< draft-ietf-geopriv-reqs-03.txt   draft-ietf-geopriv-reqs-04.txt >
Internet Draft Jorge Cuellar Internet Draft Jorge Cuellar
Document: draft-ietf-geopriv-reqs-03.txt Siemens AG Document: draft-ietf-geopriv-reqs-04.txt Siemens AG
John B. Morris, Jr. John B. Morris, Jr.
Center for Democracy and Technology Center for Democracy and Technology
Deirdre Mulligan Deirdre Mulligan
Samuelson Law, Technology, and Public Privacy Clinic Samuelson Law, Technology, and Public Privacy Clinic
Jon Peterson Jon Peterson
NeuStar NeuStar
James Polk James Polk
Cisco Cisco
Expires in six months Mar 2003 Expires in six months Oct 2003
Geopriv requirements Geopriv requirements
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at line 233 skipping to change at line 233
Principal: The holder/subject of the credentials, e.g. a Principal: The holder/subject of the credentials, e.g. a
workstation user or a network server. workstation user or a network server.
Resolution: The fineness of detail that can be distinguished in Resolution: The fineness of detail that can be distinguished in
measured area. Applied to Geopriv this means the fineness of measured area. Applied to Geopriv this means the fineness of
area within provided, and closed, borders (ex. Latitude and area within provided, and closed, borders (ex. Latitude and
Longitude boundaries). Longitude boundaries).
Rule Holder: The entity that provides the rules associated with a Rule Holder: The entity that provides the rules associated with a
particular target for the distribution of location particular target for the distribution of location
information. It may either æpushÆ rules to a location server, information. It may either †pushË rules to a location server,
or a location server may æpullÆ rules from the Rule Holder. or a location server may †pullË rules from the Rule Holder.
Rule Maker: The authority that creates rules governing access to Rule Maker: The authority that creates rules governing access to
location information for a target (typically, this it the location information for a target (typically, this it the
target themselves). target themselves).
Rule, or Privacy Rule: A directive that regulates an entity's Rule, or Privacy Rule: A directive that regulates an entity's
activities with respect to location information, including the activities with respect to location information, including the
collection, use, disclosure, and retention of location collection, use, disclosure, and retention of location
information. information.
skipping to change at line 701 skipping to change at line 701
/ V \ / V \
/ Target Location \ / Target Location \
| Recipient | | Recipient |
| | | |
\ Rule Maker / \ Rule Maker /
\ / \ /
------------------- -------------------
In this scenario the GPS Device is both the AP and the LG. The In this scenario the GPS Device is both the AP and the LG. The
interaction occurs in a Trusted environment because it occurs in the interaction occurs in a Trusted environment because it occurs in the
Rule MakerÆs Device. Rule MakerËs Device.
SCENARIO 2: Cell Phone Roaming SCENARIO 2: Cell Phone Roaming
In this example, a cell phone is used outside its home service area In this example, a cell phone is used outside its home service area
(roaming). Also, the cell phone service provider (cell phone Corp 2) (roaming). Also, the cell phone service provider (cell phone Corp 2)
outsourced the accounting of cell phone usage. The cell phone is not outsourced the accounting of cell phone usage. The cell phone is not
GPS-enabled. Location is derived by the cell phone network in which GPS-enabled. Location is derived by the cell phone network in which
the Target and Device are roaming. When the Target wishes to use the Target and Device are roaming. When the Target wishes to use
the cell phone, cell phone Corp 1 (AP) provides the roaming service the cell phone, cell phone Corp 1 (AP) provides the roaming service
for the Target, which sends the raw data about usage (e.g., duration for the Target, which sends the raw data about usage (e.g., duration
of call, location ¡ roaming network, etc.) to cell phone Corp 2, the of call, location í roaming network, etc.) to cell phone Corp 2, the
home service provider. Cell phone Corp 2 submits the raw data to home service provider. Cell phone Corp 2 submits the raw data to
the accounting company, which processes the raw data for the the accounting company, which processes the raw data for the
accounting statements. Finally, the raw data is sent to a data accounting statements. Finally, the raw data is sent to a data
warehouse where the raw data is stored in a Location Server (e.g., warehouse where the raw data is stored in a Location Server (e.g.,
computer server). computer server).
Cuellar, Morris, Mulligan, Peterson, Polk 14 Cuellar, Morris, Mulligan, Peterson, Polk 14
Cell Phone Corp 1 Cell Phone Corp 2 Cell Phone Corp 1 Cell Phone Corp 2
----------------- ----------------- ----------------- -----------------
Sighting / \ Publish / \ Sighting / \ Publish / \
skipping to change at line 786 skipping to change at line 786
| Rule |--------------------->| Server + | | Rule |--------------------->| Server + |
| Maker | | Private | | Maker | | Private |
+----------+ |Rule Holder| +----------+ |Rule Holder|
+-----------+ +-----------+
^ | ^ |
3| |5 3| |5
| V | V
+----------+ +----------+
| Location | | Location |
| Recipient| | Recipient|
+----------+ +----------+
Assume that the Rule Maker and the Target are registered with the Assume that the Rule Maker and the Target are registered with the
Location Server. The RM has somehow proven to the LS that he indeed Location Server. The RM has somehow proven to the LS that he indeed
is the owner of the privacy rights of the Target (the Target is is the owner of the privacy rights of the Target (the Target is
usually a Device owned by the Rule Maker). The Rule Maker and the usually a Device owned by the Rule Maker). The Rule Maker and the
Location Server have agreed on the set of keys or credentials and Location Server have agreed on the set of keys or credentials and
cryptographic material that they will use to authenticate each cryptographic material that they will use to authenticate each
other, and in particular, to authenticate or sign the Rules. How other, and in particular, to authenticate or sign the Rules. How
this has been done is outside of the scope of the document. this has been done is outside of the scope of the document.
skipping to change at line 1231 skipping to change at line 1231
It is possible to include fields to indicate that one of the It is possible to include fields to indicate that one of the
locations is a translation of another. If this is done, it is also locations is a translation of another. If this is done, it is also
possible to have a field to identify the translator, as identity and possible to have a field to identify the translator, as identity and
method. method.
Cuellar, Morris, Mulligan, Peterson, Polk 24 Cuellar, Morris, Mulligan, Peterson, Polk 24
9.3. Truth Flag 9.3. Truth Flag
Geopriv MUST be silent on the truth or lack-of-truth of the location Geopriv MUST be silent on the truth or lack-of-truth of the location
information contained in the LO. Thus, the LO MUST not provide an information contained in the LO. Thus, the LO MUST NOT provide an
attribute in object saying "I am (or am not) telling you the whole attribute in object saying "I am (or am not) telling you the whole
truth." truth."
9.4. Timing Information Format 9.4. Timing Information Format
The format of timing information is out of the scope of this The format of timing information is out of the scope of this
document. document.
9.5. The Name Space of Identifiers 9.5. The Name Space of Identifiers
skipping to change at line 1295 skipping to change at line 1295
Computers to make Big Brother Obsolete. Original Version Computers to make Big Brother Obsolete. Original Version
appeared in: Communications of the ACM, vol. 28 no. 10, appeared in: Communications of the ACM, vol. 28 no. 10,
October 1985 pp. 1030-1044. Revised version available at October 1985 pp. 1030-1044. Revised version available at
http://www.chaum.com/articles/ http://www.chaum.com/articles/
[ISO99] ISO99: ISO IS 15408, 1999, http://www.commoncriteria.org/. [ISO99] ISO99: ISO IS 15408, 1999, http://www.commoncriteria.org/.
[OECD] OECD Guidelines on the Protection of Privacy and Transborder [OECD] OECD Guidelines on the Protection of Privacy and Transborder
Flows of Personal Data, http://www.oecd.org. Flows of Personal Data, http://www.oecd.org.
[Pfi01] Pfitzmann, Andreas; K÷hntopp, Marit: Anonymity, [Pfi01] Pfitzmann, Andreas; Khntopp, Marit: Anonymity,
Unobservability, and Pseudonymity - A Proposal for Unobservability, and Pseudonymity - A Proposal for
Terminology; in: H Federrath (Ed.): Designing Privacy Terminology; in: H Federrath (Ed.): Designing Privacy
Enhancing Technologies; Proc. Workshop on Design Issues in Enhancing Technologies; Proc. Workshop on Design Issues in
Anonymity and Unobservability; LNCS 2009; 2001; 1-9. Newer Anonymity and Unobservability; LNCS 2009; 2001; 1-9. Newer
versions available at http://www.koehntopp.de/marit/pub/anon versions available at http://www.koehntopp.de/marit/pub/anon
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
12. Author's Addresses 12. Author's Addresses
 End of changes. 8 change blocks. 
9 lines changed or deleted 9 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/