idnits 2.17.1 

draft-ietf-geopriv-http-location-delivery-16.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** The document seems to lack a License Notice according IETF Trust
     Provisions of 28 Dec 2009, Section 6.b.i or Provisions of 12 Sep 2009
     Section 6.b -- however, there's a paragraph with a matching beginning.
     Boilerplate error?

     (You're using the IETF Trust Provisions' Section 6.b License Notice from
     12 Feb 2009 rather than one of the newer Notices.  See
     https://trustee.ietf.org/license-info/.)


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (Aug 28, 2009) is 5348 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446)

  ** Obsolete normative reference: RFC 2965 (Obsoleted by RFC 6265)

  ** Obsolete normative reference: RFC 2616 (Obsoleted by RFC 7230, RFC 7231,
     RFC 7232, RFC 7233, RFC 7234, RFC 7235)

  ** Obsolete normative reference: RFC 2818 (Obsoleted by RFC 9110)

  == Outdated reference: A later version (-15) exists of
     draft-ietf-geopriv-lis-discovery-11

  -- Obsolete informational reference (is this intentional?): RFC  793
     (Obsoleted by RFC 9293)

  -- Obsolete informational reference (is this intentional?): RFC 2617
     (Obsoleted by RFC 7235, RFC 7615, RFC 7616, RFC 7617)

  -- Obsolete informational reference (is this intentional?): RFC 3023
     (Obsoleted by RFC 7303)

  -- Obsolete informational reference (is this intentional?): RFC 3825
     (Obsoleted by RFC 6225)

  -- Obsolete informational reference (is this intentional?): RFC 5226
     (Obsoleted by RFC 8126)

  == Outdated reference: A later version (-09) exists of
     draft-ietf-geopriv-lbyr-requirements-07

  == Outdated reference: A later version (-09) exists of
     draft-ietf-sipcore-location-conveyance-01


     Summary: 5 errors (**), 0 flaws (~~), 4 warnings (==), 7 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	GEOPRIV WG                                                M. Barnes, Ed.
3	Internet-Draft                                                    Nortel
4	Intended status: Standards Track
5	Expires: March 1, 2010

7	                                                            Aug 28, 2009

9	                 HTTP Enabled Location Delivery (HELD)
10	            draft-ietf-geopriv-http-location-delivery-16.txt

12	Status of this Memo

14	   This Internet-Draft is submitted to IETF in full conformance with the
15	   provisions of BCP 78 and BCP 79.

17	   Internet-Drafts are working documents of the Internet Engineering
18	   Task Force (IETF), its areas, and its working groups.  Note that
19	   other groups may also distribute working documents as Internet-
20	   Drafts.

22	   Internet-Drafts are draft documents valid for a maximum of six months
23	   and may be updated, replaced, or obsoleted by other documents at any
24	   time.  It is inappropriate to use Internet-Drafts as reference
25	   material or to cite them other than as "work in progress."

27	   The list of current Internet-Drafts can be accessed at
28	   http://www.ietf.org/ietf/1id-abstracts.txt.

30	   The list of Internet-Draft Shadow Directories can be accessed at
31	   http://www.ietf.org/shadow.html.

33	   This Internet-Draft will expire on March 1, 2010.

35	Copyright Notice

37	   Copyright (c) 2009 IETF Trust and the persons identified as the
38	   document authors.  All rights reserved.

40	   This document is subject to BCP 78 and the IETF Trust's Legal
41	   Provisions Relating to IETF Documents in effect on the date of
42	   publication of this document (http://trustee.ietf.org/license-info).
43	   Please review these documents carefully, as they describe your rights
44	   and restrictions with respect to this document.

46	Abstract

48	   A Layer 7 Location Configuration Protocol (L7 LCP) is described that
49	   is used for retrieving location information from a server within an
50	   access network.  The protocol includes options for retrieving
51	   location information in two forms: by value and by reference.  The
52	   protocol is an extensible application-layer protocol that is
53	   independent of session-layer.  This document describes the use of
54	   HyperText Transfer Protocol (HTTP) and HTTP over Transport Layer
55	   Security (HTTP/TLS) as transports for the protocol.

57	Table of Contents

59	   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  4
60	   2.  Conventions & Terminology  . . . . . . . . . . . . . . . . . .  4
61	   3.  Overview and Scope . . . . . . . . . . . . . . . . . . . . . .  5
62	   4.  Protocol Overview  . . . . . . . . . . . . . . . . . . . . . .  6
63	     4.1.  Device Identifiers, NAT and VPNs . . . . . . . . . . . . .  7
64	       4.1.1.  Devices and VPNs . . . . . . . . . . . . . . . . . . .  7
65	       4.1.2.  LIS Handling of NATs and VPNs  . . . . . . . . . . . .  8
66	     4.2.  Location by Value  . . . . . . . . . . . . . . . . . . . .  8
67	     4.3.  Location by Reference  . . . . . . . . . . . . . . . . . .  9
68	   5.  Protocol Description . . . . . . . . . . . . . . . . . . . . .  9
69	     5.1.  Location Request . . . . . . . . . . . . . . . . . . . . . 10
70	     5.2.  Location Response  . . . . . . . . . . . . . . . . . . . . 10
71	     5.3.  Indicating Errors  . . . . . . . . . . . . . . . . . . . . 10
72	   6.  Protocol Parameters  . . . . . . . . . . . . . . . . . . . . . 11
73	     6.1.  "responseTime" Parameter . . . . . . . . . . . . . . . . . 11
74	     6.2.  "locationType" Parameter . . . . . . . . . . . . . . . . . 12
75	       6.2.1.  "exact" Attribute  . . . . . . . . . . . . . . . . . . 13
76	     6.3.  "code" Parameter . . . . . . . . . . . . . . . . . . . . . 14
77	     6.4.  "message" Parameter  . . . . . . . . . . . . . . . . . . . 14
78	     6.5.  "locationUriSet" Parameter . . . . . . . . . . . . . . . . 15
79	       6.5.1.  "locationURI" Parameter  . . . . . . . . . . . . . . . 15
80	       6.5.2.  "expires" Parameter  . . . . . . . . . . . . . . . . . 16
81	     6.6.  "Presence" Parameter (PIDF-LO) . . . . . . . . . . . . . . 16
82	   7.  XML Schema . . . . . . . . . . . . . . . . . . . . . . . . . . 17
83	   8.  HTTP Binding . . . . . . . . . . . . . . . . . . . . . . . . . 20
84	   9.  Security Considerations  . . . . . . . . . . . . . . . . . . . 22
85	     9.1.  Assuring that the proper LIS has been contacted  . . . . . 23
86	     9.2.  Protecting responses from modification . . . . . . . . . . 24
87	     9.3.  Privacy and Confidentiality  . . . . . . . . . . . . . . . 24
88	   10. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
89	     10.1. HTTPS Example Messages . . . . . . . . . . . . . . . . . . 25
90	     10.2. Simple Location Request Example  . . . . . . . . . . . . . 27
91	     10.3. Location Request Example for Multiple Location Types . . . 28
92	   11. IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 29
93	     11.1. URN Sub-Namespace Registration for
94	           urn:ietf:params:xml:ns:geopriv:held  . . . . . . . . . . . 29
95	     11.2. XML Schema Registration  . . . . . . . . . . . . . . . . . 30
96	     11.3. MIME Media Type Registration for 'application/held+xml'  . 30
97	     11.4. Error code Registry  . . . . . . . . . . . . . . . . . . . 31
98	   12. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 32
99	   13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 32
100	   14. Changes since last Version . . . . . . . . . . . . . . . . . . 33
101	   15. References . . . . . . . . . . . . . . . . . . . . . . . . . . 41
102	     15.1. Normative References . . . . . . . . . . . . . . . . . . . 41
103	     15.2. Informative References . . . . . . . . . . . . . . . . . . 41
104	   Appendix A.  HELD Compliance to IETF LCP requirements  . . . . . . 43
105	     A.1.  L7-1: Identifier Choice  . . . . . . . . . . . . . . . . . 43
106	     A.2.  L7-2: Mobility Support . . . . . . . . . . . . . . . . . . 43
107	     A.3.  L7-3: ASP and Access Network Provider Relationship . . . . 44
108	     A.4.  L7-4: Layer 2 and Layer 3 Provider Relationship  . . . . . 44
109	     A.5.  L7-5: Legacy Device Considerations . . . . . . . . . . . . 44
110	     A.6.  L7-6: VPN Awareness  . . . . . . . . . . . . . . . . . . . 45
111	     A.7.  L7-7: Network Access Authentication  . . . . . . . . . . . 45
112	     A.8.  L7-8: Network Topology Unawareness . . . . . . . . . . . . 45
113	     A.9.  L7-9: Discovery Mechanism  . . . . . . . . . . . . . . . . 46
114	     A.10. L7-10: PIDF-LO Creation  . . . . . . . . . . . . . . . . . 46
115	   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 46

117	1.  Introduction

119	   The location of a Device is information that is useful for a number
120	   of applications.  The L7 Location Configuration Protocol (LCP)
121	   problem statement and requirements document
122	   [I-D.ietf-geopriv-l7-lcp-ps] provides some scenarios in which a
123	   Device might rely on its access network to provide location
124	   information.  The Location Information Server (LIS) service applies
125	   to access networks employing both wired technology (e.g.  DSL, Cable)
126	   and wireless technology (e.g.  WiMAX) with varying degrees of Device
127	   mobility.  This document describes a protocol that can be used to
128	   acquire Location Information (LI) from a LIS within an access
129	   network.

131	   This specification identifies two types of location information that
132	   may be retrieved from the LIS.  Location may be retrieved from the
133	   LIS by value, that is, the Device may acquire a literal location
134	   object describing the location of the Device.  The Device may also
135	   request that the LIS provide a location reference in the form of a
136	   location URI or set of location URIs, allowing the Device to
137	   distribute its LI by reference.  Both of these methods can be
138	   provided concurrently from the same LIS to accommodate application
139	   requirements for different types of location information.

141	   This specification defines an extensible XML-based protocol that
142	   enables the retrieval of LI from a LIS by a Device.  This protocol
143	   can be bound to any session-layer protocol, particularly those
144	   capable of MIME transport.  This document describes the use of
145	   HyperText Transfer Protocol (HTTP) and HTTP over Transport Layer
146	   Security (HTTP/TLS) as transports for the protocol.

148	2.  Conventions & Terminology

150	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
151	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
152	   document are to be interpreted as described in [RFC2119].

154	   This document uses the terms (and their acronym forms) Access
155	   Provider (AP), Location Information (LI), Location Object (LO),
156	   Device, Target, Location Generator (LG), Location Recipient (LR),
157	   Rule Maker (RM) and Rule Holder (RH) as defined in RFC 3693, GEOPRIV
158	   Requirements [RFC3693] .  The terms Location Information Server
159	   (LIS), Access Network, Access Provider (AP) and Access Network
160	   Provider are used in the same context as defined in the L7 LCP
161	   Problem statement and Requirements document
162	   [I-D.ietf-geopriv-l7-lcp-ps].  The usage of the terms, Civic
163	   Location/Address and Geodetic Location follows the usage in many of
164	   the referenced documents.

166	   In describing the protocol, the terms "attribute" and "element" are
167	   used according to their context in XML.  The term "parameter" is used
168	   in a more general protocol context and can refer to either an XML
169	   "attribute" or "element".

171	3.  Overview and Scope

173	   This document describes an interface between a Device and a Location
174	   Information Server (LIS).  This document assumes that the LIS is
175	   present within the same administrative domain as the Device (e.g.,
176	   the access network).  The LIS exists because not all Devices are
177	   capable of determining LI, and because, even if a device is able to
178	   determine its own LI, it may be more efficient with assistance.  This
179	   document does not specify how LI is determined.  An Access Provider
180	   (AP) operates the LIS so that Devices (and Targets) can retrieve
181	   their LI.  This document assumes that the Device and Access Provider
182	   have no prior relationship other than what is necessary for the
183	   Device to obtain network access.

185	   This document is based on the attribution of the LI to a Device and
186	   not specifically a person (end user) or Target, based on the premise
187	   that location determination technologies are generally designed to
188	   locate a device and not a person.  It is expected that, for most
189	   applications, LI for the device can be used as an adequate substitute
190	   for the end user's LI.  Since revealing the location of the device
191	   almost invariably reveals some information about the location of the
192	   user of the device, the same level of privacy protection demanded by
193	   a user is required for the device.  This approach may require either
194	   some additional assurances about the link between device and target,
195	   or an acceptance of the limitation that unless the device requires
196	   active user authentication, there is no guarantee that any particular
197	   individual is using the device at that instant.

199	   The following diagram shows the logical configuration of some of the
200	   functional elements identified in [RFC3693] and the LIS defined in
201	   [I-D.ietf-geopriv-l7-lcp-ps] and where this protocol applies, with
202	   the Rule Maker and Target represented by the role of the Device.
203	   Note that only the interfaces relevant to the Device are identified
204	   in the diagram.

206	                     +---------------------------------------------+
207	                     | Access Network Provider                     |
208	                     |                                             |
209	                     |   +--------------------------------------+  |
210	                     |   | Location Information Server          |  |
211	                     |   |                                      |  |
212	                     |   |                                      |  |
213	                     |   |                                      |  |
214	                     |   |                                      |  |
215	                     |   +------|-------------------------------+  |
216	                     +----------|----------------------------------+
217	                                |
218	                                |
219	                               HELD
220	                                |
221	     Rule Maker   - _     +-----------+         +-----------+
222	           o          - - | Device    |         | Location  |
223	          <U\             |           | - - - - | Recipient |
224	          / \       _ - - |           |   APP   |           |
225	         Target - -       +-----------+         +-----------+

227	                        Figure 1: Significant Roles

229	   The interface between the Location Recipient (LR) and the Device
230	   and/or LIS is application specific, as indicated by the APP
231	   annotation in the diagram and it is outside the scope of the
232	   document.  An example of an APP interface between a device and LR can
233	   be found in the SIP Location Conveyance document
234	   [I-D.ietf-sipcore-location-conveyance].

236	4.  Protocol Overview

238	   A device uses the HELD protocol to retrieve its location either
239	   directly in the form of a Presence Information Data Format Location
240	   Object (PIDF-LO) document (by value) and indirectly as a Location URI
241	   (by reference).  The security necessary to ensure the accuracy,
242	   privacy and confidentiality of the device's location is described in
243	   the Security Considerations (Section 9).

245	   As described in the L7 LCP problem statement and requirements
246	   [I-D.ietf-geopriv-l7-lcp-ps], the Device MUST first discover the URI
247	   for the LIS for sending the HELD protocol requests.  The URI for the
248	   LIS SHOULD be obtained from an authorized and authenticated entity.
249	   The details for ensuring that an appropriate LIS is contacted are
250	   provided in Section 9 and in particular Section 9.1.  The LIS
251	   discovery protocol details are out of scope of this document and are
252	   specified in [I-D.ietf-geopriv-lis-discovery].  The type of URI
253	   provided by LIS discovery is RECOMMENDED to be an https: URI.

255	   The LIS requires an identifier for the Device in order to determine
256	   the appropriate location to include in the location response message.
257	   In this document, the IP address of the Device, as reflected by the
258	   source IP address in the location request message, is used as the
259	   identifier.  Other identifiers are possible, but are beyond the scope
260	   of this document.

262	4.1.  Device Identifiers, NAT and VPNs

264	   Use of the HELD protocol is subject to the viability of the
265	   identifier used by the LIS to determine location.  This document
266	   describes the use of the source IP address sent from the Device as
267	   the identifier used by the LIS.  When Network Address Translation
268	   (NAT), a Virtual Private Network (VPN) or other forms of address
269	   modification occur between the Device and the LIS the location
270	   returned could be inaccurate.

272	   Not all cases of NATs introduce inaccuracies in the returned
273	   location.  For example, a NAT used in a residential Local Area
274	   Network (LAN) is typically not a problem.  The external IP address
275	   used on the Wide Area Network (WAN) side of the NAT is an acceptable
276	   identifier for all of the devices in the residence, on the LAN side
277	   of the NAT, since the covered geographical area is small.

279	   On the other hand, if there is a VPN between the Device and the LIS,
280	   for example for a teleworker, then the IP address seen by a LIS
281	   inside the enterprise network might not be the right address to
282	   identify the location of the Device.  Section 4.1.2 provides
283	   recommendations to address this issue.

285	4.1.1.  Devices and VPNs

287	   To minimize the impact of connections or tunnels setup for security
288	   purposes or to traverse middleboxes, Devices that connect to servers
289	   such as VPN servers, SOCKS servers and HTTP proxy servers should
290	   perform their HELD query to the LIS prior to establishing a
291	   connection to other servers.  It is RECOMMENDED that discovery
292	   [I-D.ietf-geopriv-lis-discovery] and an initial query are performed
293	   before establishing any connections to other servers.  If a Device
294	   performs the HELD query after establishing a connection to another
295	   server, the Device may receive inaccurate location information.

297	   Devices that establish VPN connections for use by other devices
298	   inside a LAN or other closed network could serve as a LIS, that
299	   implements the HELD protocol, for those other Devices.  Devices
300	   within the closed network are not necessarily able to detect the
301	   presence of the VPN.  In this case, a VPN device should provide the
302	   address of the LIS server it provides, in response to discovery
303	   queries, rather than passing such queries through the VPN tunnel.
304	   Otherwise, the other devices would be totally unaware that they could
305	   receive inaccurate location information.

307	   It could also be useful for a VPN device to serve as a LIS for other
308	   location configuration options such as Dynamic Host Configuration
309	   Protocol (DHCP)[RFC3825] or Link Layer Discovery Protocol - Media
310	   Endpoint Discovery (LLDP-MED) [LLDP-MED].  For this case, the VPN
311	   device that serves as a LIS may first acquire its own location using
312	   HELD.

314	4.1.2.  LIS Handling of NATs and VPNs

316	   In the cases where the Device connects to the LIS through a VPN or a
317	   NAT that serves a large geographic area or multiple geographic
318	   locations (for example, a NAT used by an enterprise to connect their
319	   private network to the Internet), the LIS might not be able to return
320	   an accurate LI.  If the LIS cannot determine LI for the device, it
321	   should provide an error response to the requesting device.  The LIS
322	   needs to be configured to recognize identifiers that represent these
323	   conditions.

325	   LIS operators have a large role in ensuring the best possible
326	   environment for location determination.  The LIS operator needs to
327	   ensure that the LIS is properly configured with identifiers that
328	   indicate Devices on the remote side of a NAT or VPN.  In order to
329	   serve the Devices on the remote side of a NAT or VPN, a LIS needs to
330	   have a presence on the the side of the NAT or VPN nearest the Device.

332	4.2.  Location by Value

334	   Where a Device requires LI directly, it can request that the LIS
335	   create a PIDF-LO document.  This approach fits well with a
336	   configuration whereby the device directly makes use of the provided
337	   PIDF-LO document.  The details on the information that may be
338	   included in the PIDF-LO MUST follow the subset of those rules
339	   relating to the construction of the "location-info" element in the
340	   PIDF-LO Usage Clarification, Considerations and Recommendations
341	   document [RFC5491].  Further detail is included in the detailed
342	   protocol section of this document Section 6

344	4.3.  Location by Reference

346	   Requesting location directly does not always address the requirements
347	   of an application.  A Device can request a location URI instead of
348	   literal location.  A Location URI is a URI [RFC3986] of any scheme,
349	   which a Location Recipient (LR) can use to retrieve LI.  A location
350	   URI provided by a LIS can be assumed to be globally-addressable; that
351	   is, anyone in possession of the URI can access the LIS.

353	   However, possession of the URI does not in any way suggest that the
354	   LIS indiscriminately reveals the location associated with the
355	   location URI.  The specific requirements associated with the
356	   dereference of the location are specified in
357	   [I-D.ietf-geopriv-lbyr-requirements].  The location dereference
358	   protocol details are out of scope of this document.  As such, many of
359	   the requirements in [I-D.ietf-geopriv-lbyr-requirements] (e.g.,
360	   cancelling of location references) are not intended to be supported
361	   by this specification.  It is anticipated that future specifications
362	   may address these requirements.

364	5.  Protocol Description

366	   As discussed in Section 4 the HELD protocol provides for the
367	   retrieval of the device's location in the form of a PIDF-LO document
368	   and/or Location URI(s) from a LIS.  Three messages are defined to
369	   support the location retrieval: locationRequest, locationResponse and
370	   error.  Messages are defined as XML documents.

372	   The Location Request (locationRequest) message is described in
373	   Section 5.1.  A Location Request message from a Device indicates
374	   whether location in the form of a PIDF-LO document (with specific
375	   type(s) of location) and/or Location URI(s) should be returned.  The
376	   LIS replies with a locationResponse message, including a PIDF-LO
377	   document and/or one or more Location URIs in case of success.  In the
378	   case of an error, the LIS replies with an error message.

380	   A MIME type "application/held+xml" is registered in Section 11.3 to
381	   distinguish HELD messages from other XML document bodies.  This
382	   specification follows the recommendations and conventions described
383	   in [RFC3023], including the naming convention of the type ('+xml'
384	   suffix) and the usage of the 'charset' parameter.

386	   Section 6 contains a more thorough description of the protocol
387	   parameters, valid values, and how each should be handled.  Section 7
388	   contains a more specific definition of the structure of these
389	   messages in the form of an XML Schema [W3C.REC-xmlschema-1-20041028].

391	   This document describes the use of a combination of HTTP [RFC2616],
392	   TLS [RFC5246] and TCP [RFC0793] in Section 8.

394	5.1.  Location Request

396	   A location request message is sent from the Device to the LIS when
397	   the Device requires its own LI.  The type of LI that a Device
398	   requests is determined by the type of LI that is included in the
399	   "locationType" element.

401	   The location request is made by sending a document formed of a
402	   "locationRequest" element.  The LIS uses the source IP address of the
403	   location request message as the primary source of identity for the
404	   requesting device or target.  It is anticipated that other Device
405	   identities may be provided through schema extensions.

407	   The LIS MUST ignore any part of a location request message that it
408	   does not understand, except the document element.  If the document
409	   element of a request is not supported, the LIS MUST return an error
410	   with the unsupportedMessage error code.

412	5.2.  Location Response

414	   A successful response to a location request MUST contain a PIDF-LO
415	   and/or location URI(s).  The response SHOULD contain location
416	   information of the requested "locationType".  The cases whereby a
417	   different type of location information MAY be returned are described
418	   in Section 6.2.

420	5.3.  Indicating Errors

422	   If the LIS is unable to provide location information based on the
423	   received locationRequest message, it MUST return an error message.
424	   The LIS may return an error message in response to requests for any
425	   "locationType".

427	   An error indication document consists of an "error" element.  The
428	   "error" element MUST include a "code" attribute that indicates the
429	   type of error.  A set of predefined error codes are included in
430	   Section 6.3.

432	   Error responses MAY also include a "message" attribute that can
433	   include additional information.  This information SHOULD be for
434	   diagnostic purposes only, and MAY be in any language.  The language
435	   of the message SHOULD be indicated with an "xml:lang" attribute.

437	6.  Protocol Parameters

439	   This section describes in detail the parameters that are used for
440	   this protocol.  Table 1 lists the top-level components used within
441	   the protocol and where they are mandatory or optional for each of the
442	   messages.

444	   +----------------+----------------+----------------+----------------+
445	   | Parameter      |    Location    |    Location    |      Error     |
446	   |                |     Request    |    Response    |                |
447	   +----------------+----------------+----------------+----------------+
448	   | responseTime   |        o       |                |                |
449	   | (Section 6.1)  |                |                |                |
450	   | locationType   |        o       |                |                |
451	   | (Section 6.2)  |                |                |                |
452	   | code           |                |                |        m       |
453	   | (Section 6.3)  |                |                |                |
454	   | message        |                |                |        o       |
455	   | (Section 6.4)  |                |                |                |
456	   | locationUriSet |                |        o       |                |
457	   | (Section 6.5)  |                |                |                |
458	   | Presence       |                |        o       |                |
459	   | (PIDF-LO)      |                |                |                |
460	   | (Section 6.6)  |                |                |                |
461	   +----------------+----------------+----------------+----------------+

463	                     Table 1: Message Parameter Usage

465	6.1.  "responseTime" Parameter

467	   The "responseTime" attribute MAY be included in a location request
468	   message.  The "responseTime" attribute includes a time value
469	   indicating to the LIS how long the Device is prepared to wait for a
470	   response or a purpose for which the Device needs the location.

472	   In the case of emergency services, the purpose of obtaining the LI
473	   could be either for routing a call to the appropriate Public Safety
474	   Answering Point (PSAP) or indicating the location to which responders
475	   should be dispatched.  The values defined for the purpose,
476	   "emergencyRouting" and "emergencyDispatch", will likely be governed
477	   by jurisdictional policies, and should be configurable on the LIS.

479	   The time value in the "responseTime" attribute is expressed as a non-
480	   negative integer in units of milliseconds.  The time value is
481	   indicative only and the LIS is under no obligation to strictly adhere
482	   to the time limit implied; any enforcement of the time limit is left
483	   to the requesting Device.  The LIS provides the most accurate LI that
484	   can be determined within the specified interval for the specific
485	   service.

487	   The LIS may use the value of the time in the "responseTime" attribute
488	   as input when selecting the method of location determination, where
489	   multiple such methods exist.  If the "responseTime" attribute is
490	   absent, then the LIS should return the most precise LI it is capable
491	   of determining, with the time interval being implementation
492	   dependent.

494	6.2.  "locationType" Parameter

496	   The "locationType" element MAY be included in a location request
497	   message.  It contains a list of LI types that are requested by the
498	   Device.  The following list describes the possible values:

500	   any:  The LIS SHOULD attempt to provide LI in all forms available to
501	      it.
502	   geodetic:  The LIS SHOULD return a location by value in the form of a
503	      geodetic location for the Target.
504	   civic:  The LIS SHOULD return a location by value in the form of a
505	      civic address for the Target.
506	   locationURI:  The LIS SHOULD return a set of location URIs for the
507	      Target.

509	   The LIS SHOULD return the requested location type or types.  The
510	   location types the LIS returns also depend on the setting of the
511	   optional "exact" attribute.  If the "exact" attribute is set to
512	   "true" then the LIS MUST return either the requested location type or
513	   provide an error response.  The "exact" attribute does not apply (is
514	   ignored) for a request for a location type of "any".  Further detail
515	   of the "exact" attribute processing is provided in the following
516	   Section 6.2.1.

518	   In the case of a request for specific locationType(s) and the "exact"
519	   attribute is false, the LIS MAY provide additional location types, or
520	   it MAY provide alternative types if the request cannot be satisfied
521	   for a requested location type.  The "SHOULD"-strength requirements on
522	   this parameter for specific location types are included to allow for
523	   soft-failover.  This enables a fixed client configuration that
524	   prefers a specific location type without causing location requests to
525	   fail when that location type is unavailable.  For example, a notebook
526	   computer could be configured to retrieve civic addresses, which is
527	   usually available from typical home or work situations.  However,
528	   when using a wireless modem, the LIS might be unable to provide a
529	   civic address and thus provides a geodetic address.

531	   The LIS SHOULD return location information in a form that is suited
532	   for routing and responding to an emergency call in its jurisdiction,
533	   specifically by value.  The LIS MAY alternatively or additionally
534	   return a location URI.  If the "locationType" element is absent, a
535	   value of "any" MUST be assumed as the default.  A location URI
536	   provided by the LIS is a reference to the most current available LI
537	   and is not a stable reference to a specific location.

539	   It should be noted that the protocol does not support a request to
540	   just receive one of a subset of location types.  For example, in the
541	   case where a Device has a preference for just "geodetic" or "civic",
542	   it is necessary to make the request without an "exact" attribute,
543	   including both location types.  In this case, if neither is available
544	   a LIS SHOULD return a locationURI if available.

546	   The LIS SHOULD provide the locations in the response in the same
547	   order in which they were included in the "locationType" element in
548	   the request.  Indeed, the primary advantage of including specific
549	   location types in a request when the "exact" attribute is set to
550	   "false" is to ensure that one receives the available locations in a
551	   specific order.  For example, a locationRequest for "civic" could
552	   yield any of the following location types in the response:

554	   o  civic
555	   o  civic, geodetic
556	   o  civic, locationURI
557	   o  civic, geodetic, locationURI
558	   o  civic, locationURI, geodetic
559	   o  geodetic, locationURI (only if civic is not available)
560	   o  locationURI, geodetic (only if civic is not available)
561	   o  geodetic (only if civic is not available)
562	   o  locationURI (only if civic is not available)

564	   For the example above, if the "exact" attribute was "true", then the
565	   only possible response is either a "civic" location or an error
566	   message.

568	6.2.1.  "exact" Attribute

570	   The "exact" attribute MAY be included in a location request message
571	   when the "locationType" element is included.  When the "exact"
572	   attribute is set to "true", it indicates to the LIS that the contents
573	   of the "locationType" parameter MUST be strictly followed.  The
574	   default value of "false" allows the LIS the option of returning
575	   something beyond what is specified, such as a set of location URIs
576	   when only a civic location was requested.

578	   A value of "true" indicates that the LIS MUST provide a location of
579	   the requested type or types or MUST provide an error.  The LIS MUST
580	   provide the requested types only.  The LIS MUST handle an exact
581	   request that includes a "locationType" element set to "any" as if the
582	   "exact" attribute were set to "false".

584	6.3.  "code" Parameter

586	   All "error" responses MUST contain a response code.  All errors are
587	   application-level errors, and MUST only be provided in successfully
588	   processed transport-level responses.  For example where HTTP/HTTPS is
589	   used as the transport, HELD error messages MUST be carried by a 200
590	   OK HTTP/HTTPS response.

592	   The value of the response code MUST be an IANA-registered value.  The
593	   following tokens are registered by this document:

595	   requestError:  This code indicates that the request was badly formed
596	      in some fashion (other than the XML content).
597	   xmlError:  This code indicates that the XML content of the request
598	      was either badly formed or invalid.
599	   generalLisError:  This code indicates that an unspecified error
600	      occurred at the LIS.
601	   locationUnknown:  This code indicates that the LIS could not
602	      determine the location of the Device.  The same request can be
603	      sent by the Device at a later time.  Devices MUST limit any
604	      attempts to retry requests.
605	   unsupportedMessage:  This code indicates that an element in the XML
606	      document for the request, was not supported or understood by the
607	      LIS.  This error code is used when a HELD request contains a
608	      document element that is not supported by the receiver.
609	   timeout:  This code indicates that the LIS could not satisfy the
610	      request within the time specified in the "responseTime" parameter.
611	   cannotProvideLiType:  This code indicates that the LIS was unable to
612	      provide LI of the type or types requested.  This code is used when
613	      the "exact" attribute on the "locationType" parameter is set to
614	      "true".
615	   notLocatable:  This code indicates that the LIS is unable to locate
616	      the Device, and that the Device MUST NOT make further attempts to
617	      retrieve LI from this LIS.  This error code is used to indicate
618	      that the Device is outside the access network served by the LIS;
619	      for instance, the VPN and NAT scenarios discussed in
620	      Section 4.1.2.

622	6.4.  "message" Parameter

624	   The "error" message MAY include one or more "message" attributes to
625	   convey some additional, human-readable information about the result
626	   of the request.  The message MAY be included in any language, which
627	   SHOULD be indicated by the "xml:lang", attribute.  The default
628	   language is assumed to be English ("en") [I-D.ietf-ltru-4646bis].

630	6.5.  "locationUriSet" Parameter

632	   The "locationUriSet" element, received in a "locationResponse"
633	   message MAY contain any number of "locationURI" elements.  It is
634	   RECOMMENDED that the LIS allocate a Location URI for each scheme that
635	   it supports and that each scheme is present only once.  URI schemes
636	   and their secure variants, such as http and https, MUST be regarded
637	   as two separate schemes.

639	   If a "locationUriSet" element is received in a "locationResponse"
640	   message, it MUST contain an "expires" attribute, which defines the
641	   length of time for which the set of "locationURI" elements are valid.

643	6.5.1.  "locationURI" Parameter

645	   The "locationURI" element includes a single Location URI.  In order
646	   for a URI of any particular scheme to be included in a response,
647	   there MUST be a specification that defines how that URI can be used
648	   to retrieve location information.  The details of the protocol for
649	   dereferencing must meet the location dereference protocol
650	   requirements as specified in [I-D.ietf-geopriv-lbyr-requirements] and
651	   are outside the scope of this base HELD specification.

653	   Each Location URI that is allocated by the LIS is unique to the
654	   device that is requesting it.  At the time the location URI is
655	   provided in the response, there is no binding to a specific location
656	   type and the location URI is totally independent of the specific type
657	   of location it might reference.  The specific location type is
658	   determined at the time of dereference.

660	   A "locationURI" SHOULD NOT contain any information that could be used
661	   to identify the Device or Target.  Thus, it is RECOMMENDED that the
662	   "locationURI" element contain a public address for the LIS and an
663	   anonymous identifier, such as a local identifier or unlinked
664	   pseudonym.

666	   When a LIS returns a "locationURI" element to a Device, the policy on
667	   the "locationURI" is set by the LIS alone.  This specification does
668	   not include a mechanism for the HELD client to set access control
669	   policies on a "locationURI".  Conversely, there is no mechanism, in
670	   this protocol as defined in this document, for the LIS to provide a
671	   Device the access control policy to be applied to a "locationURI".
672	   Since the Device is not aware of the access controls to be applied to
673	   (subsequent) requests to dereference a "locationURI", the client
674	   SHOULD protect a "locationURI" as if it were a Location Object -
675	   i.e., the Device SHOULD send a "locationURI" over encrypted channels,
676	   and only to entities that are authorized to have access to the
677	   location.

679	   Further guidelines to ensure the privacy and confidentiality of the
680	   information contained in the "locationResponse" message, including
681	   the "locationURI", are included in Section 9.3.

683	6.5.2.  "expires" Parameter

685	   The "expires" attribute is only included in a "locationResponse"
686	   message when a "locationUriSet" element is included.  The "expires"
687	   attribute indicates the date/time at which the Location URIs provided
688	   by the LIS will expire.  The "expires" attribute does not define the
689	   length of time a location received by dereferencing the location URI
690	   will be valid.  The "expires" attribute is RECOMMENDED not to exceed
691	   24 hours and SHOULD be a minimum of 30 minutes.

693	   All date-time values used in HELD MUST be expressed in Universal
694	   Coordinated Time (UTC) using the Gregorian calendar.  XML Schema
695	   allows use of time zone identifiers to indicate offsets from the zero
696	   meridian, but this option MUST NOT be used with HELD.  The extended
697	   date-time form using upper case "T" and "Z" characters defined in
698	   [W3C.REC-xmlschema-2-20041028] MUST be used to represent date-time
699	   values.

701	   Location responses that contain a "locationUriSet" element MUST
702	   include the expiry time in the "expires" attribute.  If a Device
703	   dereferences a location URI after the expiry time, the dereference
704	   SHOULD fail.

706	6.6.  "Presence" Parameter (PIDF-LO)

708	   A single "presence" parameter MAY be included in the
709	   "locationResponse" message when specific locationTypes (e.g.,
710	   "geodetic" or "civic") are requested or a "locationType" of "any" is
711	   requested.  The LIS MUST follow the subset of the rules relating to
712	   the construction of the "location-info" element in the PIDF-LO Usage
713	   Clarification, Considerations and Recommendations document [RFC5491]
714	   in generating the PIDF-LO for the presence parameter.

716	   The LIS MUST NOT include any means of identifying the Device in the
717	   PIDF-LO unless it is able to verify that the identifier is correct
718	   and inclusion of identity is expressly permitted by a Rule Maker.
719	   Therefore, PIDF parameters that contain identity are either omitted
720	   or contain unlinked pseudonyms [RFC3693].  A unique, unlinked
721	   presentity URI SHOULD be generated by the LIS for the mandatory
722	   presence "entity" attribute of the PIDF document.  Optional
723	   parameters such as the "contact" element and the "deviceID" element
724	   [RFC4479] are not used.

726	   Note that the presence parameter is not explicitly shown in the XML
727	   schema in Section 7 for a location response message, due to XML
728	   schema constraints, since PIDF is already defined and registered
729	   separately.  Thus, the "##other" namespace serves as a placeholder
730	   for the presence parameter in the schema.

732	7.  XML Schema

734	   This section gives the XML Schema Definition
735	   [W3C.REC-xmlschema-1-20041028], [W3C.REC-xmlschema-2-20041028] of the
736	   "application/held+xml" format.  This is presented as a formal
737	   definition of the "application/held+xml" format.  Note that the XML
738	   Schema definition is not intended to be used with on-the-fly
739	   validation of the presence XML document.  Whitespaces are included in
740	   the schema to conform to the line length restrictions of the RFC
741	   format without having a negative impact on the readability of the
742	   document.  Any conforming processor should remove leading and
743	   trailing white spaces.

745	  <?xml version="1.0"?>
746	  <xs:schema
747	      targetNamespace="urn:ietf:params:xml:ns:geopriv:held"
748	      xmlns:xs="http://www.w3.org/2001/XMLSchema"
749	      xmlns:held="urn:ietf:params:xml:ns:geopriv:held"
750	      xmlns:xml="http://www.w3.org/XML/1998/namespace"
751	      elementFormDefault="qualified"
752	      attributeFormDefault="unqualified">

754	    <xs:annotation>
755	      <xs:documentation>
756	        This document (RFC xxxx) defines HELD messages.
757	        <!-- [[NOTE TO RFC-EDITOR: Please replace XXXX
758	             with the RFC number for this specification.]] -->
759	      </xs:documentation>
760	    </xs:annotation>

762	    <xs:import namespace="http://www.w3.org/XML/1998/namespace"/>

764	    <!-- Return Location -->
765	    <xs:complexType name="returnLocationType">
766	      <xs:complexContent>
767	        <xs:restriction base="xs:anyType">
768	          <xs:sequence>
769	            <xs:element name="locationURI" type="xs:anyURI"
770	                        maxOccurs="unbounded"/>
771	          </xs:sequence>
772	          <xs:attribute name="expires" type="xs:dateTime"
773	                        use="required"/>
774	        </xs:restriction>
775	      </xs:complexContent>
776	    </xs:complexType>

778	    <!-- responseTime Type -->
779	    <xs:simpleType name="responseTimeType">
780	      <xs:union>
781	        <xs:simpleType>
782	          <xs:restriction base="xs:token">
783	            <xs:enumeration value="emergencyRouting"/>
784	            <xs:enumeration value="emergencyDispatch"/>
785	          </xs:restriction>
786	        </xs:simpleType>
787	        <xs:simpleType>
788	          <xs:restriction base="xs:nonNegativeInteger">
789	            <xs:minInclusive value="0"/>
790	          </xs:restriction>
791	        </xs:simpleType>
792	      </xs:union>
793	    </xs:simpleType>

795	    <!-- Location Type -->
796	    <xs:simpleType name="locationTypeBase">
797	      <xs:union>
798	        <xs:simpleType>
799	          <xs:restriction base="xs:token">
800	            <xs:enumeration value="any"/>
801	          </xs:restriction>
802	        </xs:simpleType>
803	        <xs:simpleType>
804	          <xs:restriction base="held:locationTypeList">
805	            <xs:minLength value="1"/>
806	          </xs:restriction>
807	        </xs:simpleType>
808	      </xs:union>
809	    </xs:simpleType>

811	    <xs:simpleType name="locationTypeList">
812	      <xs:list>
813	        <xs:simpleType>
814	          <xs:restriction base="xs:token">
815	            <xs:enumeration value="civic"/>
816	            <xs:enumeration value="geodetic"/>
817	            <xs:enumeration value="locationURI"/>
818	          </xs:restriction>
819	        </xs:simpleType>

821	      </xs:list>
822	    </xs:simpleType>

824	    <xs:complexType name="locationTypeType">
825	      <xs:simpleContent>
826	        <xs:extension base="held:locationTypeBase">
827	          <xs:attribute name="exact" type="xs:boolean"
828	                        use="optional" default="false"/>
829	        </xs:extension>
830	      </xs:simpleContent>
831	    </xs:complexType>

833	    <!-- Message Definitions -->
834	    <xs:complexType name="baseRequestType">
835	      <xs:complexContent>
836	        <xs:restriction base="xs:anyType">
837	          <xs:sequence/>
838	          <xs:attribute name="responseTime" type="held:responseTimeType"
839	                        use="optional"/>
840	          <xs:anyAttribute namespace="##any" processContents="lax"/>
841	        </xs:restriction>
842	      </xs:complexContent>
843	    </xs:complexType>

845	    <xs:complexType name="errorType">
846	      <xs:complexContent>
847	        <xs:restriction base="xs:anyType">
848	          <xs:sequence>
849	            <xs:element name="message" type="held:errorMsgType"
850	                        minOccurs="0" maxOccurs="unbounded"/>
851	            <xs:any namespace="##other" processContents="lax"
852	                    minOccurs="0" maxOccurs="unbounded"/>
853	          </xs:sequence>
854	          <xs:attribute name="code" type="xs:token"
855	                        use="required"/>
856	          <xs:anyAttribute namespace="##any" processContents="lax"/>
857	        </xs:restriction>
858	      </xs:complexContent>
859	    </xs:complexType>

861	    <xs:complexType name="errorMsgType">
862	      <xs:simpleContent>
863	        <xs:extension base="xs:token">
864	          <xs:attribute ref="xml:lang"/>
865	          <xs:anyAttribute namespace="##any" processContents="lax"/>
866	        </xs:extension>
867	      </xs:simpleContent>
868	    </xs:complexType>
869	    <xs:element name="error" type="held:errorType"/>

871	    <!-- Location Response -->
872	    <xs:complexType name="locationResponseType">
873	      <xs:complexContent>
874	        <xs:restriction base="xs:anyType">
875	          <xs:sequence>
876	            <xs:element name="locationUriSet"
877	                        type="held:returnLocationType"
878	                        minOccurs="0"/>
879	            <xs:any namespace="##other" processContents="lax"
880	                    minOccurs="0" maxOccurs="unbounded"/>
881	          </xs:sequence>
882	        </xs:restriction>
883	      </xs:complexContent>
884	    </xs:complexType>

886	    <xs:element name="locationResponse"
887	                type="held:locationResponseType"/>

889	    <!-- Location Request -->

891	    <xs:complexType name="locationRequestType">
892	      <xs:complexContent>
893	        <xs:extension base="held:baseRequestType">
894	          <xs:sequence>
895	            <xs:element name="locationType"
896	                        type="held:locationTypeType"
897	                        minOccurs="0"/>
898	            <xs:any namespace="##other" processContents="lax"
899	                    minOccurs="0" maxOccurs="unbounded"/>
900	          </xs:sequence>
901	        </xs:extension>
902	      </xs:complexContent>
903	    </xs:complexType>

905	    <xs:element name="locationRequest"
906	                type="held:locationRequestType"/>

908	  </xs:schema>

910	8.  HTTP Binding

912	   This section describes the use of HTTP [RFC2616] and HTTP Over TLS
913	   [RFC2818] as transport mechanisms for the HELD protocol, which a
914	   conforming LIS and Device MUST support.

916	   Although HELD uses HTTP as a transport, it uses a strict subset of
917	   HTTP features, and due to the restrictions of some features, a LIS is
918	   not a fully compliant HTTP server.  It is intended that a LIS can
919	   easily be built using an HTTP server with extensibility mechanisms,
920	   and that a HELD Device can trivially use existing HTTP libraries.
921	   This subset of requirements helps implementors avoid ambiguity with
922	   the many options the full HTTP protocol offers.

924	   A Device that conforms to this specification MAY choose not to
925	   support HTTP authentication [RFC2617] or cookies [RFC2965].  Because
926	   the Device and the LIS may not necessarily have a prior relationship,
927	   the LIS SHOULD NOT require a Device to authenticate, either using the
928	   above HTTP authentication methods or TLS client authentication.
929	   Unless all Devices that access a LIS can be expected to be able to
930	   authenticate in a certain fashion, denying access to location
931	   information could prevent a Device from using location-dependent
932	   services, such as emergency calling.  Extensions to this protocol
933	   might result in the addition of request parameters that a LIS might
934	   use to decide to request Device authentication.

936	   A HELD request is carried in the body of an HTTP POST request.  The
937	   Device MUST include a Host header in the request.

939	   The MIME type of HELD request and response bodies is
940	   "application/held+xml".  LIS and Device MUST provide this value in
941	   the HTTP Content-Type and Accept header fields.If the LIS does not
942	   receive the appropriate Content-Type and Accept header fields, the
943	   LIS SHOULD fail the request, returning a 406 (not acceptable)
944	   response.  HELD responses SHOULD include a Content-Length header.

946	   Devices MUST NOT use the "Expect" header or the "Range" header in
947	   HELD requests.  The LIS MAY return 501 (not implemented) errors if
948	   either of these HTTP features are used.  In the case that the LIS
949	   receives a request from the Device containing a If-* (conditional)
950	   header, the LIS SHOULD return a 412 (precondition failed) response.

952	   The POST method is the only method REQUIRED for HELD.  If a LIS
953	   chooses to support GET or HEAD, it SHOULD consider the kind of
954	   application doing the GET.  Since a HELD Device only uses a POST
955	   method, the GET or HEAD MUST be either an escaped URL (e.g., somebody
956	   found a URL in protocol traces or log files and fed it into their
957	   browser) or somebody doing testing/ debugging.  The LIS could provide
958	   information in the HELD response indicating that the URL corresponds
959	   to a LIS server and only responds to HELD POST requests or the LIS
960	   could instead try to avoid any leak of information by returning a
961	   very generic HTTP error message such as 404 (not found).

963	   The LIS populates the HTTP headers of responses so that they are
964	   consistent with the contents of the message.  In particular, the
965	   "CacheControl" header SHOULD be set to disable caching of any PIDF-LO
966	   document or Location URIs by HTTP intermediaries.  Otherwise, there
967	   is the risk of stale locations and/or the unauthorized disclosure of
968	   the LI.  This also allows the LIS to control any caching with the
969	   HELD "expires" parameter.  The HTTP status code MUST indicate a 2xx
970	   series response for all HELD locationResponse and HELD error
971	   messages.

973	   The LIS MAY redirect a HELD request.  A Device MUST handle redirects,
974	   by using the Location header provided by the server in a 3xx
975	   response.  When redirecting, the Device MUST observe the delay
976	   indicated by the Retry-After header.  The Device MUST authenticate
977	   the server that returns the redirect response before following the
978	   redirect, if a Device requires that the server is authenticated.  A
979	   Device SHOULD authenticate the LIS indicated in a redirect.

981	   The LIS SHOULD support persistent connections and request pipelining.
982	   If pipelining is not supported, the LIS MUST NOT allow persistent
983	   connections.  The Device MUST support termination of a response by
984	   the closing of a connection.

986	   Implementations of HELD that implement HTTP transport MUST implement
987	   transport over TLS [RFC2818].  TLS provides message integrity and
988	   confidentiality between Device and LIS.  The Device MUST implement
989	   the server authentication method described in Section 3.1 of
990	   [RFC2818], with an exception in how wildcards are handled.  The
991	   leftmost label MAY contain the wildcard string "*", which matches any
992	   single domain name label.  Additional characters in this leftmost
993	   label are invalid (that is, "f*.example.com" is not a valid name and
994	   does not match any domain name).

996	   The device uses the URI obtained during LIS discovery to authenticate
997	   the server.  The details of this authentication method are provided
998	   in section 3.1 of HTTPS [RFC2818].  When TLS is used, the Device
999	   SHOULD fail a request if server authentication fails, except in the
1000	   event of an emergency.

1002	9.  Security Considerations

1004	   HELD is a location acquisition protocol whereby the a client requests
1005	   its location from a LIS.  Specific requirements and security
1006	   considerations for location acquisition protocols are provided in
1007	   [I-D.ietf-geopriv-l7-lcp-ps].  An in-depth discussion of the security
1008	   considerations applicable to the use of Location URIs and by
1009	   reference provision of LI is included in

1011	   [I-D.ietf-geopriv-lbyr-requirements].

1013	   By using the HELD protocol, the client and the LIS expose themselves
1014	   to two types of risk:

1016	   Accuracy:  Client receives incorrect location information
1017	   Privacy:  An unauthorized entity receives location information

1019	   The provision of an accurate and privacy/confidentiality protected
1020	   location to the requestor depends on the success of five steps:

1022	      1.  The client must determine the proper LIS.
1023	      2.  The client must connect to the proper LIS.
1024	      3.  The LIS must be able to identify the device by its identifier
1025	      (IP Address).
1026	      4.  The LIS must be able to return the desired location.
1027	      5.  HELD messages must be transmitted unmodified between the LIS
1028	      and the client.

1030	   Of these, only the second, third and the fifth are within the scope
1031	   of this document.  The first step is based on either manual
1032	   configuration or on the LIS discovery defined in
1033	   [I-D.ietf-geopriv-lis-discovery], in which appropriate security
1034	   considerations are already discussed.  The fourth step is dependent
1035	   on the specific positioning capabilities of the LIS, and is thus
1036	   outside the scope of this document.

1038	9.1.  Assuring that the proper LIS has been contacted

1040	   This document assumes that the LIS to be contacted is identified
1041	   either by an IP address or a domain name, as is the case for a LIS
1042	   discovered as described in LIS Discovery
1043	   [I-D.ietf-geopriv-lis-discovery].  When the HELD transaction is
1044	   conducted using TLS [RFC5246], the LIS can authenticate its identity,
1045	   either as a domain name or as an IP address, to the client by
1046	   presenting a certificate containing that identifier as a
1047	   subjectAltName (i.e., as an iPAddress or dNSName, respectively).  In
1048	   the case of the HTTP binding described above, this is exactly the
1049	   authentication described by TLS [RFC2818].  If the client has
1050	   external information as to the expected identity or credentials of
1051	   the proper LIS (e.g., a certificate fingerprint), these checks MAY be
1052	   omitted.  Any binding of HELD MUST be capable of being transacted
1053	   over TLS so that the client can request the above authentication, and
1054	   a LIS implementation for a binding MUST include this feature.  Note
1055	   that in order for the presented certificate to be valid at the
1056	   client, the client must be able to validate the certificate.  In
1057	   particular, the validation path of the certificate must end in one of
1058	   the client's trust anchors, even if that trust anchor is the LIS
1059	   certificate itself.

1061	9.2.  Protecting responses from modification

1063	   In order to prevent that response from being modified en route,
1064	   messages must be transmitted over an integrity-protected channel.
1065	   When the transaction is being conducted over TLS (a required feature
1066	   per Section 9.1), the channel will be integrity protected by
1067	   appropriate ciphersuites.  When TLS is not used, this protection will
1068	   vary depending on the binding; in most cases, without protection from
1069	   TLS, the response will not be protected from modification en route.

1071	9.3.  Privacy and Confidentiality

1073	   Location information returned by the LIS must be protected from
1074	   access by unauthorized parties, whether those parties request the
1075	   location from the LIS or intercept it en route.  As in Section 9.2,
1076	   transactions conducted over TLS with appropriate ciphersuites are
1077	   protected from access by unauthorized parties en route.  Conversely,
1078	   in most cases, when not conducted over TLS, the response will be
1079	   accessible while en route from the LIS to the requestor.

1081	   Because HELD is an LCP and identifies clients and targets by IP
1082	   addresses, a requestor is authorized to access location for an IP
1083	   address only if it is the holder of that IP address.  The LIS MUST
1084	   verify that the client is the target of the returned location, i.e.,
1085	   the LIS MUST NOT provide location to other entities than the target.
1086	   Note that this is a necessary, but not sufficient criterion for
1087	   authorization.  A LIS MAY deny requests according to any local
1088	   policy.

1090	   A prerequisite for meeting this requirement is that the LIS must have
1091	   some assurance of the identity of the client.  Since the target of
1092	   the returned location is identified by an IP address, simply sending
1093	   the response to this IP address will provide sufficient assurance in
1094	   many cases.  This is the default mechanism in HELD for assuring that
1095	   location is given only to authorized clients; LIS implementations
1096	   MUST support a mode of operation in which this is the only client
1097	   authentication.

1099	   Using IP return routability as an authenticator means that location
1100	   information is vulnerable to exposure through IP address spoofing
1101	   attacks.  A temporary spoofing of IP address could mean that a device
1102	   c ould request a Location Object or Location URI that would result in
1103	   receiving another Device's location if the attacker is able to
1104	   receive packets sent to the spoofed address.  In addition, in cases
1105	   where a Device drops off the network for various reasons, the re-use
1106	   of the Device's IP address could result in another Device receiving
1107	   the original Device's location rather than its own location.  These
1108	   exposures are limited by the following:

1110	   o  Location URIs MUST have a limited lifetime, as reflected by the
1111	      value for the expires element in Section 6.5.2.  The lifetime of
1112	      location URIs necessarily depends on the nature of the access.
1113	   o  The LIS and network SHOULD be configured so that the LIS is made
1114	      aware of Device movement within the network and addressing
1115	      changes.  If the LIS detects a change in the network that results
1116	      in it no longer being able to determine the location of the
1117	      Device, then all location URIs for that Device SHOULD be
1118	      invalidated.

1120	   The above measures are dependent on network configuration, which
1121	   SHOULD be considered.  For instance, in a fixed internet access,
1122	   providers may be able to restrict the allocation of IP addresses to a
1123	   single physical line, ensuring that spoofing is not possible; in such
1124	   an environment, additional measures may not be necessary.

1126	10.  Examples

1128	   The following sections provide basic HTTP/HTTPS examples, a simple
1129	   location request example and a location request for multiple location
1130	   types example along with the relevant location responses.  To focus
1131	   on important portions of messages, the examples in Section 10.2 and
1132	   Section 10.3 do not show HTTP/HTTPS headers or the XML prologue.  In
1133	   addition, sections of XML not relevant to the example are replaced
1134	   with comments.

1136	10.1.   HTTPS Example Messages

1138	   The examples in this section show complete HTTP/HTTPS messages that
1139	   include the HELD request or response document.

1141	   This example shows the most basic request for a LO.  The POST
1142	   includes an empty "locationRequest" element.

1144	         POST /location HTTP/1.1
1145	         Host: lis.example.com:49152
1146	         Content-Type: application/held+xml;charset=utf-8
1147	         Content-Length: 87

1149	         <?xml version="1.0"?>
1150	         <locationRequest xmlns="urn:ietf:params:xml:ns:geopriv:held"/>

1152	   Since the above request does not include a "locationType" element,
1153	   the successful response to the request may contain any type of
1154	   location.  The following shows a response containing a minimal
1155	   PIDF-LO.

1157	   HTTP/1.1 200 OK
1158	   Server: Example LIS
1159	   Date: Tue, 10 Jan 2006 03:42:29 GMT
1160	   Expires: Tue, 10 Jan 2006 03:42:29 GMT
1161	   Cache-control: private
1162	   Content-Type: application/held+xml;charset=utf-8
1163	   Content-Length: 856

1165	   <?xml version="1.0"?>
1166	    <locationResponse xmlns="urn:ietf:params:xml:ns:geopriv:held">
1167	     <presence xmlns="urn:ietf:params:xml:ns:pidf"
1168	      entity="pres:3650n87934c@ls.example.com">
1169	      <tuple id="b650sf789nd">
1170	       <status>
1171	        <geopriv xmlns="urn:ietf:params:xml:ns:pidf:geopriv10">
1172	         <location-info>
1173	          <Point xmlns="http://www.opengis.net/gml"
1174	           srsName="urn:ogc:def:crs:EPSG::4326">
1175	           <pos>-34.407 150.88001</pos>
1176	          </Point>
1177	         </location-info>
1178	         <usage-rules
1179	          xmlns:gbp="urn:ietf:params:xml:ns:pidf:geopriv10:basicPolicy">
1180	          <gbp:retention-expiry>2006-01-11T03:42:28+00:00
1181	          </gbp:retention-expiry>
1182	         </usage-rules>
1183	         <method>Wiremap</method>
1184	        </geopriv>
1185	       </status>
1186	       <timestamp>2006-01-10T03:42:28+00:00</timestamp>
1187	      </tuple>
1188	     </presence>
1189	    </locationResponse>

1191	   The error response to the request is an error document.  The
1192	   following response shows an example error response.

1194	         HTTP/1.1 200 OK
1195	         Server: Example LIS
1196	         Expires: Tue, 10 Jan 2006 03:49:20 GMT
1197	         Cache-control: private
1198	         Content-Type: application/held+xml;charset=utf-8
1199	         Content-Length: 182

1201	         <?xml version="1.0"?>
1202	         <error xmlns="urn:ietf:params:xml:ns:geopriv:held"
1203	            code="locationUnknown">
1204	           <message xml:lang="en">Unable to determine location
1205	           </message>
1206	         </error>

1208	10.2.  Simple Location Request Example

1210	   The location request shown below doesn't specify any location types
1211	   or response time.

1213	   <locationRequest xmlns="urn:ietf:params:xml:ns:geopriv:held"/>

1215	   The example response to this location request contains a list of
1216	   Location URIs.

1218	   <locationResponse xmlns="urn:ietf:params:xml:ns:geopriv:held">
1219	      <locationUriSet expires="2006-01-01T13:00:00.0Z">
1220	       <locationURI>https://ls.example.com:9768/357yc6s64ceyoiuy5ax3o
1221	       </locationURI>
1222	       <locationURI>sip:9769+357yc6s64ceyoiuy5ax3o@ls.example.com
1223	       </locationURI>
1224	     </locationUriSet>
1225	   </locationResponse>
1226	   An error response to this location request is shown below:

1228	         <error xmlns="urn:ietf:params:xml:ns:geopriv:held"
1229	                    code="locationUnknown"/>
1230	           <message="Location not available"
1231	           </message>
1232	         </error>

1234	10.3.  Location Request Example for Multiple Location Types

1236	   The following Location Request message includes a request for
1237	   geodetic, civic and any Location URIs.

1239	         <locationRequest xmlns="urn:ietf:params:xml:ns:geopriv:held">
1240	          <locationType exact="true">
1241	            geodetic
1242	            civic
1243	            locationURI
1244	          </locationType>
1245	          </locationRequest>

1247	   The corresponding Location Response message includes the requested
1248	   location information, including two location URIs.

1250	     <locationResponse xmlns="urn:ietf:params:xml:ns:geopriv:held">
1251	       <locationUriSet expires="2006-01-01T13:00:00.0Z">
1252	       <locationURI>https://ls.example.com:9768/357yc6s64ceyoiuy5ax3o
1253	       </locationURI>
1254	       <locationURI>sip:9769+357yc6s64ceyoiuy5ax3o@ls.example.com:
1255	       </locationURI>
1256	      </locationUriSet>
1257	      <presence xmlns="urn:ietf:params:xml:ns:pidf"
1258	        entity="pres:ae3be8585902e2253ce2@10.102.23.9">
1259	      <tuple id="lisLocation">
1260	       <status>
1261	        <geopriv xmlns="urn:ietf:params:xml:ns:pidf:geopriv10">
1262	        <location-info>
1263	         <gs:Circle xmlns:gs="http://www.opengis.net/pidflo/1.0"
1264	           xmlns:gml="http://www.opengis.net/gml"
1265	           srsName="urn:ogc:def:crs:EPSG::4326">
1266	          <gml:pos>-34.407242 150.882518</gml:pos>
1267	          <gs:radius uom="urn:ogc:def:uom:EPSG::9001">30
1268	          </gs:radius>
1269	         </gs:Circle>
1270	         <ca:civicAddress
1271	           xmlns:ca="urn:ietf:params:xml:ns:pidf:geopriv10:civicAddr"
1272	           xml:lang="en-au">
1273	          <ca:country>AU</ca:country>
1274	          <ca:A1>NSW</ca:A1>
1275	          <ca:A3>Wollongong</ca:A3>
1276	          <ca:A4>Gwynneville</ca:A4>
1277	          <ca:STS>Northfield Avenue</ca:STS>
1278	          <ca:LMK>University of Wollongong</ca:LMK>
1279	          <ca:FLR>2</ca:FLR>
1280	          <ca:NAM>Andrew Corporation</ca:NAM>
1281	          <ca:PC>2500</ca:PC>
1282	          <ca:BLD>39</ca:BLD>
1283	          <ca:SEAT>WS-183</ca:SEAT>
1284	          <ca:POBOX>U40</ca:POBOX>
1285	        </ca:civicAddress>
1286	       </location-info>
1287	       <usage-rules
1288	         xmlns:gbp="urn:ietf:params:xml:ns:pidf:geopriv10:basicPolicy">
1289	        <gbp:retransmission-allowed>false
1290	        </gbp:retransmission-allowed>
1291	        <gbp:retention-expiry>2007-05-25T12:35:02+10:00
1292	        </gbp:retention-expiry>
1293	       </usage-rules>
1294	       <method>Wiremap</method>
1295	      </geopriv>
1296	     </status>
1297	     <timestamp>2007-05-24T12:35:02+10:00</timestamp>
1298	    </tuple>
1299	   </presence>
1300	   </locationResponse>

1302	11.  IANA Considerations

1304	   This document requires several IANA registrations detailed in the
1305	   following sections.

1307	11.1.  URN Sub-Namespace Registration for
1308	       urn:ietf:params:xml:ns:geopriv:held

1310	   This section registers a new XML namespace,
1311	   "urn:ietf:params:xml:ns:geopriv:held", per the guidelines in

1313	   [RFC3688].

1315	      URI: urn:ietf:params:xml:ns:geopriv:held
1316	      Registrant Contact: IETF, GEOPRIV working group,
1317	      (geopriv@ietf.org), Mary Barnes (mary.barnes@nortel.com).
1318	      XML:

1320	         BEGIN
1321	           <?xml version="1.0"?>
1322	           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
1323	             "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
1324	           <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
1325	             <head>
1326	               <title>HELD Messages</title>
1327	             </head>
1328	             <body>
1329	               <h1>Namespace for HELD Messages</h1>
1330	               <h2>urn:ietf:params:xml:ns:geopriv:held</h2>
1331	       [NOTE TO IANA/RFC-EDITOR: Please replace XXXX
1332	       with the RFC number for this specification.]
1333	               <p>See RFCXXXX</p>
1334	             </body>
1335	           </html>
1336	         END

1338	11.2.  XML Schema Registration

1340	   This section registers an XML schema as per the guidelines in
1341	   [RFC3688].

1343	   URI:  urn:ietf:params:xml:schema:geopriv:held
1344	   Registrant Contact:  IETF, GEOPRIV working group, (geopriv@ietf.org),
1345	      Mary Barnes (mary.barnes@nortel.com).
1346	   Schema:  The XML for this schema can be found as the entirety of
1347	      Section 7 of this document.

1349	11.3.  MIME Media Type Registration for 'application/held+xml'

1351	   This section registers the "application/held+xml" MIME type.

1353	   To:  ietf-types@iana.org
1354	   Subject:  Registration of MIME media type application/held+xml
1355	   MIME media type name:  application
1356	   MIME subtype name:  held+xml
1357	   Required parameters:  (none)
1358	   Optional parameters:  charset
1359	      Same as the charset parameter of "application/xml" as specified in
1360	      RFC 3023 [RFC3023], section 3.2.
1361	   Encoding considerations:  Same as the encoding considerations of
1362	      "application/xml" as specified in RFC 3023 [RFC3023], section 3.2.
1363	   Security considerations:  This content type is designed to carry
1364	      protocol data related to the location of an entity, which could
1365	      include information that is considered private.  Appropriate
1366	      precautions should be taken to limit disclosure of this
1367	      information.
1368	   Interoperability considerations:  This content type provides a basis
1369	      for a protocol
1370	   Published specification:  RFC XXXX [NOTE TO IANA/RFC-EDITOR: Please
1371	      replace XXXX with the RFC number for this specification.]
1372	   Applications which use this media type:  Location information
1373	      providers and consumers.
1374	   Additional Information:  Magic Number(s): (none)
1375	      File extension(s): .xml
1376	      Macintosh File Type Code(s): "TEXT"
1377	   Person & email address to contact for further information:  Mary
1378	      Barnes <mary.barnes@nortel.com>
1379	   Intended usage:  LIMITED USE
1380	   Author/Change controller:  The IETF
1381	   Other information:  This media type is a specialization of
1382	      application/xml [RFC3023], and many of the considerations
1383	      described there also apply to application/held+xml.

1385	11.4.  Error code Registry

1387	   This document requests that the IANA create a new registry for the
1388	   HELD protocol including an initial registry for error codes.  The
1389	   error codes are included in HELD error messages as described in
1390	   Section 6.3 and defined in the schema in the 'codeType' token in the
1391	   XML schema in (Section 7)

1393	   The following summarizes the requested registry:

1395	   Related Registry:   Geopriv HELD Registries, Error codes for HELD
1396	   Defining RFC:  RFC XXXX [NOTE TO IANA/RFC-EDITOR: Please replace XXXX
1397	      with the RFC number for this specification.]
1398	   Registration/Assignment Procedures:  Following the policies outlined
1399	      in [RFC5226], the IANA policy for assigning new values for the
1400	      Error codes for HELD shall be Standards Action: Values are
1401	      assigned only for Standards Track RFCs approved by the IESG.

1403	   Registrant Contact:  IETF, GEOPRIV working group, (geopriv@ietf.org),
1404	      Mary Barnes (mary.barnes@nortel.com).

1406	   This section pre-registers the following seven initial error codes as
1407	   described above in Section 6.3:

1409	   requestError:  This code indicates that the request was badly formed
1410	      in some fashion.
1411	   xmlError:  This code indicates that the XML content of the request
1412	      was either badly formed or invalid.
1413	   generalLisError:  This code indicates that an unspecified error
1414	      occurred at the LIS.
1415	   locationUnknown:  This code indicates that the LIS could not
1416	      determine the location of the Device.
1417	   unsupportedMessage:  This code indicates that the request was not
1418	      supported or understood by the LIS.  This error code is used when
1419	      a HELD request contains a document element that is not supported
1420	      by the receiver.
1421	   timeout:  This code indicates that the LIS could not satisfy the
1422	      request within the time specified in the "responseTime" parameter.
1423	   cannotProvideLiType:  This code indicates that the LIS was unable to
1424	      provide LI of the type or types requested.  This code is used when
1425	      the "exact" attribute on the "locationType" parameter is set to
1426	      "true".
1427	   notLocatable:  This code indicates that the LIS is unable to locate
1428	      the Device, and that the Device MUST NOT make further attempts to
1429	      retrieve LI from this LIS.  This error code is used to indicate
1430	      that the Device is outside the access network served by the LIS;
1431	      for instance, the VPN and NAT scenarios discussed in
1432	      Section 4.1.2.

1434	12.  Contributors

1436	   James Winterbottom, Martin Thomson and Barbara Stark are the authors
1437	   of the original document, from which this WG document was derived.
1438	   Their contact information is included in the Author's address
1439	   section.  In addition, they also contributed to the WG document,
1440	   including the XML schema.

1442	13.  Acknowledgements

1444	   The author/contributors would like to thank the participants in the
1445	   GEOPRIV WG and the following people for their constructive input and
1446	   feedback on this document (in alphabetical order): Nadine Abbott,
1447	   Bernard Aboba, Eric Arolick, Richard Barnes (in particular the
1448	   security section), Peter Blatherwick, Ben Campbell, Guy Caron, Eddy
1449	   Corbett, Martin Dawson, Lisa Dusseault, Robins George, Jerome
1450	   Grenier, Ted Hardie, Cullen Jennings, Neil Justusson, Tat Lam, Marc
1451	   Linsner, Patti McCalmont, Alexey Melnikov, Roger Marshall, Tim Polk,
1452	   Perry Prozeniuk, Carl Reed, Julian Reschke, Eric Rescorla, Dan
1453	   Romascanu, Brian Rosen, John Schnizlein, Shida Schubert, Henning
1454	   Schulzrinne, Ed Shrum, Doug Stuard, Hannes Tschofenig and Karl Heinz
1455	   Wolf.

1457	14.  Changes since last Version

1459	   NOTE TO THE RFC-Editor: Please remove this section prior to
1460	   publication as an RFC.

1462	   Changes from 15 to 16(IESG Review DISCUSSES/comments):

1464	   1) Editorial Clarifications.

1466	   2) Section 6.4 added explicit reference to draft-ietf-ltru-4646bis

1468	   3) Section 6.5.3/examples (Expiry Time): clarified the details (UTC/
1469	   Gregorian calendar) for the expiry time and updated examples to
1470	   include fractional seconds and trailing 'Z'.

1472	   4) Section 8: Clarified the usage of wildcards in the domain name for
1473	   server authentication.

1475	   5) Section 10.1: Fixed examples - added charset attribute to Content
1476	   Type and fixed lengths

1478	   6) Section 11.3 (IANA mime registration), replaced text for Optional
1479	   paramters and Encoding considerations with references to RFC 3023.
1480	   Fixed Macintosh File Type Code.

1482	   7) Updated location-conveyance reference to SIPCORE document.

1484	   Changes from 14 to 15(Gen-Art and IETF discussion ML comments post
1485	   3rd IETF LC):

1487	   1) Clarification around device support for cookies or basic/digest
1488	   authentication.

1490	   2)Additional text in section 6.3 (PIDF-LO) around the LIS including
1491	   (and not including) any information identifying the device in the
1492	   returned PIDF-LO.

1494	   3) As always, a few additional editorial changes and clarifications.

1496	   Changes from 13 to 14 (AD comments post 2nd IETF LC):

1498	   1) Section 4.3: Removed reference to location-dereference protocol
1499	   document.  Generalized statement wrt HELD not meeting all the lbyr
1500	   requirements (e.g., cancelling of location references).

1502	   2) Removed section 5.1 (Delivery Protocol) and just left the
1503	   statement that this document describes the use of HTTP and that HELD
1504	   is an application layer protocol.

1506	   3) Section 6.1: "the LIS should provide the most accurate LI" -> "the
1507	   LIS provides the most accurate LI" to avoid the inference of a
1508	   normative requirement.

1510	   4) Section 6.3: clarified "locationUnknown" error code.

1512	   5) Section 6.4: changed text to indication that errors can contain
1513	   multiple "message" parameters to accommodate errors in different
1514	   languages.

1516	   6) Section 7 : updated XML schema to reflect change in error message
1517	   to accommodate multiple "message" parameters.  Note, a few other
1518	   changes to XML schema based on "strict" validation.

1520	   7) Section 8: clarified that redirect should be authenticated if the
1521	   Device requires that the redirect server is authenticated.

1523	   8) Section 10:

1525	   - updated examples due to updates to XML schema

1527	   - removed empty POST example.

1529	   9) Section 11.4: Changed IANA registration for error codes from
1530	   "Specification Required" to "Standards Action"

1532	   10) Other minor clarifications.

1534	   Changes from WG 12 to 13 (Post-2nd WGLC):

1536	   1) Fixed editorial error in section 6.2 with regards to empty
1537	   "locationType" - error was introduced in 06 to 07 changes.

1539	   2) Added additional text in section 6.5.1 to improve security
1540	   associated with locationURIs.

1542	   3) Modified XML schema for errorType and responseType to allow an
1543	   attribute to be returned.  Also, added extensibility to errorType.

1545	   Changes from WG 11 to 12 (Post-2nd WGLC):

1547	   1) Expanded text in section 8 (HTTP binding) to provide more detail
1548	   about the requirements for an HTTP implementation supporting HELD.
1549	   Clarified the mandatory functionality and specific handling of other
1550	   functionality of HTTP.

1552	   2) Clarification in section 9.1 for clients that have external info
1553	   wrt the identity or credentials of the LIS.

1555	   3) More nits.

1557	   Changes from WG 10 to 11 (Post-2nd WGLC):

1559	   1) Added additional text around the scope and applicability of the
1560	   URI returned from LIS Discovery (section 4).

1562	   2) Removed HTTP GET - will always use POST.

1564	   3) Removed sentence wrt mobile devices in section 6.2.

1566	   4) Added specific recommendation for minimum value for expires in
1567	   section 6.5.2 (30 Minutes).

1569	   5) Remove reference to RFC 3704 (for IP address spoofing) in section
1570	   9.3 (bullet 2).

1572	   6) Clarified that both HTTP and HTTPS are allowed - changed last
1573	   bullet in section 5.1 from REQUIRES to RECOMMENDS.

1575	   7) Clarification wrt "presence" parameter in section 6.6 - a "single"
1576	   presence parameter may be included.

1578	   Changes from WG 09 to 10 (2nd WGLC):

1580	   1) Updated text for Devices and VPNs (section 4.1.1) to include
1581	   servers such as HTTP and SOCKs, thus changed the text to be generic
1582	   in terms of locating LIS before connecting to one of these servers,
1583	   etc.

1585	   2) Fixed (still buggy) HTTP examples.

1587	   3) Added text explaining the whitespaces in XML schema are for
1588	   readability/document format limitations and that they should be
1589	   handled via parser/schema validation.

1591	   4) Miscellaneous editorial nits
1592	   Changes from WG 08 to 09 (Post-IETF LC: continued resolution of sec-
1593	   dir and gen-art review comments, along with apps-area feedback):

1595	   1) Removed heldref/heldrefs URIs, including fixing examples (which
1596	   were buggy anyways).

1598	   2) Clarified text for locationURI - specifying that the deref
1599	   protocol must define or appropriately restrict and clarifying that
1600	   requirements for deref must be met and that deref details are out of
1601	   scope for this document.

1603	   3) Clarified text in security section for support of both HTTP/HTTPS.

1605	   4) Changed definition for Location Type to force the specification of
1606	   at least one location type.

1608	   Changes from WG 07 to 08 (IETF LC: sec-dir and gen-art review
1609	   comments):

1611	   1) Fix editorial nits: rearranging sections in 4.1 for readibility,
1612	   etc.

1614	   2) Added back text in Device and VPN section referencing DHCP and
1615	   LLDP-MED when a VPN device serves as a LIS.

1617	   3) Clarified the use of both HTTP and HTTPS.

1619	   4) Defined two URIs related to 3 respectively - divided IANA
1620	   registrations into sub-sections to accomodate this change.  (Note:
1621	   LIS Discovery will now define that URI, thus this document defines
1622	   the one associatied with a Location reference).

1624	   5) Clarified the description of the location URI in Protocol Overview
1625	   and Protocol parameter sections.  Note that these sections again
1626	   reference location dereference protocol for completeness and
1627	   clarification of issues that are out of scope for this base document.

1629	   6) Defined new error code: notLocatable.

1631	   7) Clarifications and corrections in security section.

1633	   8) Clarified text for locationType, specifically removing extra text
1634	   from "any" description and putting that in a separate paragraph.
1635	   Also, provided an example.

1637	   9) Added boundaries for "expires" parameter.

1639	   10) Clarified that the HELD protocol as defined by this document does
1640	   not allow for canceling location references.

1642	   Changes from WG 06 to 07 (PROTO review comments):

1644	   1) Fix nits: remove unused references, move requirements to
1645	   Informational References section, fix long line in ABNF, fix ABNF
1646	   (quotes around '?'), add schemaLocation to import namespace in XML
1647	   schema.

1649	   2) Remove text in Device and VPN section referencing DHCP and LLDP-
1650	   MED when a VPN device serves as a LIS, per Issue 1 resolution at
1651	   IETF-71.  (Editorial oversight in producing version 06).

1653	   Changes from WG 05 to 06 (2nd WGLC comments):

1655	   1) Updated security section based on WG feedback, including
1656	   condensing section 10.1.1 (Assuring the proper LIS has been
1657	   contacted), restructuring sections by flattening, adding an
1658	   additional step to the list that had been in the Accuracy section and
1659	   removing summary section.

1661	   2) Changed URI schema to "helds" to address concerns over referential
1662	   integrity and for consistency with mandate of TLS for HELD.

1664	   3) Editorial clarifications including fixing examples to match HELD
1665	   URI definition (e.g., adding port, adding randomness to URI examples,
1666	   etc.)

1668	   4) Updated references removing unused references and moving
1669	   requirements docs to Informational Reference section to avoid
1670	   downrefs.

1672	   Changes from WG 04 to 05 (WGLC comments):

1674	   1) Totally replaced the security section with the details provided by
1675	   Richard Barnes so that we don't need a reference to the location
1676	   security document.

1678	   2) Fixed error codes in schema to allow extensibility.  Change the
1679	   IANA registration to be "specification required".

1681	   3) Cleaned up the HELD: URI description, per comments from Martin and
1682	   James and partially addressing HELD-04 Issue 1.  Put the definition
1683	   in a separate section and clarified the applicability (to also
1684	   include being a results of the discovery process) and fixed examples.

1686	   4) Updated the LocationURI section to be more accurate, address
1687	   HELD-04 Issue 3, and include the reference to the new HELD:URI
1688	   section.  Also, fixed an error in the doc in that the top level parm
1689	   in the locationResponse is actually locationUriSet, which contains
1690	   any number of locationURI elements and the "expires" parameter.  So,
1691	   Table 1 was also updated and a new section for the LocationURISet was
1692	   added that includes the subsections for the "locationURI" and
1693	   "expires".  And, then clarified that "expires" applies to
1694	   "locationURISet" and not per "locationURI".

1696	   5) Editorial nits: pointed out offline by Richard (e.g., by-value ->
1697	   by value, by-reference -> by reference, etc.) and onlist by James and
1698	   Martin.  Please refer to the diff for a complete view of editorial
1699	   changes.

1701	   6) Added text in HTTP binding section to disable HTTP caching
1702	   (HELD-04 Issue 5 on the list).

1704	   Changes from WG 03 to 04:

1706	   1) Terminology: clarified in terminology section that "attribute" and
1707	   "element" are used in the strict XML sense and "parameter" is used as
1708	   a general protocol term Replaced term "HTTP delivery" with "HTTP
1709	   transport".  Still have two terms "HTTP transport" and "HTTP
1710	   binding", but those are consistent with general uses of HTTP.

1712	   2) Editorial changes and clarifications: per Roger Marshall's and
1713	   Eric Arolick's comments and subsequent WG mailing list discussion.

1715	   3) Changed normative language for describing expected and recommended
1716	   LIS behaviors to be non-normative recommendations in cases where the
1717	   protocol parameters were not the target of the discussion (e.g., we
1718	   can't prescribe to the LIS how it determines location or what it
1719	   defines to be an "accurate" location).

1721	   4) Clarified responseTime attribute (section 6.1).  Changed type from
1722	   "decimal" to "nonNegativeInteger" in XML schema (section 7)

1724	   5) Updated Table 1 in section 6 to only include top-level parameters
1725	   and fixed some errors in that table (i.e., code for locationResponse)
1726	   and adding PIDF-LO to the table.  Added a detailed section describing
1727	   PIDF-LO (section 6.6), moving some of the normative text in the
1728	   Protocol Overview to this section.

1730	   6) Added schema and description for locationURI to section 6.5.
1731	   Added IANA registration for HELD: URI schema.

1733	   7) Added IANA registry for error codes.

1735	   Changes from WG 02 to 03:

1737	   1) Added text to address concern over use of IP address as device
1738	   identifier, per long email thread - changes to section 3 (overview)
1739	   and section 4 (protocol overview).

1741	   2) Removed WSDL (section 8 updated, section 8.1 and 10.4 removed)

1743	   3) Added extensibility to baseRequestType in the schema (an oversight
1744	   from previous edits), along with fixing some other nits in schema
1745	   (section 7)

1747	   4) Moved discussion of Location URI from section 5.3 (Location
1748	   Response) to where it rightly belonged in Section 6.5 (Location URI
1749	   Parameter).

1751	   5) Clarified text for "expires" parameter (6.5.1) - it's an optional
1752	   parm, but required for LocationURIs

1754	   6) Clarified responseTime parameter: when missing, then the LCS
1755	   provides most precise LI, with the time required being implementation
1756	   specific.

1758	   7) Clarified that the MUST use in section 8 (HTTP binding) is a MUST
1759	   implement.

1761	   8) Updated references (removed unused/added new).

1763	   Changes from WG 01 to 02:

1765	   1) Updated Terminology to be consistent with WG agreements and other
1766	   documents (e.g., LCS -> LIS and removed duplicate terms).  In the
1767	   end, there are no new terms defined in this document.

1769	   2) Modified definition of responseTime to reflect WG consensus.

1771	   3) Removed jurisdictionalCivic and postalCivic locationTypes (leaving
1772	   just "civic").

1774	   4) Clarified text that locationType is optional.  Fixed table 1 and
1775	   text in section 5.2 (locationRequest description).  Text in section
1776	   6.2 (description of locationType element) already defined the default
1777	   to be "any".

1779	   5) Simplified error responses.  Separated the definition of error
1780	   response type from the locationResponse type thus no need for
1781	   defining an error code of "success".  This simplifies the schema and
1782	   processing.

1784	   6) Updated schema/examples for the above.

1786	   7) Updated Appendix A based on updates to requirements document,
1787	   specifically changes to A.1, A.3 and adding A.10.

1789	   8) Miscellaneous editorial clarifications.

1791	   Changes from WG 00 to 01:

1793	   1) heldResponse renamed to locationResponse.

1795	   2) Changed namespace references for the PIDF-LO geoShape in the
1796	   schema to match the agreed GML PIDF-LO Geometry Shape Application
1797	   Schema.

1799	   3) Removed "options" element - leaving optionality/extensibility to
1800	   XML mechanisms.

1802	   4) Changed error codes to be enumerations and not redefinitions of
1803	   HTTP response codes.

1805	   5) Updated schema/examples for the above and removed some remnants of
1806	   the context element.

1808	   6) Clarified the definition of "Location Information (LI)" to include
1809	   a reference to the location (to match the XML schema and provide
1810	   consistency of usage throughout the document).  Added an additional
1811	   statement in section 7.2 (locationType) to clarify that LCS MAY also
1812	   return a Location URI.

1814	   7) Modifed the definition of "Location Configuration Server (LCS)" to
1815	   be consistent with the current definiton in the requirements
1816	   document.

1818	   8) Updated Location Response (section 6.3) to remove reference to
1819	   context and discuss the used of a local identifier or unlinked
1820	   pseudonym in providing privacy/security.

1822	   9) Clarified that the source IP address in the request is used as the
1823	   identifier for the target/device for the HELD protocol as defined in
1824	   this document.

1826	   10) Miscellaneous editorial clarifications.

1828	15.  References
1829	15.1.  Normative References

1831	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
1832	              Requirement Levels", BCP 14, RFC 2119, March 1997.

1834	   [RFC5246]  Dierks, T. and E. Rescorla, "The Transport Layer Security
1835	              (TLS) Protocol Version 1.2", RFC 5246, August 2008.

1837	   [RFC2965]  Kristol, D. and L. Montulli, "HTTP State Management
1838	              Mechanism", RFC 2965, October 2000.

1840	   [RFC2616]  Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
1841	              Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
1842	              Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.

1844	   [RFC2818]  Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.

1846	   [RFC3688]  Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
1847	              January 2004.

1849	   [RFC5491]  Winterbottom, J., Thomson, M., and H. Tschofenig, "GEOPRIV
1850	              Presence Information Data Format Location Object (PIDF-LO)
1851	              Usage Clarification, Considerations, and Recommendations",
1852	              RFC 5491, March 2009.

1854	   [W3C.REC-xmlschema-1-20041028]
1855	              Maloney, M., Thompson, H., Mendelsohn, N., and D. Beech,
1856	              "XML Schema Part 1: Structures Second Edition", World Wide
1857	              Web Consortium Recommendation REC-xmlschema-1-20041028,
1858	              October 2004,
1859	              <http://www.w3.org/TR/2004/REC-xmlschema-1-20041028>.

1861	   [W3C.REC-xmlschema-2-20041028]
1862	              Malhotra, A. and P. Biron, "XML Schema Part 2: Datatypes
1863	              Second Edition", World Wide Web Consortium
1864	              Recommendation REC-xmlschema-2-20041028, October 2004,
1865	              <http://www.w3.org/TR/2004/REC-xmlschema-2-20041028>.

1867	   [I-D.ietf-geopriv-lis-discovery]
1868	              Thomson, M. and J. Winterbottom, "Discovering the Local
1869	              Location Information Server (LIS)",
1870	              draft-ietf-geopriv-lis-discovery-11 (work in progress),
1871	              May 2009.

1873	15.2.  Informative References

1875	   [RFC0793]  Postel, J., "Transmission Control Protocol", STD 7,
1876	              RFC 793, September 1981.

1878	   [RFC2617]  Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S.,
1879	              Leach, P., Luotonen, A., and L. Stewart, "HTTP
1880	              Authentication: Basic and Digest Access Authentication",
1881	              RFC 2617, June 1999.

1883	   [RFC3023]  Murata, M., St. Laurent, S., and D. Kohn, "XML Media
1884	              Types", RFC 3023, January 2001.

1886	   [RFC3693]  Cuellar, J., Morris, J., Mulligan, D., Peterson, J., and
1887	              J. Polk, "Geopriv Requirements", RFC 3693, February 2004.

1889	   [RFC3825]  Polk, J., Schnizlein, J., and M. Linsner, "Dynamic Host
1890	              Configuration Protocol Option for Coordinate-based
1891	              Location Configuration Information", RFC 3825, July 2004.

1893	   [LLDP-MED]
1894	              TIA, "ANSI/TIA-1057 Link Layer Discovery Protocol - Media
1895	              Endpoint Discovery".

1897	   [RFC3986]  Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
1898	              Resource Identifier (URI): Generic Syntax", STD 66,
1899	              RFC 3986, January 2005.

1901	   [I-D.ietf-ltru-4646bis]
1902	              Phillips, A. and M. Davis, "Tags for Identifying
1903	              Languages", draft-ietf-ltru-4646bis-23 (work in progress),
1904	              June 2009.

1906	   [RFC4479]  Rosenberg, J., "A Data Model for Presence", RFC 4479,
1907	              July 2006.

1909	   [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
1910	              IANA Considerations Section in RFCs", BCP 26, RFC 5226,
1911	              May 2008.

1913	   [I-D.ietf-geopriv-l7-lcp-ps]
1914	              Tschofenig, H. and H. Schulzrinne, "GEOPRIV Layer 7
1915	              Location Configuration Protocol; Problem Statement and
1916	              Requirements", draft-ietf-geopriv-l7-lcp-ps-10 (work in
1917	              progress), July 2009.

1919	   [I-D.ietf-geopriv-lbyr-requirements]
1920	              Marshall, R., "Requirements for a Location-by-Reference
1921	              Mechanism", draft-ietf-geopriv-lbyr-requirements-07 (work
1922	              in progress), February 2009.

1924	   [I-D.ietf-sipcore-location-conveyance]
1925	              Polk, J. and B. Rosen, "Location Conveyance for the
1926	              Session Initiation Protocol",
1927	              draft-ietf-sipcore-location-conveyance-01 (work in
1928	              progress), July 2009.

1930	Appendix A.  HELD Compliance to IETF LCP requirements

1932	   This appendix describes HELD's compliance to the requirements
1933	   specified in the [I-D.ietf-geopriv-l7-lcp-ps].

1935	A.1.  L7-1: Identifier Choice

1937	   "The L7 LCP MUST be able to carry different identifiers or MUST
1938	   define an identifier that is mandatory to implement.  Regarding the
1939	   latter aspect, such an identifier is only appropriate if it is from
1940	   the same realm as the one for which the location information service
1941	   maintains identifier to location mapping."

1943	   COMPLY

1945	   HELD uses the IP address of the location request message as the
1946	   primary source of identity for the requesting device or target.  This
1947	   identity can be used with other contextual network information to
1948	   provide a physical location for the Target for many network
1949	   deployments.  There may be network deployments where an IP address
1950	   alone is insufficient to identify a Target in a network.  However,
1951	   any necessary identity extensions for these networks is beyond the
1952	   scope of this document.

1954	A.2.  L7-2: Mobility Support

1956	   "The GEOPRIV Layer 7 Location Configuration Protocol MUST support a
1957	   broad range of mobility from devices that can only move between
1958	   reboots, to devices that can change attachment points with the impact
1959	   that their IP address is changed, to devices that do not change their
1960	   IP address while roaming, to devices that continuously move by being
1961	   attached to the same network attachment point."

1963	   COMPLY

1965	   Mobility support is inherently a characteristic of the access network
1966	   technology and HELD is designed to be access network agnostic.
1967	   Consequently HELD complies with this requirement.  In addition HELD
1968	   provides specific support for mobile environments by providing an
1969	   optional responseTime attribute in location request messages.
1970	   Wireless networks often have several different mechanisms at their
1971	   disposal for position determination (e.g.  Assisted GPS versus
1972	   location based on serving base station identity), each providing
1973	   different degrees of accuracy and taking different amounts of time to
1974	   yield a result.  The responseTime parameter provides the LIS with a
1975	   criterion which it can use to select a location determination
1976	   technique.

1978	A.3.  L7-3: ASP and Access Network Provider Relationship

1980	   "The design of the L7 LCP MUST NOT assume a business or trust
1981	   relationship between the Application Service Provider (ASP) and the
1982	   Access Network Provider.  Requirements for resolving a reference to
1983	   location information are not discussed in this document."

1985	   COMPLY

1987	   HELD describes a location acquisition protocol between a Device and a
1988	   LIS.  In the context of HELD, the LIS is within the Access Network.
1989	   Thus, HELD is independent of the business or trust relationship
1990	   between the Application Service Provider (ASP) and the Access Network
1991	   Provider.  Location acquisition using HELD is subject to the
1992	   restrictions described in Section 9.

1994	A.4.  L7-4: Layer 2 and Layer 3 Provider Relationship

1996	   "The design of the GEOPRIV Layer 7 Location Configuration Protocol
1997	   MUST assume that there is a trust and business relationship between
1998	   the L2 and the L3 provider.  The L3 provider operates the LIS and
1999	   needs to obtain location information from the L2 provider since this
2000	   one is closest to the end host.  If the L2 and L3 provider for the
2001	   same host are different entities, they cooperate for the purposes
2002	   needed to determine end system locations."

2004	   COMPLY

2006	   HELD was specifically designed with this model in mind and readily
2007	   allows itself to chaining requests between operators without a change
2008	   in protocol being required.  HELD is a webservices protocol which can
2009	   be bound to transports other than HTTP, such as BEEP.  Using a
2010	   protocol such as BEEP offers the option of high request throughput
2011	   over a dedicated connection between an L3 provider and an L2 provider
2012	   without incurring the serial restriction imposed by HTTP.  This is
2013	   less easy to do with protocols that do not decouple themselves from
2014	   the transport.

2016	A.5.  L7-5: Legacy Device Considerations

2018	   "The design of the GEOPRIV Layer 7 Location Configuration Protocol
2019	   MUST consider legacy residential NAT devices and NTEs in an DSL
2020	   environment that cannot be upgraded to support additional protocols,
2021	   for example to pass additional information through DHCP."

2023	   COMPLY

2025	   HELD is an application protocol and operates on top of IP.  A HELD
2026	   request from a host behind a residential NAT will traverse the NAT
2027	   acquiring the external address of the home router.  The location
2028	   provided to the host therefore will be the address of the home router
2029	   in this circumstance.  No changes are required to the home router in
2030	   order to support this function, HELD was designed specifically to
2031	   address this deployment scenario.

2033	A.6.  L7-6: VPN Awareness

2035	   "The design of the GEOPRIV Layer 7 Location Configuration Protocol
2036	   MUST assume that at least one end of a VPN is aware of the VPN
2037	   functionality.  In an enterprise scenario, the enterprise side will
2038	   provide the LIS used by the client and can thereby detect whether the
2039	   LIS request was initiated through a VPN tunnel."

2041	   COMPLY

2043	   HELD does not preclude a LIS on the far end of a VPN tunnel being
2044	   aware that the client request is occurring over that tunnel.  It also
2045	   does not preclude a client device from accessing a LIS serving the
2046	   local physical network and subsequently using the location
2047	   information with an application that is accessed over a VPN tunnel.

2049	A.7.  L7-7: Network Access Authentication

2051	   "The design of the GEOPRIV Layer 7 Location Configuration Protocol
2052	   MUST NOT assume prior network access authentication."

2054	   COMPLY

2056	   HELD makes no assumptions about prior network access authentication.
2057	   HELD strongly recommends the use of TLS with server-side certificates
2058	   for communication between the end-point and the LIS.  There is no
2059	   requirement for the end-point to authenticate with the LIS.

2061	A.8.  L7-8: Network Topology Unawareness

2063	   "The design of the GEOPRIV Layer 7 Location Configuration Protocol
2064	   MUST NOT assume end systems being aware of the access network
2065	   topology.  End systems are, however, able to determine their public
2066	   IP address(es) via mechanisms such as STUN or NSIS NATFW NSLP."

2068	   COMPLY
2069	   HELD makes no assumption about the network topology.  HELD doesn't
2070	   require that the device know its external IP address, except where
2071	   that is required for discovery of the LIS.

2073	A.9.  L7-9: Discovery Mechanism

2075	   "The L7 LCP MUST define a single mandatory to implement discovery
2076	   mechanism."

2078	   COMPLY

2080	   HELD uses the discovery mechanism in
2081	   [I-D.ietf-geopriv-lis-discovery].

2083	A.10.  L7-10: PIDF-LO Creation

2085	   "When a LIS creates a PIDF-LO per RFC 4119 then it MUST put the
2086	   <geopriv> element into the <device> element of the presence document
2087	   (see RFC 4479).  This ensures that the resulting PIDF-LO document,
2088	   which is subsequently distributed to other entities, conforms to the
2089	   rules outlined in ". [RFC5491]

2091	   COMPLY

2093	   HELD protocol overview (Section 4 ) describes the requirements on the
2094	   LIS in creating the PIDF-LO and prescribes that the PIDF-LO generated
2095	   by the LIS MUST conform to [RFC5491].

2097	Authors' Addresses

2099	   Mary Barnes (editor)
2100	   Nortel
2101	   2201 Lakeside Blvd
2102	   Richardson, TX
2103	   USA

2105	   Email: mary.barnes@nortel.com
2106	   James Winterbottom
2107	   Andrew
2108	   PO Box U40
2109	   Wollongong University Campus, NSW  2500
2110	   AU

2112	   Phone: +61 2 4221 2938
2113	   Email: james.winterbottom@andrew.com
2114	   URI:   http://www.andrew.com/

2116	   Martin Thomson
2117	   Andrew
2118	   PO Box U40
2119	   Wollongong University Campus, NSW  2500
2120	   AU

2122	   Phone: +61 2 4221 2915
2123	   Email: martin.thomson@andrew.com
2124	   URI:   http://www.andrew.com/

2126	   Barbara Stark
2127	   BellSouth
2128	   Room 7A43
2129	   725 W Peachtree St.
2130	   Atlanta, GA  30308
2131	   US

2133	   Email: barbara.stark@att.com