Back to terminology

I'd like to come back to our discussion of terminology. After
our discussions in SLC and through the mail, my revised proposal
would be:

1. Target:

Target: The entity whose location is desired by the Location
Recipient.

The target may be a device (say, a cellular phone), a person (say, the
subscriber of the cellular phone), an animal, a ship, equipment in the
field, a truck, etc.

In a many cases it can be considered the same to locate a cellular
phone or to locate its subscriber, but in many cases there is a
difference. Perhaps the phone is owned by a company, and shared
between different employees, who enter a code at the cellular phone
when they activate the location facilities. Or perhaps an individual
uses different types of equipment, depending on where he is, entering
again a code when he changes his device, or the device recognizing
this through a "logon" or a smart card. Perhaps the target, an
individual, is just entering a pin code every time he enters a new
region of an airport or a hospital, or sensors to open the doors are
reading biometrical data or performing some other kind of pattern
recognition.

There is of course a problem if the location of the target is
performed via a device, for instance an active badge, which can be
detached from the target. This may be expressed in the amount of
confidence that the measurement has. Confidence should not be confused
with accuracy, see later. Another word often used is trust (on the
measurement) but in the context of security this term has already
enough different meanings.

Also notice that to locate a target, several devices can be used
simultaneously, as in the case of tracking a ship. This may also
happen in other situations, where the purpose is to increment the
confidence on the measurement.

Also may be observed that the situation will arise in which one
Location Server uses the position of one or several target to infer
the location of another target. This should be only possible with the
explicit consent of the latter.

Associated with the target, there may be an "owner". For me, it is not
the owner of the target, as I initially thought, also not the owner of
the sighting (the information triple (ID., location, time). The one I
want to talk about is:

---
2. The owner of the privacy rights of the target
Owner of the privacy rights of the target: or, for abbreviation, the
"owner": An entity that has the authorization to decide the policies
that apply to the location information of the target (for instance,
equipment in the field). Frequently, the owner of the target is
the target itself. The owner is in possession of credentials
showing that he is owner of the identifier of the target.
How the owner "proves" for the very first registration of the target
with the system that he is indeed the owner of the privacy rights of
the target, is probably out of our scope.  It tends to turn into a
philosophical problem.  
By "very first registration of the target with
the system" I mean not "logon" or "session begin", but something like
registering a new user or a new mobile set with a telecommunications
company, where a "user or mobile node profile" is created.  But after
this initial registration each target has associated with it, one (or
eventually several?) and this association is either in the "user
or mobile subscriber profile" or something of that sort, or simply
given by the fact that the owner knows the needed secrets
to authenticate the policies to the location server.
---
3.Location Data Source: This is the original source of the sighting, that
is, the matching of an identifier for the target, a position, and a
time.
In some scenarios, the target itself is the location data source (or
more precisely, they are co-located). In some situations the "owner"
(see below) may be the original data source, for instance simply
because he knows where his equipment is.
But in general, also some network entity, properly authenticated and
authorized by the network, but perhaps totally unknown to the target,
is the original source of location information related to a
target. This could be some location detection function in the access
network. The authentication /authorization requirements for this case
are not trivial since the target may have no direct security
relationship (for instance, a secure channel) to the location data
source. The trust relationships may have some subtleties, in
particular in a roaming situation.
If the location data source is the target itself or its owner, the
authentication/authorization problems are largely reduced, since the
location service can link easily the origin of the location data and
the origin of the policies.
The location data source, or the people who legally own it may have
something like the "copyrights" of the sighting, but in general
not the ownership of the privacy rights of the target.
Location Recipient: Software and/or hardware entity that seeks the
location of targets. To obtain location information for one or more
targets, it interacts with a Location Server or with the Location Data
Source. The Location Recipient may be a Location Server itself or an
Ultimate Location Recipient.
----
4. (Private) Location Recipient: Software and/or hardware entity that seeks
the
location of targets. To obtain location information for one or more
targets, it interacts with a Location Server or with the Location Data
Source. 
A Private Location Recipient is either a Location Server (7., below) itself 
or an Ultimate Location Recipient (8., below). And conversely, all 
Location Servers and Ultimate Location Recipients are (Private) Location 
Recipients.
*My* usage of the word private location recipient excludes two cases
(5. and 6. below) of location information recipients that are subject 
to very different laws.
(This is where the word (*private*) plays a role, but I would agree that
the terminology is confusing here). 
---
5. (terminology suggestions ??): recipient defined by local regulatory
requirements, ( basically only: emergency calls, lawful interception)
---
6. (terminology suggestions ??): recipients that support the operation
of the access network: for instance:
Location Based Charging, which allows a subscriber to be charged
different rates depending on the subscriber's location, or monitoring
of QoS parameters correlated to location for monitoring of Service
Level Agreements (SLAs) and for quality assurance, utilization review,
credentialing, and other activities that are part of ensuring
appropriate treatment and payment.
But in cases 5 and 6 the collection of location data should only be for
these purposes. Else, they are considered private Location Recipients.
----
7. Location Server: Software and/or hardware entity offering Location
Service capabilities. The Location Server
· receives Location Information from the Location Data Source or from
other Location Servers
· receives, directly or through a repository or a trusted third party,
policies from owners
· accepts services requests from Location Recipients (including other
location servers),
· matches the location request to the policies for the target and
processes the Location Information accordingly, and
· responds sending back Filtered Location Information of the
target. 
----
8. Ultimate Location Recipient: A Location Recipient that is the ultimate
recipient of the location information (he may not pass this
information, or derived one, to others, except to the target or the
owner). Other proposed names for the Ultimate Location Recipient are:
Location Requestor, Ultimate Location Requestor, Location Seeker, or
Location Service Client. The name client is unfortunate, since the
Ultimate Location Recipient may be a location-aware value-added
service provider (to the owner or the target)
----
Suggestions? 
Best regards, 
Jorge