated with the user.
> > >We really want the location of the user, but until we get
> > >implanted with GPS receivers and radios, we have targets
> > >that are separate from the user. The other context we
> > >use "user" is that the user is the source of the privacy
> > >concern. Ultimately, it is the user that grants rights to
> > >some other entity to learn the location of the target.
> >
> > I would split this into two, along the lines of:
> > "user" is the person (if any) who is directly associated with the
> > target
> > device (by carrying the device, or driving it, etc.)
> > "owner" is the person or entity (if different from the
> user) who is
> > the
> > appropriate person/entity to set privacy rules
> > To be clear, in some cases there may be no user at all -- an owner
> > simply
> > wants to locate the target device, and the device is not a proxy for
> > person.
> > Also to be clear, in many cases the user and owner may be
> one and the
> > same. But clearly there will be scenarios in which the
> user and owner
> > are
> > not the same. In the final analysis, it is possible that this
> > distinction
> > may not be all that relevant, but I for one cannot prejudge
> > that at this
> > point.
> >
> > > >From there, we tend to fall apart on generally accepted
> > >terminology. I'd like to propose that we use the policy
> > >terms like 'Policy Determination Point' and 'Policy
> > >Enforcement Point' which have accepted meanings when we
> > >discuss the application of the users policy on the
> > >location dissemination. Is that acceptable?
> >
> > Personally, I do not yet clearly understand how you would
> define those
> > two
> > terms. I can imagine their definition, and I think that I
> > could get on
> > board with some definition, but can you spell out two separate
> > definitions?
> >
> > >Finally, I'd like to take a stab at convincing you that
> > >there are only two other entities (nouns) in this process.
> > >I think many have in mind that there are several other entities,
> > >but in my mind, there are only two.
> > >
> > >A Server is an entity that knows the location of a target.
> > >A Client is an entity that wants to find out the location
> > >of a target.
> > >
> > >See, wasn't that easy?
> >
> > Too easy, in my view!
> >
> > First, I agree with you that we may be able conflate many potential
> > categories of actor into a single term like "server." So I
> > accept your
> > effort to simplify. I am not happy with "server" or
> "client" because
> > they
> > mean too many things already, but this concern is fairly minor.
> >
> > More importantly, let's come back to the debate you and I had
> > yesterday
> > in
> > the WG about whether my use of the term "carrier" was
> accurate and/or
> > relevant. You quickly convinced me that the word "carrier"
> is wrong,
> > but I
> > persist in thinking that there is a potentially relevant
> distinction
> > here. Let me reformulate my distinction as follows (and
> > please, I hope
> > someone comes up with better words than I have here):
> >
> > an "involuntary location processor" is an entity (like, e.g.,
> > a wireless
> >
> > carrier or a dial-up ISP) that unavoidably learns or can learn the
> > location
> > of the target, simply as a function of the role the entity
> > plays in the
> > target's communications capability. Thus, unless a cell phone user
> > simply
> > decided never to turn on the device, there is likely nothing
> > the user or
> >
> > owner can do to stop the wireless carrier from learning the
> > location. (Indeed, U.S. E911 laws may make this situation
> obligatory
> > for
> > the U.S.).
> >
> > a "voluntary location processor" is an entity that (a) receives the
> > target's location with the consent of the owner and (b) in
> most cases
> > takes
> > some action with the information (e.g., serves it, translates
> > it, stores
> >
> > it, obfuscates it, returns other info to the target based on it).
> >
> > Now, I admit that ILPs and VLPs may well in the end be
> > treated exactly
> > alike, and so you may be correct in suggesting that the
> > distinction is
> > irrelevant. But again, I for one doubt that the
> distinction will be
> > irrelevant, and I certainly cannot at this point in the analysis say
> > that
> > the ILP should not receive special attention. Let's identify two
> > definitions and decide to conflate them later, if appropriate.
> >
> > Now, to round out my suggested terminology, I probably would
> > substitute
> > something like "ultimate location recipient" instead of
> > "client," but I
> > do
> > not think this is critical. The key, in my mind, is that
> the recipient
> > is
> > the last entity to receive the location information, and this
> > recipient
> > may
> > well not need to know the full details of the owner's privacy rules.
> >
> > >Now, let's look at scenarios. Please remember that these
> > >are logical functions, and a physical device can have
> > >multiple functions implemented in it.
> >
> > I agree that we should look at scenarios very soon, but I do
> > not want to
> >
> > delay my thoughts above until I can get more time to
> comments on your
> > scenarios. Also, reaching tentative consensus on the
> terminology is
> > probably a good first step.
> >
> > John
> >
> >
> > ----------------------------------------
> > John B. Morris, Jr.
> > Director, Internet Standards, Technology
> > & Policy Project
> > Center for Democracy and Technology
> > 1634 I Street NW, Suite 1100
> > Washington, DC 20006
> > (202) 637-9800
> > (202) 637-0968 fax
> > jmorris@cdt.org
> > http://www.cdt.org
> > ----------------------------------------
> >
>
Received on Wed Dec 12 10:34:54 2001