idnits 2.17.1 

draft-ietf-geopriv-http-location-delivery-04.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** It looks like you're using RFC 3978 boilerplate.  You should update this
     to the boilerplate described in the IETF Trust License Policy document
     (see https://trustee.ietf.org/license-info), which is required now.

  -- Found old boilerplate from RFC 3978, Section 5.1 on line 17.

  -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on
     line 1745.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 1756.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 1763.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 1769.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust Copyright Line does not match the
     current year

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (January 14, 2008) is 5939 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  == Unused Reference: '5' is defined on line 1444, but no explicit reference
     was found in the text

  == Unused Reference: '9' is defined on line 1457, but no explicit reference
     was found in the text

  == Unused Reference: '13' is defined on line 1477, but no explicit
     reference was found in the text

  == Unused Reference: '17' is defined on line 1496, but no explicit
     reference was found in the text

  == Unused Reference: '19' is defined on line 1502, but no explicit
     reference was found in the text

  ** Obsolete normative reference: RFC 2246 (ref. '2') (Obsoleted by RFC 4346)

  ** Obsolete normative reference: RFC 2616 (ref. '3') (Obsoleted by RFC
     7230, RFC 7231, RFC 7232, RFC 7233, RFC 7234, RFC 7235)

  ** Obsolete normative reference: RFC 2818 (ref. '4') (Obsoleted by RFC 9110)

  ** Downref: Normative reference to an Informational RFC: RFC 3693 (ref. '7')

  == Outdated reference: A later version (-14) exists of
     draft-ietf-geopriv-pdif-lo-profile-10

  == Outdated reference: A later version (-10) exists of
     draft-ietf-geopriv-l7-lcp-ps-06

  ** Downref: Normative reference to an Informational draft:
     draft-ietf-geopriv-l7-lcp-ps (ref. '11')

  -- Possible downref: Non-RFC (?) normative reference: ref. '12'

  -- Possible downref: Non-RFC (?) normative reference: ref. '13'

  == Outdated reference: A later version (-09) exists of
     draft-ietf-geopriv-lbyr-requirements-01

  ** Downref: Normative reference to an Informational draft:
     draft-ietf-geopriv-lbyr-requirements (ref. '15')

  -- Obsolete informational reference (is this intentional?): RFC  793 (ref.
     '16') (Obsoleted by RFC 9293)

  -- Obsolete informational reference (is this intentional?): RFC 3023 (ref.
     '18') (Obsoleted by RFC 7303)

  -- Obsolete informational reference (is this intentional?): RFC 3825 (ref.
     '21') (Obsoleted by RFC 6225)

  -- Obsolete informational reference (is this intentional?): RFC 4395 (ref.
     '22') (Obsoleted by RFC 7595)

  == Outdated reference: A later version (-13) exists of
     draft-ietf-sip-location-conveyance-09

  == Outdated reference: A later version (-05) exists of
     draft-winterbottom-geopriv-deref-protocol-00


     Summary: 7 errors (**), 0 flaws (~~), 11 warnings (==), 13 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	GEOPRIV WG                                                M. Barnes, Ed.
3	Internet-Draft                                                    Nortel
4	Intended status: Standards Track
5	Expires: July 17, 2008

7	                                                        January 14, 2008

9	                 HTTP Enabled Location Delivery (HELD)
10	            draft-ietf-geopriv-http-location-delivery-04.txt

12	Status of this Memo

14	   By submitting this Internet-Draft, each author represents that any
15	   applicable patent or other IPR claims of which he or she is aware
16	   have been or will be disclosed, and any of which he or she becomes
17	   aware will be disclosed, in accordance with Section 6 of BCP 79.

19	   Internet-Drafts are working documents of the Internet Engineering
20	   Task Force (IETF), its areas, and its working groups.  Note that
21	   other groups may also distribute working documents as Internet-
22	   Drafts.

24	   Internet-Drafts are draft documents valid for a maximum of six months
25	   and may be updated, replaced, or obsoleted by other documents at any
26	   time.  It is inappropriate to use Internet-Drafts as reference
27	   material or to cite them other than as "work in progress."

29	   The list of current Internet-Drafts can be accessed at
30	   http://www.ietf.org/ietf/1id-abstracts.txt.

32	   The list of Internet-Draft Shadow Directories can be accessed at
33	   http://www.ietf.org/shadow.html.

35	   This Internet-Draft will expire on July 17, 2008.

37	Copyright Notice

39	   Copyright (C) The IETF Trust (2008).

41	Abstract

43	   A Layer 7 Location Configuration Protocol (L7 LCP) is described that
44	   is used for retrieving location information from a server within an
45	   access network.  The protocol includes options for retrieving
46	   location information in two forms: by-value and by-reference.  The
47	   protocol is an extensible application-layer protocol that is
48	   independent of session-layer.  This document describes the use of
49	   Hypertext Transfer Protocol (HTTP) as a transport for the protocol.

51	Table of Contents

53	   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  4
54	   2.  Conventions & Terminology  . . . . . . . . . . . . . . . . . .  4
55	   3.  Overview and Scope . . . . . . . . . . . . . . . . . . . . . .  5
56	   4.  Protocol Overview  . . . . . . . . . . . . . . . . . . . . . .  6
57	     4.1.  Location by Value  . . . . . . . . . . . . . . . . . . . .  7
58	     4.2.  Location by Reference  . . . . . . . . . . . . . . . . . .  7
59	     4.3.  Device Identifiers, NAT and VPNs . . . . . . . . . . . . .  7
60	       4.3.1.  Devices and VPNs . . . . . . . . . . . . . . . . . . .  8
61	       4.3.2.  LIS Handling of NATs and VPNs  . . . . . . . . . . . .  8
62	   5.  Protocol Description . . . . . . . . . . . . . . . . . . . . .  8
63	     5.1.  Delivery Protocol  . . . . . . . . . . . . . . . . . . . .  9
64	     5.2.  Location Request . . . . . . . . . . . . . . . . . . . . .  9
65	     5.3.  Location Response  . . . . . . . . . . . . . . . . . . . . 10
66	     5.4.  Indicating Errors  . . . . . . . . . . . . . . . . . . . . 10
67	   6.  Protocol Parameters  . . . . . . . . . . . . . . . . . . . . . 10
68	     6.1.  "responseTime" Parameter . . . . . . . . . . . . . . . . . 11
69	     6.2.  "locationType" Parameter . . . . . . . . . . . . . . . . . 11
70	       6.2.1.  "exact" Attribute  . . . . . . . . . . . . . . . . . . 12
71	     6.3.  "code" Parameter . . . . . . . . . . . . . . . . . . . . . 12
72	     6.4.  "message" Parameter  . . . . . . . . . . . . . . . . . . . 13
73	     6.5.  "locationURI" Parameter  . . . . . . . . . . . . . . . . . 13
74	       6.5.1.  "expires" Parameter  . . . . . . . . . . . . . . . . . 14
75	     6.6.  "pidf-LO" Parameter  . . . . . . . . . . . . . . . . . . . 15
76	   7.  XML Schema . . . . . . . . . . . . . . . . . . . . . . . . . . 15
77	   8.  HTTP Binding . . . . . . . . . . . . . . . . . . . . . . . . . 19
78	   9.  Security Considerations  . . . . . . . . . . . . . . . . . . . 19
79	     9.1.  Return Routability . . . . . . . . . . . . . . . . . . . . 20
80	     9.2.  Transaction Layer Security . . . . . . . . . . . . . . . . 21
81	   10. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
82	     10.1. HTTP Example Messages  . . . . . . . . . . . . . . . . . . 21
83	     10.2. Simple Location Request Example  . . . . . . . . . . . . . 24
84	     10.3. Location Request Example for Multiple Location Types . . . 25
85	   11. IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 26
86	     11.1. URN Sub-Namespace Registration . . . . . . . . . . . . . . 26
87	       11.1.1. URN Sub-Namespace Registration for
88	               urn:ietf:params:xml:ns:geopriv:held  . . . . . . . . . 26
89	       11.1.2. URN Sub-Namespace Registration for
90	               urn:ietf:params:xml:ns:geopriv:held:http . . . . . . . 27
91	     11.2. XML Schema Registration  . . . . . . . . . . . . . . . . . 28
92	     11.3. MIME Media Type Registration for 'application/held+xml'  . 28
93	     11.4. Error code Registry  . . . . . . . . . . . . . . . . . . . 29
94	     11.5. URI Registration . . . . . . . . . . . . . . . . . . . . . 29
95	   12. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 30
96	   13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 30
97	   14. Changes since last Version . . . . . . . . . . . . . . . . . . 31
98	   15. References . . . . . . . . . . . . . . . . . . . . . . . . . . 33
99	     15.1. Normative References . . . . . . . . . . . . . . . . . . . 33
100	     15.2. Informative References . . . . . . . . . . . . . . . . . . 35
101	   Appendix A.  HELD Compliance to IETF LCP requirements  . . . . . . 36
102	     A.1.  L7-1: Identifier Choice  . . . . . . . . . . . . . . . . . 36
103	     A.2.  L7-2: Mobility Support . . . . . . . . . . . . . . . . . . 36
104	     A.3.  L7-3: ASP and Access Network Provider Relationship . . . . 37
105	     A.4.  L7-4: Layer 2 and Layer 3 Provider Relationship  . . . . . 37
106	     A.5.  L7-5: Legacy Device Considerations . . . . . . . . . . . . 37
107	     A.6.  L7-6: VPN Awareness  . . . . . . . . . . . . . . . . . . . 38
108	     A.7.  L7-7: Network Access Authentication  . . . . . . . . . . . 38
109	     A.8.  L7-8: Network Topology Unawareness . . . . . . . . . . . . 38
110	     A.9.  L7-9: Discovery Mechanism  . . . . . . . . . . . . . . . . 39
111	     A.10. L7-10: PIDF-LO Creation  . . . . . . . . . . . . . . . . . 39
112	   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 39
113	   Intellectual Property and Copyright Statements . . . . . . . . . . 41

115	1.  Introduction

117	   The location of a Device is information that is useful for a number
118	   of applications.  The L7 Location Configuration Protocol (LCP)
119	   problem statement and requirements document [11] provides some
120	   scenarios in which the Device might rely on its access network to
121	   provide location information.  The LIS service applies to access
122	   networks employing both wired technology (e.g.  DSL, Cable) and
123	   wireless technology (e.g.  WiMAX) with varying degrees of Device
124	   mobility.  This document describes a protocol that can be used to
125	   acquire Location Information (LI) from a Location Information Server
126	   (LIS) within an access network.

128	   This specification identifies two types of location information that
129	   may be retrieved from the LIS.  Location may be retrieved from the
130	   LIS by-value, that is, the Device may acquire a literal location
131	   object describing the location of the Device.  The Device may also
132	   request that the LIS provide a location reference in the form of a
133	   location URI or set of location URIs, allowing the Device to
134	   distribute its LI by-reference.  Both of these methods can be
135	   provided concurrently from the same LIS to accommodate application
136	   requirements for different types of location information.

138	   This specification defines an extensible XML-based protocol that
139	   enables the retrieval of LI from a LIS by a Device.  This protocol
140	   can be bound to any session-layer protocol, particularly those
141	   capable of MIME transport.  This document describes the use of
142	   Hypertext Transfer Protocol (HTTP) as a transport for the protocol.

144	2.  Conventions & Terminology

146	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
147	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
148	   document are to be interpreted as described in [1].

150	   This document uses the terms (and their acronym forms) Access
151	   Provider (AP), Location Information (LI), Location Object (LO),
152	   Device, Target, Location Generator (LG), Location Recipient (LR),
153	   Rule Maker (RM) and Rule Holder (RH) as defined in RFC 3693, GEOPRIV
154	   Requirements [7] .  The terms Location Information Server (LIS),
155	   Access Network, Access Provider (AP) and Access Network Provider are
156	   used in the same context as defined in the L7 LCP Problem statement
157	   and Requirements document [11].  The usage of the terms, Civic
158	   Location/Address and Geodetic Location follows the usage in many of
159	   the referenced documents.

161	   In describing the protocol, the terms "attribute" and "element" are
162	   used according to their context in XML.  The term "parameter" is used
163	   in a more general protocol context and can refer to either an XML
164	   "attribute" or "element".

166	3.  Overview and Scope

168	   This document describes an interface between a Device and a Location
169	   Information Server (LIS).  This document assumes that the LIS is
170	   present within the same administrative domain as the Device (e.g.,
171	   the access network).  An Access Provider (AP) operates the LIS so
172	   that Devices (and Targets) can retrieve LI.  The LIS exists because
173	   not all Devices are capable of determining LI, and because, even if a
174	   device is able to determine its own LI, it may be more efficient with
175	   assistance.  This document does not specify how LI is determined.

177	   This document is based on the attribution of the LI to a Device and
178	   not specifically a person (end user) or Target, based on the premise
179	   that location determination technologies are generally designed to
180	   locate a device and not a person.  It is expected that, for most
181	   applications, LI for the device can be used as an adequate substitute
182	   for the end user's LI.  Since revealing the location of the device
183	   almost invariably reveals some information about the location of the
184	   user of the device, the same level of privacy protection demanded by
185	   a user is required for the device.  This approach may require either
186	   some additional assurances about the link between device and target,
187	   or an acceptance of the limitation that unless the device requires
188	   active user authentication, there is no guarantee that any particular
189	   individual is using the device at that instant.

191	   The following diagram shows the logical configuration of some of the
192	   functional elements identified in [7] and the LIS defined in [11] and
193	   where this protocol applies, with the Rule Maker and Target
194	   represented by the role of the Device.

196	                     +---------------------------------------------+
197	                     | Access Network Provider                     |
198	                     |                                             |
199	                     |   +--------------------------------------+  |
200	                     |   | Location Information Server          |  |
201	                     |   |                                      |  |
202	                     |   |                                      |  |
203	                     |   |                                      |  |
204	                     |   |                                      |  |
205	                     |   +------|---------------------'---------+  |
206	                     +----------|---------------------'------------+
207	                                |                     '
208	                                |                     '
209	                               HELD                  APP
210	                                |                     '
211	     Rule Maker   - _     +-----------+         +-----------+
212	           o          - - | Device    |         | Location  |
213	          <U\             |           | - - - - | Recipient |
214	          / \       _ - - |           |   APP   |           |
215	         Target - -       +-----------+         +-----------+

217	                        Figure 1: Significant Roles

219	   The interface between the Location Recipient (LR) and the Device
220	   and/or LIS is application specific, as indicated by the APP
221	   annotation in the diagram and it is outside the scope of the
222	   document.  An example of an APP interface between a device and LR can
223	   be found in the SIP Location Conveyance document [23].

225	4.  Protocol Overview

227	   The HELD protocol facilitates retrieval of location directly in the
228	   form of a PIDF-LO document (by-value) and indirectly as a Location
229	   URI (by-reference).  The policy that describes to whom, and how, LI
230	   is granted is outside the scope of this document and may be specified
231	   in separate specifications as required.  The Device must first
232	   discover the URI for the LIS for sending the HELD protocol requests
233	   as identified by the requirement in the L7 LCP problem statement and
234	   requirements [11].  The discovery methods are specified in [14].  The
235	   LIS uses the source IP address of the request sent from the Device as
236	   the identifier in determining the location of the device.  The use of
237	   additional identifiers for the HELD protocol is outside the scope of
238	   this document.

240	4.1.  Location by Value

242	   Where a Device requires LI directly, it can request that the LIS
243	   create a PIDF-LO document.  This approach fits well with a
244	   configuration whereby the device directly makes use of the provided
245	   PIDF-LO document.  The details on the information that may be
246	   included in the PIDF-LO MUST follow the subset of those rules
247	   relating to the construction of the "location-info" element in the
248	   PIDF-LO Usage Clarification, Considerations and Recommendations
249	   document [10].  Further detail is included in the detailed protocol
250	   section of this document Section 6

252	4.2.  Location by Reference

254	   Requesting location directly does not always address the requirements
255	   of an application.  A Device can request a location URI instead of
256	   literal location.  A Location URI is a URI [20] of any scheme, which
257	   a Location Recipient (LR) can use to retrieve LI.  A location URI
258	   provided by a LIS can be assumed to be globally-addressable; that is,
259	   anyone in possession of the URI can access the LIS.  This does not in
260	   any way suggest that the LIS is bound to reveal the location
261	   associated with the location URI.  This issue is deemed out of scope
262	   for this document.  The merits and drawbacks of using a Location URI
263	   approach are discussed in [15].

265	4.3.  Device Identifiers, NAT and VPNs

267	   Use of the HELD protocol is subject to the viability of the
268	   identifier used by the LIS to determine location.  This document
269	   describes the use of the IP address of the Device as the identifier.
270	   When Network Address Translation (NAT), a Virtual Private Network
271	   (VPN) or other forms of address modification occur between the Device
272	   and the LIS, the location returned could be inaccurate.

274	   Not all cases of NATs introduce inaccuracies in the returned
275	   location.  For example, a NAT used in a residential Local Area
276	   Network (LAN) is typically not a problem.  The external IP address
277	   used on the Wide Area Network (WAN) side of the NAT is an acceptable
278	   identifier for all of the devices in the residence, on the LAN side
279	   of the NAT, since the covered geographical area is small.

281	   On the other hand, if there is a VPN between the Device and the LIS,
282	   for example for a teleworker, then the IP address seen by the LIS
283	   might not be the right address to identify the location of the
284	   Device.

286	4.3.1.  Devices and VPNs

288	   To minimize the impact of VPNs, Devices should perform their HELD
289	   query prior to establishing a VPN tunnel.  It is RECOMMENDED that
290	   discovery [14] and an initial query are performed before establishing
291	   the VPN.  If a Device performs the HELD query after establishing the
292	   VPN tunnel, the Device may receive inaccurate location information.

294	   Devices that establish VPN connections for use by other devices
295	   inside a LAN or other closed network may serve as a LIS, that
296	   implements the HELD protocol, for those other Devices.  Devices
297	   within the closed network are not necessarily able to detect the
298	   presence of the VPN and rely on the VPN device.  To this end, a VPN
299	   device should provide the address, of the LIS server it provides, in
300	   response to discovery queries.

302	   It could also be useful for a VPN device to serve as a LIS for other
303	   location configuration options such as Dynamic Host Configuration
304	   Protocol (DHCP)[21] or Link Layer Discovery Protocol - Media Endpoint
305	   Discovery (LLDP-MED) [25].  VPN devices that serve as a LIS may
306	   acquire their own location using HELD.

308	4.3.2.  LIS Handling of NATs and VPNs

310	   In the cases where the Device uses a VPN connection or is behind a
311	   NAT that serves a large geographic area or multiple geographic
312	   locations (for example, a NAT used by an enterprise to connect their
313	   private network to the Internet), the LIS may not be able to return
314	   an accurate LI.  If the LIS cannot determine an accurate LI, it
315	   should not provide location information to the requesting device.
316	   The LIS needs to be configured to recognize identifiers that
317	   represent these conditions.

319	   LIS operators have a large role in ensuring the best possible
320	   environment for location determination.  The LIS operator needs to
321	   ensure that the LIS is properly configured with identifiers that fall
322	   within NATs and VPNs.  In order to serve a Device on a remote side of
323	   a NAT or VPN a LIS needs to have a presence on the side of the NAT or
324	   VPN nearest the Device.

326	5.  Protocol Description

328	   As discussed in Section 4, this protocol provides for the retrieval
329	   of location in the form of a PIDF-LO document and/or Location URI(s)
330	   from a LIS.  Three messages are defined to support the location
331	   retrieval: locationRequest, locationResponse and error.  Messages are
332	   defined as XML documents.

334	   The Location Request (locationRequest) message is described in
335	   Section 5.2.  A Location Request message from a Device indicates
336	   whether location in the form of a PIDF-LO document (with specific
337	   type(s) of location) and/or Location URI(s) should be returned.  The
338	   LIS replies with a response (locationResponse), including a PIDF-LO
339	   document and/or one or more Location URIs in case of success, or an
340	   error message in case of an error.

342	   A MIME type "application/held+xml" is registered in Section 11.3 to
343	   distinguish HELD messages from other XML document bodies.  This
344	   specification follows the recommendations and conventions described
345	   in [18], including the naming convention of the type ('+xml' suffix)
346	   and the usage of the 'charset' parameter.

348	   Section 6 contains a more thorough description of the protocol
349	   parameters, valid values, and how each should be handled.  Section 7
350	   contains a more specific definition of the structure of these
351	   messages in the form of an XML Schema [12].

353	5.1.  Delivery Protocol

355	   The HELD protocol is an application-layer protocol that is defined
356	   independently of any lower layers.  This means that any protocol can
357	   be used to transport this protocol providing that it can provide a
358	   few basic features:
359	   o  The protocol must have acknowledged delivery.
360	   o  The protocol must be able to correlate a response with a request.
361	   o  The protocol must provide authentication, privacy and protection
362	      against modification.
363	   This document describes the use of a combination of HTTP [3], TLS [2]
364	   and TCP [16] in Section 8 .

366	5.2.  Location Request

368	   A location request message is sent from the Device to the LIS when it
369	   requires LI.  The type of LI that a Device requests is determined by
370	   the type of LI that is included in the "locationType" element.

372	   The location request is made by sending a document formed of a
373	   "locationRequest" element.  The LIS uses the source IP address of the
374	   location request message as the primary source of identity for the
375	   requesting device or target.  It is anticipated that other Device
376	   identities may be provided through schema extensions.  The successful
377	   response to a location request message is a document formed of a
378	   "locationResponse" element, unless the request fails, in which case
379	   the LIS MUST provide an error indication document.

381	   The LIS MUST ignore any part of a location request message that it
382	   does not understand.

384	5.3.  Location Response

386	   The response to a Location request MUST contain a PIDF-LO and/or
387	   Location URI(s), depending upon the requested "locationType".

389	5.4.  Indicating Errors

391	   In the event of an error, the LIS MUST respond to the Device with an
392	   error document.  The error response applies to all request types and
393	   MUST also be sent in response to any unrecognized request.

395	   An error indication document consists of an "error" element.  The
396	   "error" element MUST include a "code" attribute that indicates the
397	   type of error.  A set of predefined error codes are included in
398	   Section 6.3.

400	   Error responses MAY also include a "message" attribute that can
401	   include additional information.  This information SHOULD be for
402	   diagnostic purposes only, and MAY be in any language.  The language
403	   of the message SHOULD be indicated with an "xml:lang" attribute.

405	6.  Protocol Parameters

407	   This section describes, in detail the parameters that are used for
408	   this protocol.  Table 1 lists the top-level components used within
409	   the protocol and where they are mandatory or optional for each of the
410	   messages.

412	   +------------------------+----------------+-----------------+-------+
413	   | Parameter              |    Location    |     Location    | Error |
414	   |                        |     Request    |     Response    |       |
415	   +------------------------+----------------+-----------------+-------+
416	   | responseTime           |        o       |                 |       |
417	   | (Section 6.1)          |                |                 |       |
418	   | locationType           |        o       |                 |       |
419	   | (Section 6.2)          |                |                 |       |
420	   | code (Section 6.3)     |                |                 |   m   |
421	   | message (Section 6.4)  |                |                 |   o   |
422	   | locationURI            |                |        o        |       |
423	   | (Section 6.5)          |                |                 |       |
424	   | PIDF-LO (Section 6.6)  |                |        o        |       |
425	   +------------------------+----------------+-----------------+-------+

427	                     Table 1: Message Parameter Usage

429	6.1.  "responseTime" Parameter

431	   The "responseTime" attribute MAY be included in a location request
432	   message.  The "responseTime" attribute includes a time value
433	   indicating to the LIS how long the Device is prepared to wait for a
434	   response and/or a purpose for which the Device needs the location.
435	   In the case of emergency services, the purpose of obtaining the LI
436	   could be either for routing a call to the appropriate PSAP or
437	   indicating the location to which responders should be dispatched.
438	   The values defined for the purpose, emergencyRouting and
439	   emergencyDispatch, will likely be governed by jurisdictional
440	   policies, and should be configurable on the LIS.

442	   The time value in the "responseTime" attribute is expressed as a non-
443	   negative integer in units of milliseconds.  The time value is
444	   indicative only and the LIS is under no obligation to strictly adhere
445	   to the time limit implied; any enforcement of the time limit is left
446	   to the requesting Device.  The LIS should provide the most accurate
447	   LI that can be determined within the specified interval for the
448	   specific service.

450	   The LIS may use the value of the time in the "responseTime" attribute
451	   as input when selecting the method of location determination, where
452	   multiple such methods exist.  If the "responseTime" attribute is
453	   absent, then the LIS should return the most precise LI it is capable
454	   of determining, with the time interval being implementation
455	   dependent.

457	6.2.  "locationType" Parameter

459	   The "locationType" element MAY be included in a location request
460	   message.  It contains a list of LI types that are requested by the
461	   Device.  The following list describes the possible values:

463	   any:  The LIS SHOULD attempt to provide LI in all forms available to
464	      it.  The LIS SHOULD return location information in a form that is
465	      suited for routing and responding to an emergency call in its
466	      jurisdiction.  The LIS MAY alternatively or additionally return a
467	      location URI.  If the "locationType" element is absent, this value
468	      MUST be assumed as the default.
469	   geodetic:  The LIS SHOULD return a geodetic location for the Target.
470	   civic:  The LIS SHOULD return a civic address for the Target.  Any
471	      type of civic address may be returned.
472	   locationURI:  The LIS SHOULD return a location URI for the Target.

474	   The LIS SHOULD return the requested location type or types.  The LIS
475	   MAY provide additional location types, or it MAY provide alternative
476	   types if the request cannot be satisfied for a requested location
477	   type.  A location URI provided by the LIS is a reference to the most
478	   current available LI, and the Target Device should understand that it
479	   is not a stable reference to a specific location.  The location types
480	   the LIS returns also depends on the setting of the optional "exact"
481	   attribute, as described in the following section.

483	   The "SHOULD"-strength requirement on this parameter is included to
484	   allow for soft-failover.  This enables a fixed client configuration
485	   that prefers a specific location type without causing location
486	   requests to fail when that location type is unavailable.  For
487	   example, a notebook computer could be configured to retrieve civic
488	   addresses, which is usually available from typical home or work
489	   situations.  However, when using a wireless modem, the LIS might be
490	   unable to provide a civic address and thus provides a geodetic
491	   address.

493	6.2.1.  "exact" Attribute

495	   The "exact" attribute MAY be included in a location request message
496	   when the "locationType" element is included.  When the "exact"
497	   attribute is set to "true", it indicates to the LIS that the contents
498	   of the "locationType" parameter MUST be strictly followed.  The
499	   default value of "false" allows the LIS the option of returning
500	   something beyond what is specified, such as a location URI when only
501	   a civic location was requested.

503	   A value of "true" indicates that the LIS MUST provide a location of
504	   the requested type or types or MUST provide an error.  The LIS MUST
505	   provide the requested types only.  The LIS MUST handle an exact
506	   request that includes a "locationType" element set to "any" as if the
507	   "exact" attribute were set to "false".

509	6.3.  "code" Parameter

511	   All "error" responses MUST contain a response code.  All errors are
512	   application-level errors, and MUST only be provided in successfully
513	   processed transport-level responses.  For example where HTTP is used
514	   as the transport, HELD error messages MUST be accompanied by a 200 OK
515	   HTTP response.

517	   HELD error responses may be one of the following tokens:

519	   requestError:  This code indicates that the request was badly formed
520	      in some fashion.

522	   xmlError:  This code indicates that the XML content of the request
523	      was either badly formed or invalid.
524	   generalLisError:  This code indicates that an unspecified error
525	      occurred at the LIS.
526	   locationUnknown:  This code indicates that the LIS could not
527	      determine the location of the Device.
528	   unsupportedMessage:  This code indicates that the request was not
529	      supported or understood by the LIS.
530	   timeout:  This code indicates that the LIS could not satisfy the
531	      request within the time specified in the "responseTime" parameter.
532	   cannotProvideLiType:  This code indicates that the LIS was unable to
533	      provide LI of the type or types requested.  This code is used when
534	      the "exact" attribute on the "locationType" parameter is set to
535	      "true".

537	6.4.  "message" Parameter

539	   The "error" message MAY include a "message" attribute to convey some
540	   additional, human-readable information about the result of the
541	   request.  This message MAY be included in any language, which SHOULD
542	   be indicated by the "xml:lang", attribute.  The default language is
543	   assumed to be English.

545	6.5.  "locationURI" Parameter

547	   The "locationURI" element includes a single Location URI.  Each
548	   Location URI that is allocated by the LIS is unique to the device
549	   that is requesting it.  A "locationResponse" message MAY contain any
550	   number of "locationURI" elements.

552	   The "locationURI" elements MUST be in the form of a HELD: URI, which
553	   is defined following RFC3986 [20] and the associated URI Guidelines
554	   [22] recommendations, per the following ABNF syntax:

556	      HELD-URI = "held" ":" "//" [ location-id "@" ] host [ ":" port ]
557	             [ path-absolute ] [ uri-extensions ]

559	      location-id = token

561	      uri-extensions = "?" extension *(COMMA extension)

563	      extension = generic-param

565	      generic-param =  token [ EQUAL gen-value ]

567	      gen-value    =  token / host / quoted-string

569	      token =  1*(alphanum / "-" / "." / "!" / "%" / "*"
570	                        / "_" / "+" / "`" / "'" / "~" )

572	   The following summarizes the primary elements comprising the HELD-
573	   URI:

575	   host:  As defined in RFC3986 [20]
576	   port:  As defined in RFC3986 [20].  There is no unique port
577	      associated with location URIs.
578	   path-absolute  As defined in RFC3986 [20]
579	   location-id:  A token used to identify the locationURI uniquely to
580	      the device that is requesting it.
581	   extension:  To allow for future extensions of the information
582	      associated with locationURIs, for use by the LIS.

584	   The HELD: URI is not intended to be human-readable text, therefore it
585	   is encoded entirely in US-ASCII.  The following are examples of HELD:
586	   URIs:

588	     held://5432+379xyziou@ls.example.com
589	     held://thislocation@ls.example.com
590	     held://ls.example.com/thislocation
591	     held://9876abcde@ls.example.com/civic

593	   The URIs are case sensitive and exact equivalency is required for
594	   HELD-URI comparisons.  For example, in the above examples, although
595	   similar in information, the 2nd and 3rd URIs are not considered
596	   equivalent.

598	   A "locationURI" MUST NOT contain any information that could be used
599	   to identify the Device or Target.  It is recommended that a
600	   "locationURI" contain a public address for the LIS in the "host"
601	   component and an anonymous identifier, such as a local identifer or
602	   unlinked pseudonym, in the "location-id" component.  The "path-
603	   absolute" component is included to allow a LIS to more readily
604	   dereference the location, depending upon its implementation.

606	   Upon receipt of the "locationURI" in the response, the Device can
607	   then deference the location to obtain a PIDF-LO in a subsequent
608	   request to a LIS, as described in [24].  The following section
609	   discusses the "expires" attribute, which defines the length of time
610	   for which a specific HELD-URI is valid.

612	6.5.1.  "expires" Parameter

614	   The "expires" attribute is only included in a "locationResponse"
615	   message when a Location URI is included.  The "expires" attribute
616	   indicates the time at which the Location URI provided by the LIS will
617	   expire.

619	   Responses to Location requests for Location URIs MUST include the
620	   expiry time of the Location URI.  If a Device dereferences the
621	   location URI after the expiry time, it would be possible to get an
622	   entirely invalid location for that Device.

624	6.6.  "pidf-LO" Parameter

626	   A "pidf-LO" may be included in the "locationResponse" message when
627	   specific locationTypes (e.g., "geodetic" or "civic") are requested or
628	   a "locationType" of "any" is requested.  The details on the
629	   information that may be included in the PIDF-LO MUST follow the
630	   subset of those rules relating to the construction of the
631	   "location-info" element in the PIDF-LO Usage Clarification,
632	   Considerations and Recommendations document [10].  The LIS MUST
633	   follow those rules in generating the PIDF-LO in this case.  Per the
634	   GEOPRIV Location Object format specified in [8], the "entity" element
635	   MUST reflect the Target of the Location Information.  In addition,
636	   the default values for <retransmission-allowed> and <retention-
637	   expiry> as specified in [8] MUST be applied.  A default value of "no"
638	   SHALL be used for the <retransmission-allowed> element.  A default
639	   value of 24 hours SHALL be used for <retention-expiry> value of any
640	   generated PIDF-LO documents.  A LIS MAY provide a shorter value for
641	   <retention-expiry> but MUST NOT provide a value longer than 24 hours.

643	   Note that the PIDF-LO is not explicitly shown in the XML schema
644	   Section 7 for a location response message due to XML schema
645	   constraints.

647	7.  XML Schema

649	   This section gives the XML Schema Definition [12] of the
650	   "application/held+xml" format.  This is presented as a formal
651	   definition of the "application/held+xml" format.  Note that the XML
652	   Schema definition is not intended to be used with on-the-fly
653	   validation of the presence XML document.

655	  <?xml version="1.0"?>
656	  <xs:schema
657	      targetNamespace="urn:ietf:params:xml:ns:geopriv:held"
658	      xmlns:xs="http://www.w3.org/2001/XMLSchema"
659	      xmlns:held="urn:ietf:params:xml:ns:geopriv:held"
660	      xmlns:xml="http://www.w3.org/XML/1998/namespace"
661	      elementFormDefault="qualified"
662	      attributeFormDefault="unqualified">

664	    <xs:annotation>
665	      <xs:documentation source="https://www.ietf.org/rfc/rfcXXXX.txt">
666	        <!-- [[NOTE TO RFC-EDITOR: Please replace above URL with URL of
667	             published RFC and remove this note.]] -->
668	        This document defines HELD messages.
669	      </xs:documentation>
670	    </xs:annotation>

672	    <xs:import namespace="http://www.w3.org/XML/1998/namespace"/>

674	    <!-- Return Location -->
675	    <xs:complexType name="returnLocationType">
676	      <xs:complexContent>
677	        <xs:restriction base="xs:anyType">
678	          <xs:sequence>
679	            <xs:element name="locationURI" type="xs:anyURI"
680	                        maxOccurs="unbounded"/>
681	          </xs:sequence>
682	          <xs:attribute name="expires" type="xs:dateTime"
683	                        use="required"/>
684	        </xs:restriction>
685	      </xs:complexContent>
686	    </xs:complexType>

688	    <!-- responseTime Type -->
689	    <xs:simpleType name="responseTimeType">
690	      <xs:union>
691	        <xs:simpleType>
692	          <xs:restriction base="xs:token">
693	            <xs:enumeration value="emergencyRouting"/>
694	            <xs:enumeration value="emergencyDispatch"/>
695	          </xs:restriction>
696	        </xs:simpleType>
697	        <xs:simpleType>
698	          <xs:restriction base="xs:nonNegativeInteger">
699	            <xs:minInclusive value="0"/>
700	          </xs:restriction>
701	        </xs:simpleType>
702	      </xs:union>
703	    </xs:simpleType>

705	    <!-- Location Type -->
706	    <xs:simpleType name="locationTypeBase">
707	      <xs:union>
708	        <xs:simpleType>
709	          <xs:restriction base="xs:token">
710	            <xs:enumeration value="any"/>
711	          </xs:restriction>

713	        </xs:simpleType>
714	        <xs:simpleType>

716	          <xs:list>
717	            <xs:simpleType>
718	              <xs:restriction base="xs:token">
719	                <xs:enumeration value="civic"/>
720	                <xs:enumeration value="geodetic"/>
721	                <xs:enumeration value="locationURI"/>
722	              </xs:restriction>
723	            </xs:simpleType>
724	          </xs:list>
725	        </xs:simpleType>
726	      </xs:union>
727	    </xs:simpleType>

729	    <xs:complexType name="locationTypeType">
730	      <xs:simpleContent>
731	        <xs:extension base="held:locationTypeBase">
732	          <xs:attribute name="exact" type="xs:boolean"
733	                        use="optional" default="false"/>
734	        </xs:extension>
735	      </xs:simpleContent>
736	    </xs:complexType>

738	    <!-- Response code -->
739	    <xs:simpleType name="codeType">
740	      <xs:restriction base="xs:token">
741	        <xs:enumeration value="requestError"/>
742	        <xs:enumeration value="xmlError"/>
743	        <xs:enumeration value="generalLisError"/>
744	        <xs:enumeration value="locationUnknown"/>
745	        <xs:enumeration value="unsupportedMessage"/>
746	        <xs:enumeration value="timeout"/>
747	        <xs:enumeration value="cannotProvideLiType"/>
748	      </xs:restriction>
749	    </xs:simpleType>

751	    <!-- Message Definitions -->
752	    <xs:complexType name="baseRequestType">
753	      <xs:complexContent>
754	        <xs:restriction base="xs:anyType">
755	          <xs:sequence/>
756	          <xs:attribute name="responseTime" type="held:responseTimeType"
757	                        use="optional"/>
758	          <xs:anyAttribute namespace="##any" processContents="lax"/>
759	        </xs:restriction>

761	      </xs:complexContent>
762	    </xs:complexType>

764	    <xs:complexType name="errorType">
765	      <xs:complexContent>
766	        <xs:restriction base="xs:anyType">
767	          <xs:sequence/>
768	          <xs:attribute name="code" type="held:codeType"
769	                        use="required"/>
770	          <xs:attribute name="message" type="xs:token"
771	                        use="optional"/>
772	          <xs:attribute ref="xml:lang" use="optional"/>
773	        </xs:restriction>
774	      </xs:complexContent>
775	    </xs:complexType>

777	    <xs:element name="error" type="held:errorType"/>

779	    <!-- Location Response -->
780	    <xs:complexType name="locationResponseType">
781	      <xs:complexContent>
782	        <xs:restriction base="xs:anyType">
783	          <xs:sequence>
784	            <xs:element name="locationUriSet"
785	                        type="held:returnLocationType"
786	                        minOccurs="0"/>
787	            <xs:any namespace="##other" processContents="lax"
788	                    minOccurs="0" maxOccurs="unbounded"/>
789	          </xs:sequence>
790	        </xs:restriction>
791	      </xs:complexContent>
792	    </xs:complexType>

794	    <xs:element name="locationResponse"
795	                type="held:locationResponseType"/>

797	    <!-- Location Request -->

799	    <xs:complexType name="locationRequestType">
800	      <xs:complexContent>
801	        <xs:extension base="held:baseRequestType">
802	          <xs:sequence>
803	            <xs:element name="locationType"
804	                        type="held:locationTypeType"
805	                        minOccurs="0"/>
806	            <xs:any namespace="##other" processContents="lax"
807	                    minOccurs="0" maxOccurs="unbounded"/>
808	          </xs:sequence>
809	        </xs:extension>
810	      </xs:complexContent>
811	    </xs:complexType>

813	    <xs:element name="locationRequest"
814	                type="held:locationRequestType"/>

816	  </xs:schema>

818	8.  HTTP Binding

820	   This section describes the use of HTTP [3] as a transport mechanism
821	   for this protocol, which all conforming implementations MUST support.

823	   The request is carried in the body of an HTTP POST request.  The MIME
824	   type of both request and response bodies should be
825	   "application/held+xml".

827	   The LIS populates the HTTP headers so that they are consistent with
828	   the contents of the message.  In particular, the "expires" and cache
829	   control headers are used to control the caching of any PIDF-LO
830	   document or Location URIs.  The HTTP status code SHOULD indicate a
831	   2xx series response when a PIDF-LO document or Location URI is
832	   included.

834	   The use of HTTP also includes a default behaviour, which is triggered
835	   by a GET request, or a POST with no request body.  If either of these
836	   queries are received, the LIS MUST attempt to provide either a
837	   PIDF-LO document or a Location URI, as if the request was a location
838	   request.

840	   The implementation of HTTP as a transport mechanism MUST implement
841	   TLS as described in [4].  TLS provides message integrity and privacy
842	   between Device and LIS.  The LIS MUST use the server authentication
843	   method described in [4]; the Device MUST fail a request if server
844	   authentication fails, except in the event of an emergency.

846	9.  Security Considerations

848	   The Security Requirements for the Geopriv Location System [Editor's
849	   note: need to add explicit reference to this doc, BUT xml2rfc not
850	   happy with that doc not having an abbreviated title] identifies the
851	   threat model for the protocols that interface with a LIS.  The threat
852	   model for the HELD protocol assumes that the LIS exists within the
853	   same administrative domain as the Device.  The LIS requires access to
854	   network information so that it can determine Location.  Therefore,
855	   the LIS can use network information to protect against a number of
856	   the possible attacks.

858	   Specific requirements and security considerations for location
859	   acquisition protocols are provided in [11] including that the LCP
860	   MUST NOT assume prior network access authentication, which is
861	   addressed in Section 9.2

863	   An in-depth discussion of the security considerations applicable to
864	   the use of Location URIs and by-reference provision of LI is included
865	   in [15].

867	9.1.  Return Routability

869	   It is RECOMMENDED that Location Information Servers use return
870	   routability rather than requiring Device authentication.  Device
871	   authentication SHOULD NOT be required due to the administrative
872	   challenge of issuing and managing of client credentials, particularly
873	   when networks allow visiting users to attach devices.  However, the
874	   LIS MAY require any form of authentication as long as these factors
875	   are considered.

877	   Addressing information used in a request to the LIS is used to
878	   determine the identity of the Device, and to address a response.
879	   This ensures that a Device can only request its own LI.

881	   A temporary spoofing of IP address could mean that a device could
882	   request a Location URI that would result in another Device's
883	   location.  One or more of the follow approaches are RECOMMENDED to
884	   limit this exposure:
885	   o  Location URIs SHOULD have a limited lifetime, as reflected by the
886	      value for the expires element (Section 6.5.1).
887	   o  The network SHOULD have mechanisms that protect against IP address
888	      spoofing.
889	   o  The LIS SHOULD ensure that requests can only originate from within
890	      its administrative domain.
891	   o  The LIS and network SHOULD be configured so that the LIS is made
892	      aware of Device movement within the network and addressing
893	      changes.  If the LIS detects a change in the network, then all
894	      location URIs MUST be invalidated.

896	   The above measures are dependent on network configuration and SHOULD
897	   be considered with circumstances in mind.  For instance, in a fixed
898	   internet access, providers may be able to restrict the allocation of
899	   IP addresses to a single physical line, ensuring that spoofing is not
900	   possible; in such an environment, other measures may not be
901	   necessary.

903	9.2.  Transaction Layer Security

905	   All bindings for this protocol MUST ensure that messages are
906	   adequately protected against eavesdropping and modification.
907	   Bindings MUST also provide a means of authenticating the LIS.

909	   It is RECOMMENDED that all bindings also use TLS [2].

911	   For the HTTP binding, TLS MUST be used.  TLS provides protection
912	   against eavesdropping and modification.  The server authentication
913	   methods described in HTTP on TLS [4] MUST be used.

915	10.  Examples

917	10.1.   HTTP Example Messages

919	   The examples in this section show a complete HTTP message that
920	   includes the HELD request or response document.

922	   This example shows the most basic request for a LO.  This uses the
923	   GET feature described by the HTTP binding.  This example assumes that
924	   the LIS service exists at the URL "https://lis.example.com/location".

926	         GET /location HTTP/1.1
927	         Host: lis.example.com
928	         Accept:application/held+xml,
929	             application/xml;q=0.8,
930	             text/xml;q=0.7
931	         Accept-Charset: UTF-8,*

933	   The GET request is exactly identical to a minimal POST request that
934	   includes an empty "locationRequest" element.

936	         POST /location HTTP/1.1
937	         Host: lis.example.com
938	         Accept: application/held+xml,
939	             application/xml;q=0.8,
940	             text/xml;q=0.7
941	         Accept-Charset: UTF-8,*
942	         Content-Type: application/held+xml
943	         Content-Length: 87

945	         <?xml version="1.0"?>
946	         <locationRequest xmlns="urn:ietf:params:xml:ns:geopriv:held"/>

948	   The successful response to either of these requests is a PIDF-LO
949	   document.  The following response shows a minimal PIDF-LO response.

951	         HTTP/1.x 200 OK
952	         Server: Example LIS
953	         Date: Tue, 10 Jan 2006 03:42:29 GMT
954	         Expires: Tue, 10 Jan 2006 03:42:29 GMT
955	         Cache-control: private
956	         Content-Type: application/held+xml
957	         Content-Length: 594

959	         <?xml version="1.0"?>
960	         <locationResponse xmlns="urn:ietf:params:xml:ns:geopriv:held">
961	         <presence xmlns="urn:ietf:params:xml:ns:pidf"
962	                   entity="pres:3650n87934c@ls.example.com">
963	           <tuple id="3b650sf789nd">
964	           <status>
965	            <geopriv xmlns="urn:ietf:params:xml:ns:pidf:geopriv10">
966	             <location-info>
967	                <Point xmlns="http://www.opengis.net/gml"
968	                       srsName="urn:ogc:def:crs:EPSG::4326">
969	                  <pos>-34.407 150.88001</pos>
970	                </Point>
971	              </location-info>
972	              <usage-rules>
973	                <retention-expiry>
974	                  2006-01-11T03:42:28+00:00</retention-expiry>
975	              </usage-rules>
976	            </geopriv>
977	           </status>
978	           <timestamp>2006-01-10T03:42:28+00:00</timestamp>
979	           </tuple>
980	         </presence>
981	         </locationResponse>

983	   The error response to either of these requests is an error document.
984	   The following response shows an example error response.

986	         HTTP/1.x 200 OK
987	         Server: Example LIS
988	         Expires: Tue, 10 Jan 2006 03:49:20 GMT
989	         Cache-control: private
990	         Content-Type: application/held+xml
991	         Content-Length: 135

993	         <?xml version="1.0"?>
994	         <error xmlns="urn:ietf:params:xml:ns:geopriv:held"
995	                code="locationUnknown"
996	                message="Unable to determine location"/>

998	   Note:  To focus on important portions of messages, all examples
999	      following this note do not show HTTP headers or the XML prologue.
1000	      In addition, sections of XML not relevant to the example are
1001	      replaced with comments.

1003	10.2.  Simple Location Request Example

1005	   The location request shown below doesn't specify any location types
1006	   or response time.

1008	   <locationRequest xmlns="urn:ietf:params:xml:ns:geopriv:held"/>

1010	   The response to this location request is a list of Location URIs.

1012	      <locationResponse xmlns="urn:ietf:params:xml:ns:geopriv:held">
1013	        <locationUriSet expires="2006-01-01T13:00:00">
1014	          <locationURI>held://ls.example.com:9768/357yc6s64ceyoiuy5ax3o
1015	          </locationURI>
1016	          <locationURI>held://9769+357yc6s64ceyoiuy5ax3o@ls.example.com
1017	          </locationURI>
1018	        </locationUriSet>
1019	      </locationResponse>

1021	   An error response to this location request is shown below:

1023	         <error xmlns="urn:ietf:params:xml:ns:geopriv:held"
1024	                    code="locationUnknown"
1025	                    message="Location not available"/>

1027	10.3.  Location Request Example for Multiple Location Types

1029	   The following Location Request message includes a request for
1030	   geodetic, civic and any Location URIs.

1032	         <locationRequest xmlns="urn:ietf:params:xml:ns:geopriv:held">
1033	          <locationType exact="true">
1034	            geodetic
1035	            civic
1036	            locationURI
1037	          </locationType>
1038	          </locationRequest>

1040	   The corresponding Location Response message includes the requested
1041	   location information, including two location URIs.

1043	       <locationResponse xmlns="urn:ietf:params:xml:ns:geopriv:held">
1044	          <locationUriSet expires="2006-01-01T13:00:00">
1045	          <locationURI>held://ls.example.com:9768/357yc6s64ceyoiuy5ax3o
1046	          </locationURI>
1047	          <locationURI>held://9769+357yc6s64ceyoiuy5ax3o@ls.example.com:
1048	          </locationURI>
1049	         </locationUriSet>
1050	         <presence xmlns="urn:ietf:params:xml:ns:pidf:geopriv10"
1051	                entity="pres:ae3be8585902e2253ce2@10.102.23.9">
1052	         <tuple id="lisLocation">
1053	          <status>
1054	          <geopriv>
1055	           <location-info>
1056	             <gs:Circle
1057	              xmlns:gs="http://www.opengis.net/pidflo/1.0"
1058	              xmlns:gml="http://www.opengis.net/gml"
1059	              srsName="urn:ogc:def:crs:EPSG::4326">
1060	              <gml:pos>-34.407242 150.882518</gml:pos>
1061	              <gs:radius uom="urn:ogc:def:uom:EPSG::9001">30
1062	              </gs:radius>
1063	             </gs:Circle>
1064	             <ca:civicAddress
1065	              xmlns:ca="urn:ietf:params:xml:ns:pidf:geopriv10:civicAddr"
1066	              xml:lang="en-au">
1067	              <ca:country>AU</ca:country>
1068	              <ca:A1>NSW</ca:A1>
1069	              <ca:A3>Wollongong</ca:A3>
1070	              <ca:A4>Gwynneville</ca:A4>
1071	              <ca:STS>Northfield Avenue</ca:STS>
1072	              <ca:LMK>University of Wollongong</ca:LMK>
1073	              <ca:FLR>2</ca:FLR>
1074	              <ca:NAM>Andrew Corporation</ca:NAM>
1075	              <ca:PC>2500</ca:PC>
1076	              <ca:BLD>39</ca:BLD>
1077	              <ca:SEAT>WS-183</ca:SEAT>
1078	              <ca:POBOX>U40</ca:POBOX>
1079	             </ca:civicAddress>
1080	           </location-info>
1081	           <usage-rules>
1082	             <retransmission-allowed>false</retransmission-allowed>
1083	             <retention-expiry>2007-05-25T12:35:02+10:00
1084	             </retention-expiry>
1085	           </usage-rules>
1086	           <method>Wiremap</method>
1087	           </geopriv>
1088	          </status>
1089	          <timestamp>2007-05-24T12:35:02+10:00</timestamp>
1090	        </tuple>
1091	        </presence>
1092	       </locationResponse>

1094	11.  IANA Considerations

1096	   This document requires several IANA registrations detailed in the
1097	   following sections.

1099	11.1.  URN Sub-Namespace Registration

1101	   This specification registers two new XML namespaces, as per the
1102	   guidelines in [6].

1104	11.1.1.  URN Sub-Namespace Registration for
1105	         urn:ietf:params:xml:ns:geopriv:held

1107	   This section registers a new XML namespace,
1108	   "urn:ietf:params:xml:ns:geopriv:held".
1109	      URI: urn:ietf:params:xml:ns:geopriv:held
1110	      Registrant Contact: IETF, GEOPRIV working group,
1111	      (geopriv@ietf.org), Mary Barnes (mary.barnes@nortel.com).
1112	      XML:

1114	         BEGIN
1115	           <?xml version="1.0"?>
1116	           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
1117	             "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
1118	           <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
1119	             <head>
1120	               <title>HELD Messages</title>
1121	             </head>
1122	             <body>
1123	               <h1>Namespace for HELD Messages</h1>
1124	               <h2>urn:ietf:params:xml:ns:geopriv:held</h2>
1125	   [[NOTE TO IANA/RFC-EDITOR: Please update RFC URL and replace XXXX
1126	       with the RFC number for this specification.]]
1127	               <p>See <a href="[[RFC URL]]">RFCXXXX</a>.</p>
1128	             </body>
1129	           </html>
1130	         END

1132	11.1.2.  URN Sub-Namespace Registration for
1133	         urn:ietf:params:xml:ns:geopriv:held:http

1135	   TThis section registers a new XML namespace,
1136	   "urn:ietf:params:xml:ns:geopriv:held:http."
1137	      URI: urn:ietf:params:xml:ns:geopriv:held:http
1138	      Registrant Contact: IETF, GEOPRIV working group,
1139	      (geopriv@ietf.org), Mary Barnes (mary.barnes@nortel.com).
1140	      XML:

1142	         BEGIN
1143	           <?xml version="1.0"?>
1144	           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
1145	             "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
1146	           <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
1147	             <head>
1148	               <title>HELD HTTP Binding WS</title>
1149	             </head>
1150	             <body>
1151	               <h1>Namespace for HELD HTTP Binding WS</h1>
1152	               <h2>urn:ietf:params:xml:ns:geopriv:held:http</h2>
1153	   [[NOTE TO IANA/RFC-EDITOR: Please update RFC URL and replace XXXX
1154	       with the RFC number for this specification.]]
1155	               <p>See <a href="[[RFC URL]]">RFCXXXX</a>.</p>
1156	             </body>
1157	           </html>
1158	         END

1160	11.2.  XML Schema Registration

1162	   This section registers an XML schema as per the guidelines in [6].
1163	   URI:  urn:ietf:params:xml:schema:geopriv:held
1164	   Registrant Contact:  IETF, GEOPRIV working group, (geopriv@ietf.org),
1165	      Mary Barnes (mary.barnes@nortel.com).
1166	   Schema:  The XML for this schema can be found as the entirety of
1167	      Section 7 of this document.

1169	11.3.  MIME Media Type Registration for 'application/held+xml'

1171	   This section registers the "application/held+xml" MIME type.
1172	   To:  ietf-types@iana.org
1173	   Subject:  Registration of MIME media type application/held+xml
1174	   MIME media type name:  application
1175	   MIME subtype name:  held+xml
1176	   Required parameters:  (none)
1177	   Optional parameters:  charset
1178	      Indicates the character encoding of enclosed XML.  Default is
1179	      UTF-8.
1180	   Encoding considerations:  Uses XML, which can employ 8-bit
1181	      characters, depending on the character encoding used.  See RFC
1182	      3023 [18], section 3.2.
1183	   Security considerations:  This content type is designed to carry
1184	      protocol data related to the location of an entity, which could
1185	      include information that is considered private.  Appropriate
1186	      precautions should be taken to limit disclosure of this
1187	      information.
1188	   Interoperability considerations:  This content type provides a basis
1189	      for a protocol
1190	   Published specification:  RFC XXXX [[NOTE TO IANA/RFC-EDITOR: Please
1191	      replace XXXX with the RFC number for this specification.]]
1192	   Applications which use this media type:  Location information
1193	      providers and consumers.
1194	   Additional Information:  Magic Number(s): (none)
1195	      File extension(s): .xml
1196	      Macintosh File Type Code(s): (none)
1197	   Person & email address to contact for further information:  Mary
1198	      Barnes <mary.barnes@nortel.com>
1199	   Intended usage:  LIMITED USE
1200	   Author/Change controller:  The IETF
1201	   Other information:  This media type is a specialization of
1202	      application/xml [18], and many of the considerations described
1203	      there also apply to application/held+xml.

1205	11.4.  Error code Registry

1207	   This document requests that the IANA create a new registry the HELD
1208	   protocol including an initial registry for error codes.  The error
1209	   codes are included in HELD error messages as described in Section 6.3
1210	   and defined in the schema in the 'codeType' token in the XML schema
1211	   in (Section 7)

1213	   The following summarizes the requested registry:

1215	   Related Registry:   Geopriv HELD Registries, Error codes for HELD
1216	   Defining RFC:  RFC XXXX [NOTE TO IANA/RFC-EDITOR: Please replace XXXX
1217	      with the RFC number for this specification.]
1218	   Registration/Assignment Procedures:  New error codes are allocated on
1219	      a first-come/first-serve basis with specification recommended.
1220	   Registrant Contact:  IETF, GEOPRIV working group, (geopriv@ietf.org),
1221	      Mary Barnes (mary.barnes@nortel.com).

1223	   This section pre-registers the following seven initial error codes as
1224	   described above in Section 6.3:

1226	   requestError:  This code indicates that the request was badly formed
1227	      in some fashion.
1228	   xmlError:  This code indicates that the XML content of the request
1229	      was either badly formed or invalid.
1230	   generalLisError:  This code indicates that an unspecified error
1231	      occurred at the LIS.
1232	   locationUnknown:  This code indicates that the LIS could not
1233	      determine the location of the Device.
1234	   unsupportedMessage:  This code indicates that the request was not
1235	      supported or understood by the LIS.
1236	   timeout:  This code indicates that the LIS could not satisfy the
1237	      request within the time specified in the "responseTime" parameter.
1238	   cannotProvideLiType:  This code indicates that the LIS was unable to
1239	      provide LI of the type or types requested.  This code is used when
1240	      the "exact" attribute on the "locationType" parameter is set to
1241	      "true".

1243	11.5.  URI Registration

1245	   The following summarizes the information necessary to register the
1246	   held: URI.  [NOTE TO IANA/RFC-EDITOR: Please replace XXXX with the
1247	   RFC number for this specification in the following list.]
1248	   URI Scheme Name:  held
1249	   Status:  permanent
1250	   URI Scheme syntax:  See section
1251	   URI Scheme Semantics:  The held: URI is intended to be used as a
1252	      reference to a location object.  Further detail is provided in
1253	      Section 6.5 of RFCXXXX.
1254	   Encoding Considerations:  The HELD: URI is not intended to be human-
1255	      readable text, therefore they are encoded entirely in US-ASCII.
1256	   Applications/protocols that use this URI scheme:  The HELD protocol
1257	      described in RFCXXXX and the GEOPRIV Location De-reference
1258	      Protocol [24]
1259	   Interoperability considerations:  This URI is intended for use as a
1260	      parameter for the HELD protocol and this URI is also used as an
1261	      input parameter for the GEOPRIV Location De-reference Protocol
1262	      [24].  Refer to Section 6.5 in RFXXXX for further detail, in
1263	      particular on the lack of permanence of a specific HELD: URI and
1264	      thus the importance of using these URIs only within the specific
1265	      contexts outlined in the references.
1266	   Security considerations:  Section 9 in RFXXXX addresses the necessary
1267	      security associated with the transport of location information
1268	      between a Device and the LIS to ensure the privacy and integrity
1269	      of the held: URI.  The schema for the held: URI allows for a
1270	      random identifier in the form of a token in the URI Section 6.5 in
1271	      RFCXXXX also recommends that the token be allocated such that it
1272	      does not reveal any detail at all about the content of the PIDF-LO
1273	      that it may indirectly reference.
1274	   Contact:  IETF, GEOPRIV working group, (geopriv@ietf.org), Mary
1275	      Barnes (mary.barnes@nortel.com).
1276	   Author/Change controller:  This scheme is registered under the IETF
1277	      tree.  As such, IETF maintains change control.
1278	   References:  RFC XXXX, GEOPRIV Location De-reference Protocol [24]

1280	12.  Contributors

1282	   James Winterbottom, Martin Thomson and Barbara Stark are the authors
1283	   of the original document, from which this WG document was derived.
1284	   Their contact information is included in the Author's address
1285	   section.  In addition, they also contributed to the WG document,
1286	   including the XML schema.

1288	13.  Acknowledgements

1290	   The author/contributors would like to thank the participants in the
1291	   GEOPRIV WG and the following people for their constructive input and
1292	   feedback on this document (in alphabetical order): Nadine Abbott,
1293	   Eric Arolick, Richard Barnes, Peter Blatherwick, Guy Caron, Martin
1294	   Dawson, Lisa Dusseault, Jerome Grenier, Ted Hardie, Neil Justusson,
1295	   Tat Lam, Marc Linsner, Patti McCalmont, Roger Marshall, Perry
1296	   Prozeniuk, Carl Reed, Brian Rosen, John Schnizlein, Shida Schubert,
1297	   Henning Schulzrinne, Ed Shrum, Doug Stuard and Hannes Tschofenig.

1299	14.  Changes since last Version

1301	   NOTE TO THE RFC-Editor: Please remove this section prior to
1302	   publication as an RFC.

1304	   Changes from WG 03 to 04:

1306	   1) Terminology: clarified in terminology section that "attribute" and
1307	   "element" are used in the strict XML sense and "parameter" is used as
1308	   a general protocol term Replaced term "HTTP delivery" with "HTTP
1309	   transport".  Still have two terms "HTTP transport" and "HTTP
1310	   binding", but those are consistent with general uses of HTTP.

1312	   2) Editorial changes and clarifications: per Roger Marshall's and
1313	   Eric Arolick's comments and subsequent WG mailing list discussion.

1315	   3) Changed normative language for describing expected and recommended
1316	   LIS behaviors to be non-normative recommendations in cases where the
1317	   protocol parameters were not the target of the discussion (e.g., we
1318	   can't prescribe to the LIS how it determines location or what it
1319	   defines to be an "accurate" location).

1321	   4) Clarified responseTime attribute (section 6.1).  Changed type from
1322	   "decimal" to "nonNegativeInteger" in XML schema (section 7)

1324	   5) Updated Table 1 in section 6 to only include top-level parameters
1325	   and fixed some errors in that table (i.e., code for locationResponse)
1326	   and adding PIDF-LO to the table.  Added a detailed section describing
1327	   PIDF-LO (section 6.6), moving some of the normative text in the
1328	   Protocol Overview to this section.

1330	   6) Added schema and description for locationURI to section 6.5.
1331	   Added IANA registration for HELD: URI schema.

1333	   7) Added IANA registry for error codes.

1335	   Changes from WG 02 to 03:

1337	   1) Added text to address concern over use of IP address as device
1338	   identifier, per long email thread - changes to section 3 (overview)
1339	   and section 4 (protocol overview).

1341	   2) Removed WSDL (section 8 updated, section 8.1 and 10.4 removed)

1343	   3) Added extensibility to baseRequestType in the schema (an oversight
1344	   from previous edits), along with fixing some other nits in schema
1345	   (section 7)

1347	   4) Moved discussion of Location URI from section 5.3 (Location
1348	   Response) to where it rightly belonged in Section 6.5 (Location URI
1349	   Parameter).

1351	   5) Clarified text for "expires" parameter (6.5.1) - it's an optional
1352	   parm, but required for LocationURIs

1354	   6) Clarified responseTime parameter: when missing, then the LCS
1355	   provides most precise LI, with the time required being implementation
1356	   specific.

1358	   7) Clarified that the MUST use in section 8 (HTTP binding) is a MUST
1359	   implement.

1361	   8) Updated references (removed unused/added new).

1363	   Changes from WG 01 to 02:

1365	   1) Updated Terminology to be consistent with WG agreements and other
1366	   documents (e.g., LCS -> LIS and removed duplicate terms).  In the
1367	   end, there are no new terms defined in this document.

1369	   2) Modified definition of responseTime to reflect WG consensus.

1371	   3) Removed jurisdictionalCivic and postalCivic locationTypes (leaving
1372	   just "civic").

1374	   4) Clarified text that locationType is optional.  Fixed table 1 and
1375	   text in section 5.2 (locationRequest description).  Text in section
1376	   6.2 (description of locationType element) already defined the default
1377	   to be "any".

1379	   5) Simplified error responses.  Separated the definition of error
1380	   response type from the locationResponse type thus no need for
1381	   defining an error code of "success".  This simplifies the schema and
1382	   processing.

1384	   6) Updated schema/examples for the above.

1386	   7) Updated Appendix A based on updates to requirements document,
1387	   specifically changes to A.1, A.3 and adding A.10.

1389	   8) Miscellaneous editorial clarifications.

1391	   Changes from WG 00 to 01:

1393	   1) heldResponse renamed to locationResponse.

1395	   2) Changed namespace references for the PIDF-LO geoShape in the
1396	   schema to match the agreed GML PIDF-LO Geometry Shape Application
1397	   Schema.

1399	   3) Removed "options" element - leaving optionality/extensibility to
1400	   XML mechanisms.

1402	   4) Changed error codes to be enumerations and not redefinitions of
1403	   HTTP response codes.

1405	   5) Updated schema/examples for the above and removed some remnants of
1406	   the context element.

1408	   6) Clarified the definition of "Location Information (LI)" to include
1409	   a reference to the location (to match the XML schema and provide
1410	   consistency of usage throughout the document).  Added an additional
1411	   statement in section 7.2 (locationType) to clarify that LCS MAY also
1412	   return a Location URI.

1414	   7) Modifed the definition of "Location Configuration Server (LCS)" to
1415	   be consistent with the current definiton in the requirements
1416	   document.

1418	   8) Updated Location Response (section 6.3) to remove reference to
1419	   context and discuss the used of a local identifier or unlinked
1420	   pseudonym in providing privacy/security.

1422	   9) Clarified that the source IP address in the request is used as the
1423	   identifier for the target/device for the HELD protocol as defined in
1424	   this document.

1426	   10) Miscellaneous editorial clarifications.

1428	15.  References

1430	15.1.  Normative References

1432	   [1]   Bradner, S., "Key words for use in RFCs to Indicate Requirement
1433	         Levels", BCP 14, RFC 2119, March 1997.

1435	   [2]   Dierks, T. and C. Allen, "The TLS Protocol Version 1.0",
1436	         RFC 2246, January 1999.

1438	   [3]   Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L.,
1439	         Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol --
1440	         HTTP/1.1", RFC 2616, June 1999.

1442	   [4]   Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.

1444	   [5]   Eastlake, D., Reagle, J., and D. Solo, "(Extensible Markup
1445	         Language) XML-Signature Syntax and Processing", RFC 3275,
1446	         March 2002.

1448	   [6]   Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
1449	         January 2004.

1451	   [7]   Cuellar, J., Morris, J., Mulligan, D., Peterson, J., and J.
1452	         Polk, "Geopriv Requirements", RFC 3693, February 2004.

1454	   [8]   Peterson, J., "A Presence-based GEOPRIV Location Object
1455	         Format", RFC 4119, December 2005.

1457	   [9]   Thomson, M. and J. Winterbottom, "Revised Civic Location Format
1458	         for PIDF-LO", draft-ietf-geopriv-revised-civic-lo-07 (work in
1459	         progress), December 2007.

1461	   [10]  Winterbottom, J., Thomson, M., and H. Tschofenig, "GEOPRIV
1462	         PIDF-LO Usage Clarification, Considerations and
1463	         Recommendations", draft-ietf-geopriv-pdif-lo-profile-10 (work
1464	         in progress), October 2007.

1466	   [11]  Tschofenig, H. and H. Schulzrinne, "GEOPRIV Layer 7 Location
1467	         Configuration Protocol; Problem Statement and  Requirements",
1468	         draft-ietf-geopriv-l7-lcp-ps-06 (work in progress),
1469	         November 2007.

1471	   [12]  Thompson, H., Maloney, M., Beech, D., and N. Mendelsohn, "XML
1472	         Schema Part 1: Structures Second Edition", World Wide Web
1473	         Consortium Recommendation REC-xmlschema-1-20041028,
1474	         October 2004,
1475	         <http://www.w3.org/TR/2004/REC-xmlschema-1-20041028>.

1477	   [13]  Biron, P. and A. Malhotra, "XML Schema Part 2: Datatypes Second
1478	         Edition", World Wide Web Consortium Recommendation REC-
1479	         xmlschema-2-20041028, October 2004,
1480	         <http://www.w3.org/TR/2004/REC-xmlschema-2-20041028>.

1482	   [14]  Thomson, M. and J. Winterbottom, "Discovering the Local
1483	         Location Information Server (LIS)",
1484	         draft-thomson-geopriv-lis-discovery-03 (work in progress),
1485	         September 2007.

1487	   [15]  Marshall, R., "Requirements for a Location-by-Reference
1488	         Mechanism", draft-ietf-geopriv-lbyr-requirements-01 (work in
1489	         progress), October 2007.

1491	15.2.  Informative References

1493	   [16]  Postel, J., "Transmission Control Protocol", STD 7, RFC 793,
1494	         September 1981.

1496	   [17]  Day, M., Rosenberg, J., and H. Sugano, "A Model for Presence
1497	         and Instant Messaging", RFC 2778, February 2000.

1499	   [18]  Murata, M., St. Laurent, S., and D. Kohn, "XML Media Types",
1500	         RFC 3023, January 2001.

1502	   [19]  Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
1503	         Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
1504	         Session Initiation Protocol", RFC 3261, June 2002.

1506	   [20]  Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
1507	         Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986,
1508	         January 2005.

1510	   [21]  Polk, J., Schnizlein, J., and M. Linsner, "Dynamic Host
1511	         Configuration Protocol Option for Coordinate-based Location
1512	         Configuration Information", RFC 3825, July 2004.

1514	   [22]  Hansen, T., Hardie, T., and L. Masinter, "Guidelines and
1515	         Registration Procedures for New URI Schemes", BCP 115,
1516	         RFC 4395, February 2006.

1518	   [23]  Polk, J. and B. Rosen, "Location Conveyance for the Session
1519	         Initiation Protocol", draft-ietf-sip-location-conveyance-09
1520	         (work in progress), November 2007.

1522	   [24]  Winterbottom, J., Tschofenig, H., Schulzrinne, H., Thomson, M.,
1523	         and M. Dawson, "An HTTPS Location Dereferencing Protocol Using
1524	         HELD", draft-winterbottom-geopriv-deref-protocol-00 (work in
1525	         progress), November 2007.

1527	   [25]  TIA, "ANSI/TIA-1057 Link Layer Discovery Protocol - Media
1528	         Endpoint Discovery".

1530	Appendix A.  HELD Compliance to IETF LCP requirements

1532	   This appendix describes HELD's compliance to the requirements
1533	   specified in the [11].

1535	A.1.  L7-1: Identifier Choice

1537	   "The L7 LCP MUST be able to carry different identifiers or MUST
1538	   define an identifier that is mandatory to implement.  Regarding the
1539	   latter aspect, such an identifier is only appropriate if it is from
1540	   the same realm as the one for which the location information service
1541	   maintains identifier to location mapping."

1543	   COMPLY

1545	   HELD uses the IP address of the location request message as the
1546	   primary source of identity for the requesting device or target.  This
1547	   identity can be used with other contextual network information to
1548	   provide a physical location for the Target for many network
1549	   deployments.  There may be network deployments where an IP address
1550	   alone is insufficient to identify a Target in a network.  However,
1551	   any necessary identity extensions for these networks is beyond the
1552	   scope of this document.

1554	A.2.  L7-2: Mobility Support

1556	   "The GEOPRIV Layer 7 Location Configuration Protocol MUST support a
1557	   broad range of mobility from devices that can only move between
1558	   reboots, to devices that can change attachment points with the impact
1559	   that their IP address is changed, to devices that do not change their
1560	   IP address while roaming, to devices that continuously move by being
1561	   attached to the same network attachment point."

1563	   COMPLY

1565	   Mobility support is inherently a characteristic of the access network
1566	   technology and HELD is designed to be access network agnostic.
1567	   Consequently HELD complies with this requirement.  In addition HELD
1568	   provides specific support for mobile environments by providing an
1569	   optional responseTime attribute in location request messages.
1570	   Wireless networks often have several different mechanisms at their
1571	   disposal for position determination (e.g.  Assisted GPS versus
1572	   location based on serving base station identity), each providing
1573	   different degrees of accuracy and taking different amounts of time to
1574	   yield a result.  The responseTime parameter provides the LIS with a
1575	   criterion which it can use to select a location determination
1576	   technique.

1578	A.3.  L7-3: ASP and Access Network Provider Relationship

1580	   "The design of the L7 LCP MUST NOT assume a business or trust
1581	   relationship between the Application Service Provider (ASP) and the
1582	   Access Network Provider.  Requirements for resolving a reference to
1583	   location information are not discussed in this document."

1585	   COMPLY

1587	   HELD describes a location acquisition protocol and has no
1588	   dependencies on the business or trust relationship between the ASP
1589	   and the Access Network Provider.  Location acquisition using HELD is
1590	   subject to the restrictions described in Section 9.

1592	A.4.  L7-4: Layer 2 and Layer 3 Provider Relationship

1594	   "The design of the GEOPRIV Layer 7 Location Configuration Protocol
1595	   MUST assume that there is a trust and business relationship between
1596	   the L2 and the L3 provider.  The L3 provider operates the LIS and
1597	   needs to obtain location information from the L2 provider since this
1598	   one is closest to the end host.  If the L2 and L3 provider for the
1599	   same host are different entities, they cooperate for the purposes
1600	   needed to determine end system locations."

1602	   COMPLY

1604	   HELD was specifically designed with this model in mind and readily
1605	   allows itself to chaining requests between operators without a change
1606	   in protocol being required.  HELD is a webservices protocol it can be
1607	   bound to transports other than HTTP.  Using o offers the option of
1608	   high request throughput over a dedicated connection between an L3
1609	   provider and an L2 provider without incurring the serial restriction
1610	   imposed by HTTP.  This is less easy to do with protocols that do not
1611	   decouple themselves from the transport.

1613	A.5.  L7-5: Legacy Device Considerations

1615	   "The design of the GEOPRIV Layer 7 Location Configuration Protocol
1616	   MUST consider legacy residential NAT devices and NTEs in an DSL
1617	   environment that cannot be upgraded to support additional protocols,
1618	   for example to pass additional information through DHCP."

1620	   COMPLY

1622	   HELD is an application protocol and operates on top of IP.  A HELD
1623	   request from a host behind a residential NAT will traverse the NAT
1624	   acquiring the external address of the home router.  The location
1625	   provided to the host therefore will be the address of the home router
1626	   in this circumstance.  No changes are required to the home router in
1627	   order to support this function, HELD was designed specifically to
1628	   address this deployment scenario.

1630	A.6.  L7-6: VPN Awareness

1632	   "The design of the GEOPRIV Layer 7 Location Configuration Protocol
1633	   MUST assume that at least one end of a VPN is aware of the VPN
1634	   functionality.  In an enterprise scenario, the enterprise side will
1635	   provide the LIS used by the client and can thereby detect whether the
1636	   LIS request was initiated through a VPN tunnel."

1638	   COMPLY

1640	   HELD does not preclude a LIS on the far end of a VPN tunnel being
1641	   aware that the client request is occurring over that tunnel.  It also
1642	   does not preclude a client device from accessing a LIS serving the
1643	   local physical network and subsequently using the location
1644	   information with an application that is accessed over a VPN tunnel.

1646	A.7.  L7-7: Network Access Authentication

1648	   "The design of the GEOPRIV Layer 7 Location Configuration Protocol
1649	   MUST NOT assume prior network access authentication."

1651	   COMPLY

1653	   HELD makes no assumptions about prior network access authentication.
1654	   HELD strongly recommends the use of TLS with server-side certificates
1655	   for communication between the end-point and the LIS.  There is no
1656	   requirement for the end-point to authenticate with the LIS.

1658	A.8.  L7-8: Network Topology Unawareness

1660	   "The design of the GEOPRIV Layer 7 Location Configuration Protocol
1661	   MUST NOT assume end systems being aware of the access network
1662	   topology.  End systems are, however, able to determine their public
1663	   IP address(es) via mechanisms such as STUN or NSIS NATFW NSLP."

1665	   COMPLY

1667	   HELD makes no assumption about the network topology.  HELD doesn't
1668	   require that the device know its external IP address, except where
1669	   that is required for discovery of the LIS.

1671	A.9.  L7-9: Discovery Mechanism

1673	   "The L7 LCP MUST define a single mandatory to implement discovery
1674	   mechanism."

1676	   COMPLY

1678	   HELD uses the discovery mechanism in [14].

1680	A.10.  L7-10: PIDF-LO Creation

1682	   "When a LIS creates a PIDF-LO per RFC 4119 then it MUST put the
1683	   <geopriv> element into the <device> element of the presence document
1684	   (see RFC 4479).  This ensures that the resulting PIDF-LO document,
1685	   which is subsequently distributed to other entities, conforms to the
1686	   rules outlined in ". [10]

1688	   COMPLY

1690	   HELD protocol overview (Section 4 ) describes the requirements on the
1691	   LIS in creating the PIDF-LO and prescribes that the PIDF-LO generated
1692	   by the LIS MUST conform to [10].

1694	Authors' Addresses

1696	   Mary Barnes (editor)
1697	   Nortel
1698	   2201 Lakeside Blvd
1699	   Richardson, TX

1701	   Email: mary.barnes@nortel.com

1703	   James Winterbottom
1704	   Andrew
1705	   PO Box U40
1706	   Wollongong University Campus, NSW  2500
1707	   AU

1709	   Phone: +61 2 4221 2938
1710	   Email: james.winterbottom@andrew.com
1711	   URI:   http://www.andrew.com/
1712	   Martin Thomson
1713	   Andrew
1714	   PO Box U40
1715	   Wollongong University Campus, NSW  2500
1716	   AU

1718	   Phone: +61 2 4221 2915
1719	   Email: martin.thomson@andrew.com
1720	   URI:   http://www.andrew.com/

1722	   Barbara Stark
1723	   BellSouth
1724	   Room 7A41
1725	   725 W Peachtree St.
1726	   Atlanta, GA  30308
1727	   US

1729	   Email: barbara.stark@bellsouth.com

1731	Full Copyright Statement

1733	   Copyright (C) The IETF Trust (2008).

1735	   This document is subject to the rights, licenses and restrictions
1736	   contained in BCP 78, and except as set forth therein, the authors
1737	   retain all their rights.

1739	   This document and the information contained herein are provided on an
1740	   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
1741	   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
1742	   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
1743	   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
1744	   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
1745	   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

1747	Intellectual Property

1749	   The IETF takes no position regarding the validity or scope of any
1750	   Intellectual Property Rights or other rights that might be claimed to
1751	   pertain to the implementation or use of the technology described in
1752	   this document or the extent to which any license under such rights
1753	   might or might not be available; nor does it represent that it has
1754	   made any independent effort to identify any such rights.  Information
1755	   on the procedures with respect to rights in RFC documents can be
1756	   found in BCP 78 and BCP 79.

1758	   Copies of IPR disclosures made to the IETF Secretariat and any
1759	   assurances of licenses to be made available, or the result of an
1760	   attempt made to obtain a general license or permission for the use of
1761	   such proprietary rights by implementers or users of this
1762	   specification can be obtained from the IETF on-line IPR repository at
1763	   http://www.ietf.org/ipr.

1765	   The IETF invites any interested party to bring to its attention any
1766	   copyrights, patents or patent applications, or other proprietary
1767	   rights that may cover technology that may be required to implement
1768	   this standard.  Please address the information to the IETF at
1769	   ietf-ipr@ietf.org.

1771	Acknowledgment

1773	   Funding for the RFC Editor function is provided by the IETF
1774	   Administrative Support Activity (IASA).