Dear all,
(I am sorry that I am slow to respond, but I am not online
during the IETF.)
John W Noerenberg II <jwn2@qualcomm.com> wrote:
JN>...
JN>
JN> /-------\
JN> // \\
JN> | MPC |
JN> | |
JN> /-------\ \\ //
JN> // location\\ /\-------/
JN> | proxy | /
JN> | | /
JN> \\ LocSrv // +----------+ /
JN> /----\ \---+---/ | Mobile | /
JN> / App \ | | station | / //-----\\
JN> | | | | | / |/ \|
JN> | LocReq |---------------------| LocSrv +-----/-----+ PDE |
JN> \ / | | |\ /|
JN> \----/ +----+-----+ \\-----//
JN> |
JN> +---+----+
JN> |Local |
JN> |node |
JN> | |
JN> +--------+
JN>
JN>
JN>...
I agree with the terms:
Target (but I do not agree with the definition! see below)
Location Requestor (LocReq) (
was called Client, Location Recipient location seeker)
Location Server (LocSrv)
Mobile Positioning Center (MPC)
Position Determination Engine (PDE)
I want to introduce one more:
Location Data Source (LocSrc) (which *could* be just the
a combination of the Mobile Positioning Center (MPC), and the
Position Determination Engine (PDE), but it also could be something
very different, see below)
Brian.Rosen@marconi.com wrote:
BR> I think we all agree on the term "target"; it's the device
BR> that has a location.
I am not sure. If I have two devices, and I switch from one to the other,
I may be able to tell the location server that now I at this or that
location, even without telling which device I may be using.
In an extreme case, I can make a phone call to some trusted
location server and, using a certain password or whatever, I may tell
the server that now I am at this or that other place. My location
information does not necessarily depend on some mechanical device
measuring the position of a target *device*. Perhaps I am just entering
a pin code everytime I enter a new region of an airport or a hospital.
For me, target is the entity whose location is desired by the
Location Requestor.
BR> We usually use the term "user", in two contexts. One is that
BR> the target is usually described as associated with the user.
BR> We really want the location of the user, but until we get
BR> implanted with GPS receivers and radios, we have targets
BR> that are separate from the user. The other context we
BR> use "user" is that the user is the source of the privacy
BR> concern. Ultimately, it is the user that grants rights to
BR> some other entity to learn the location of the target.
Do we need the "user" in the first sense? Of course,
locating the user may be different from locating a particular
target device that he carries (or not), but from the point
of view of a geopriv protocol, we are only interested in
locating a "target" which can be an IP device, a person,
a mountain, or whatever. The target is charachterized
by identities and credentials, independently of being
or not a device, a person or whatever.
Ajith Narayanan <ajithn@sg.ibm.com> wrote:
A> The word "owner" is probably good, but I'd hope for a better word. The
A> problem I see is this -- by calling this entity the "owner" we suggest
A> that he/she has some rightful ownership of the location sighting (where
A> location sighting = the information that a certain target is sighted at a
A> certain location at a certain time). When the "user" has the rightful
A> ownership of that information (i.e., owner == user) he/she is likely to
A> have the best possible control of their privacy. However, in some settings
A> -- e.g., the cases where the "carrier" (e.g., a Voluntary Location
A> Processor) legally owns the location sighting information -- the user will
A> not have claim to such ownership, strictly speaking. However, privacy may
A> still exist because of a contract between the "user" and the "owner" (the
A> VLP carrier, in this case). The carrier owns the information, but may
A> allow the "user" to exercise control over its disclosure. Thus the user
A> exercises policy control over how the location sighting is used, without
A> having to be the owner of the information per se. This is not the best
A> scenario for privacy, but I think we need to be able to talk about such
A> scenarios, and refer to such a user who exercises control over location
A> disclosure policy.
Not exactly. At least when I proposed the word "owner" in my draft
(draft-cuellar-geopriv-reqs-00.txt) I ment something different.
It is not the "owner of the location information" (if such thing
exists), it is more like the owner of the policies that determine
what may be done with that information.
I quote from my draft:
Owner of the target:
An entity that has the authorization to decide the policies
that apply to the location information of the target (for
instance, equipment in the field). Most frequently, the owner
of the target is the target itself. One target may have several
owners and one owner may have several targets. The owner is in
possession of credentials showing that he is owner of the
identifier of the target.
(The last sentence is to mean that the owner is able to show the proper
authorization credentials, created by consent of the target or the owner).
Thus the "carrier" in your example is not an owner.
If I understand you correctly, the point that you are making
is that not all Location Data Sources are owners of the target.
I agree on that. Quoting again from my draft:
Also some network entity, properly authenticated and authorized
by the network, may send the Location Information to the
Location Server. This could be some location detection function
in the access network. The authentication /authorization
requirements for this case are for further discussion. This
case is different from the owner of the target, since there is
no close relationship between this network entity and this
particular target.
This means that this location data provider may not have been explicitely
authorized by the target (or an owner of the target) to provide the location
data.
Let me explain why this kind of distinction is important:
If we allow unauthorized Location Data Sources, and we do not
take correct precautions, some "Location Data Source" may play
attacks on the target. For instance, it may claim that I have
been visiting a certain place I have not been at. The location
server just sends this information to my wife or to my boss and
I am in deep trouble.
This entity is close to what John Morris calls the "carrier" or the
untrusted involuntary location processor (ILP), but it is different.
The point, for me at least is not abstract "trust" (like the one
inherited from the fact the entity is in my access network), or
voluntary or not, the point is authorization.
Best regards,
Jorge
----------------------------
Jorge Cuellar Office Numbers: Tel +49 89 636 47585
Siemens CT IC 3 Fax +49 89 636 48000
Otto-Hahn Ring 6 jorge.cuellar@mchp.siemens.de
81730 München Out of town: Fax (0180) 50 52 55 87 75 37
JorgeRicardo@web.de
________________________________________________________________
Keine verlorenen Lotto-Quittungen, keine vergessenen Gewinne mehr!
Beim WEB.DE Lottoservice: http://tippen2.web.de/?x=13
Received on Thu Dec 20 10:07:20 2001
This archive was generated by hypermail 2.1.8 : Thu Jan 22 2004 - 12:32:22 EST