idnits 2.17.1 

draft-ietf-geopriv-http-location-delivery-15.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** The document seems to lack a License Notice according IETF Trust
     Provisions of 28 Dec 2009, Section 6.b.i or Provisions of 12 Sep 2009
     Section 6.b -- however, there's a paragraph with a matching beginning.
     Boilerplate error?

     (You're using the IETF Trust Provisions' Section 6.b License Notice from
     12 Feb 2009 rather than one of the newer Notices.  See
     https://trustee.ietf.org/license-info/.)


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (June 24, 2009) is 5410 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446)

  ** Obsolete normative reference: RFC 2965 (Obsoleted by RFC 6265)

  ** Obsolete normative reference: RFC 2616 (Obsoleted by RFC 7230, RFC 7231,
     RFC 7232, RFC 7233, RFC 7234, RFC 7235)

  ** Obsolete normative reference: RFC 2818 (Obsoleted by RFC 9110)

  == Outdated reference: A later version (-15) exists of
     draft-ietf-geopriv-lis-discovery-11

  -- Obsolete informational reference (is this intentional?): RFC  793
     (Obsoleted by RFC 9293)

  -- Obsolete informational reference (is this intentional?): RFC 2617
     (Obsoleted by RFC 7235, RFC 7615, RFC 7616, RFC 7617)

  -- Obsolete informational reference (is this intentional?): RFC 3023
     (Obsoleted by RFC 7303)

  -- Obsolete informational reference (is this intentional?): RFC 3825
     (Obsoleted by RFC 6225)

  -- Obsolete informational reference (is this intentional?): RFC 5226
     (Obsoleted by RFC 8126)

  == Outdated reference: A later version (-10) exists of
     draft-ietf-geopriv-l7-lcp-ps-09

  == Outdated reference: A later version (-09) exists of
     draft-ietf-geopriv-lbyr-requirements-07


     Summary: 5 errors (**), 0 flaws (~~), 4 warnings (==), 7 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	GEOPRIV WG                                                M. Barnes, Ed.
3	Internet-Draft                                                    Nortel
4	Intended status: Standards Track
5	Expires: December 26, 2009

7	                                                           June 24, 2009

9	                 HTTP Enabled Location Delivery (HELD)
10	            draft-ietf-geopriv-http-location-delivery-15.txt

12	Status of this Memo

14	   This Internet-Draft is submitted to IETF in full conformance with the
15	   provisions of BCP 78 and BCP 79.

17	   Internet-Drafts are working documents of the Internet Engineering
18	   Task Force (IETF), its areas, and its working groups.  Note that
19	   other groups may also distribute working documents as Internet-
20	   Drafts.

22	   Internet-Drafts are draft documents valid for a maximum of six months
23	   and may be updated, replaced, or obsoleted by other documents at any
24	   time.  It is inappropriate to use Internet-Drafts as reference
25	   material or to cite them other than as "work in progress."

27	   The list of current Internet-Drafts can be accessed at
28	   http://www.ietf.org/ietf/1id-abstracts.txt.

30	   The list of Internet-Draft Shadow Directories can be accessed at
31	   http://www.ietf.org/shadow.html.

33	   This Internet-Draft will expire on December 26, 2009.

35	Copyright Notice

37	   Copyright (c) 2009 IETF Trust and the persons identified as the
38	   document authors.  All rights reserved.

40	   This document is subject to BCP 78 and the IETF Trust's Legal
41	   Provisions Relating to IETF Documents in effect on the date of
42	   publication of this document (http://trustee.ietf.org/license-info).
43	   Please review these documents carefully, as they describe your rights
44	   and restrictions with respect to this document.

46	Abstract

48	   A Layer 7 Location Configuration Protocol (L7 LCP) is described that
49	   is used for retrieving location information from a server within an
50	   access network.  The protocol includes options for retrieving
51	   location information in two forms: by value and by reference.  The
52	   protocol is an extensible application-layer protocol that is
53	   independent of session-layer.  This document describes the use of
54	   HyperText Transfer Protocol (HTTP) and HTTP over Transport Layer
55	   Security (HTTP/TLS) as transports for the protocol.

57	Table of Contents

59	   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  4
60	   2.  Conventions & Terminology  . . . . . . . . . . . . . . . . . .  4
61	   3.  Overview and Scope . . . . . . . . . . . . . . . . . . . . . .  5
62	   4.  Protocol Overview  . . . . . . . . . . . . . . . . . . . . . .  6
63	     4.1.  Device Identifiers, NAT and VPNs . . . . . . . . . . . . .  7
64	       4.1.1.  Devices and VPNs . . . . . . . . . . . . . . . . . . .  7
65	       4.1.2.  LIS Handling of NATs and VPNs  . . . . . . . . . . . .  8
66	     4.2.  Location by Value  . . . . . . . . . . . . . . . . . . . .  8
67	     4.3.  Location by Reference  . . . . . . . . . . . . . . . . . .  9
68	   5.  Protocol Description . . . . . . . . . . . . . . . . . . . . .  9
69	     5.1.  Location Request . . . . . . . . . . . . . . . . . . . . . 10
70	     5.2.  Location Response  . . . . . . . . . . . . . . . . . . . . 10
71	     5.3.  Indicating Errors  . . . . . . . . . . . . . . . . . . . . 10
72	   6.  Protocol Parameters  . . . . . . . . . . . . . . . . . . . . . 11
73	     6.1.  "responseTime" Parameter . . . . . . . . . . . . . . . . . 11
74	     6.2.  "locationType" Parameter . . . . . . . . . . . . . . . . . 12
75	       6.2.1.  "exact" Attribute  . . . . . . . . . . . . . . . . . . 13
76	     6.3.  "code" Parameter . . . . . . . . . . . . . . . . . . . . . 14
77	     6.4.  "message" Parameter  . . . . . . . . . . . . . . . . . . . 14
78	     6.5.  "locationUriSet" Parameter . . . . . . . . . . . . . . . . 15
79	       6.5.1.  "locationURI" Parameter  . . . . . . . . . . . . . . . 15
80	       6.5.2.  "expires" Parameter  . . . . . . . . . . . . . . . . . 16
81	     6.6.  "Presence" Parameter (PIDF-LO) . . . . . . . . . . . . . . 16
82	   7.  XML Schema . . . . . . . . . . . . . . . . . . . . . . . . . . 17
83	   8.  HTTP Binding . . . . . . . . . . . . . . . . . . . . . . . . . 20
84	   9.  Security Considerations  . . . . . . . . . . . . . . . . . . . 22
85	     9.1.  Assuring that the proper LIS has been contacted  . . . . . 23
86	     9.2.  Protecting responses from modification . . . . . . . . . . 23
87	     9.3.  Privacy and Confidentiality  . . . . . . . . . . . . . . . 24
88	   10. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
89	     10.1. HTTPS Example Messages . . . . . . . . . . . . . . . . . . 25
90	     10.2. Simple Location Request Example  . . . . . . . . . . . . . 27
91	     10.3. Location Request Example for Multiple Location Types . . . 28
92	   11. IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 29
93	     11.1. URN Sub-Namespace Registration for
94	           urn:ietf:params:xml:ns:geopriv:held  . . . . . . . . . . . 29
95	     11.2. XML Schema Registration  . . . . . . . . . . . . . . . . . 30
96	     11.3. MIME Media Type Registration for 'application/held+xml'  . 30
97	     11.4. Error code Registry  . . . . . . . . . . . . . . . . . . . 31
98	   12. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 32
99	   13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 32
100	   14. Changes since last Version . . . . . . . . . . . . . . . . . . 33
101	   15. References . . . . . . . . . . . . . . . . . . . . . . . . . . 40
102	     15.1. Normative References . . . . . . . . . . . . . . . . . . . 40
103	     15.2. Informative References . . . . . . . . . . . . . . . . . . 41
104	   Appendix A.  HELD Compliance to IETF LCP requirements  . . . . . . 42
105	     A.1.  L7-1: Identifier Choice  . . . . . . . . . . . . . . . . . 42
106	     A.2.  L7-2: Mobility Support . . . . . . . . . . . . . . . . . . 43
107	     A.3.  L7-3: ASP and Access Network Provider Relationship . . . . 43
108	     A.4.  L7-4: Layer 2 and Layer 3 Provider Relationship  . . . . . 43
109	     A.5.  L7-5: Legacy Device Considerations . . . . . . . . . . . . 44
110	     A.6.  L7-6: VPN Awareness  . . . . . . . . . . . . . . . . . . . 44
111	     A.7.  L7-7: Network Access Authentication  . . . . . . . . . . . 45
112	     A.8.  L7-8: Network Topology Unawareness . . . . . . . . . . . . 45
113	     A.9.  L7-9: Discovery Mechanism  . . . . . . . . . . . . . . . . 45
114	     A.10. L7-10: PIDF-LO Creation  . . . . . . . . . . . . . . . . . 45
115	   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 46

117	1.  Introduction

119	   The location of a Device is information that is useful for a number
120	   of applications.  The L7 Location Configuration Protocol (LCP)
121	   problem statement and requirements document
122	   [I-D.ietf-geopriv-l7-lcp-ps] provides some scenarios in which a
123	   Device might rely on its access network to provide location
124	   information.  The Location Information Server (LIS) service applies
125	   to access networks employing both wired technology (e.g.  DSL, Cable)
126	   and wireless technology (e.g.  WiMAX) with varying degrees of Device
127	   mobility.  This document describes a protocol that can be used to
128	   acquire Location Information (LI) from a LIS within an access
129	   network.

131	   This specification identifies two types of location information that
132	   may be retrieved from the LIS.  Location may be retrieved from the
133	   LIS by value, that is, the Device may acquire a literal location
134	   object describing the location of the Device.  The Device may also
135	   request that the LIS provide a location reference in the form of a
136	   location URI or set of location URIs, allowing the Device to
137	   distribute its LI by reference.  Both of these methods can be
138	   provided concurrently from the same LIS to accommodate application
139	   requirements for different types of location information.

141	   This specification defines an extensible XML-based protocol that
142	   enables the retrieval of LI from a LIS by a Device.  This protocol
143	   can be bound to any session-layer protocol, particularly those
144	   capable of MIME transport.  This document describes the use of
145	   HyperText Transfer Protocol (HTTP) and HTTP over Transport Layer
146	   Security (HTTP/TLS) as transports for the protocol.

148	2.  Conventions & Terminology

150	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
151	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
152	   document are to be interpreted as described in [RFC2119].

154	   This document uses the terms (and their acronym forms) Access
155	   Provider (AP), Location Information (LI), Location Object (LO),
156	   Device, Target, Location Generator (LG), Location Recipient (LR),
157	   Rule Maker (RM) and Rule Holder (RH) as defined in RFC 3693, GEOPRIV
158	   Requirements [RFC3693] .  The terms Location Information Server
159	   (LIS), Access Network, Access Provider (AP) and Access Network
160	   Provider are used in the same context as defined in the L7 LCP
161	   Problem statement and Requirements document
162	   [I-D.ietf-geopriv-l7-lcp-ps].  The usage of the terms, Civic
163	   Location/Address and Geodetic Location follows the usage in many of
164	   the referenced documents.

166	   In describing the protocol, the terms "attribute" and "element" are
167	   used according to their context in XML.  The term "parameter" is used
168	   in a more general protocol context and can refer to either an XML
169	   "attribute" or "element".

171	3.  Overview and Scope

173	   This document describes an interface between a Device and a Location
174	   Information Server (LIS).  This document assumes that the LIS is
175	   present within the same administrative domain as the Device (e.g.,
176	   the access network).  The LIS exists because not all Devices are
177	   capable of determining LI, and because, even if a device is able to
178	   determine its own LI, it may be more efficient with assistance.  This
179	   document does not specify how LI is determined.  An Access Provider
180	   (AP) operates the LIS so that Devices (and Targets) can retrieve
181	   their LI.  This document assumes that the Device and Access Provider
182	   have no prior relationship other than what is necessary for the
183	   Device to obtain network access.

185	   This document is based on the attribution of the LI to a Device and
186	   not specifically a person (end user) or Target, based on the premise
187	   that location determination technologies are generally designed to
188	   locate a device and not a person.  It is expected that, for most
189	   applications, LI for the device can be used as an adequate substitute
190	   for the end user's LI.  Since revealing the location of the device
191	   almost invariably reveals some information about the location of the
192	   user of the device, the same level of privacy protection demanded by
193	   a user is required for the device.  This approach may require either
194	   some additional assurances about the link between device and target,
195	   or an acceptance of the limitation that unless the device requires
196	   active user authentication, there is no guarantee that any particular
197	   individual is using the device at that instant.

199	   The following diagram shows the logical configuration of some of the
200	   functional elements identified in [RFC3693] and the LIS defined in
201	   [I-D.ietf-geopriv-l7-lcp-ps] and where this protocol applies, with
202	   the Rule Maker and Target represented by the role of the Device.
203	   Note that only the interfaces relevant to the Device are identified
204	   in the diagram.

206	                     +---------------------------------------------+
207	                     | Access Network Provider                     |
208	                     |                                             |
209	                     |   +--------------------------------------+  |
210	                     |   | Location Information Server          |  |
211	                     |   |                                      |  |
212	                     |   |                                      |  |
213	                     |   |                                      |  |
214	                     |   |                                      |  |
215	                     |   +------|-------------------------------+  |
216	                     +----------|----------------------------------+
217	                                |
218	                                |
219	                               HELD
220	                                |
221	     Rule Maker   - _     +-----------+         +-----------+
222	           o          - - | Device    |         | Location  |
223	          <U\             |           | - - - - | Recipient |
224	          / \       _ - - |           |   APP   |           |
225	         Target - -       +-----------+         +-----------+

227	                        Figure 1: Significant Roles

229	   The interface between the Location Recipient (LR) and the Device
230	   and/or LIS is application specific, as indicated by the APP
231	   annotation in the diagram and it is outside the scope of the
232	   document.  An example of an APP interface between a device and LR can
233	   be found in the SIP Location Conveyance document
234	   [I-D.ietf-sip-location-conveyance].

236	4.  Protocol Overview

238	   A device uses the HELD protocol to retrieve its location either
239	   directly in the form of a Presence Information Data Format Location
240	   Object (PIDF-LO) document (by value) and indirectly as a Location URI
241	   (by reference).  The security necessary to ensure the accuracy,
242	   privacy and confidentiality of the device's location is described in
243	   the Security Considerations (Section 9).

245	   As described in the L7 LCP problem statement and requirements
246	   [I-D.ietf-geopriv-l7-lcp-ps], the Device MUST first discover the URI
247	   for the LIS for sending the HELD protocol requests.  The URI for the
248	   LIS SHOULD be obtained from an authorized and authenticated entity.
249	   The details for ensuring that an appropriate LIS is contacted are
250	   provided in Section 9 and in particular Section 9.1.  The LIS
251	   discovery protocol details are out of scope of this document and are
252	   specified in [I-D.ietf-geopriv-lis-discovery].  The type of URI
253	   provided by LIS discovery is RECOMMENDED to be an https: URI.

255	   The LIS requires an identifier for the Device in order to determine
256	   the appropriate location to include in the location response message.
257	   In this document, the IP address of the Device, as reflected by the
258	   source IP address in the location request message, is used as the
259	   identifier.  Other identifiers are possible, but are beyond the scope
260	   of this document.

262	4.1.  Device Identifiers, NAT and VPNs

264	   Use of the HELD protocol is subject to the viability of the
265	   identifier used by the LIS to determine location.  This document
266	   describes the use of the source IP address sent from the Device as
267	   the identifier used by the LIS.  When Network Address Translation
268	   (NAT), a Virtual Private Network (VPN) or other forms of address
269	   modification occur between the Device and the LIS the location
270	   returned could be inaccurate.

272	   Not all cases of NATs introduce inaccuracies in the returned
273	   location.  For example, a NAT used in a residential Local Area
274	   Network (LAN) is typically not a problem.  The external IP address
275	   used on the Wide Area Network (WAN) side of the NAT is an acceptable
276	   identifier for all of the devices in the residence, on the LAN side
277	   of the NAT, since the covered geographical area is small.

279	   On the other hand, if there is a VPN between the Device and the LIS,
280	   for example for a teleworker, then the IP address seen by a LIS
281	   inside the enterprise network might not be the right address to
282	   identify the location of the Device.  Section 4.1.2 provides
283	   recommendations to address this issue.

285	4.1.1.  Devices and VPNs

287	   To minimize the impact of connections or tunnels setup for security
288	   purposes or to traverse middleboxes, Devices that connect to servers
289	   such as VPN servers, SOCKS servers and HTTP proxy servers should
290	   perform their HELD query to the LIS prior to establishing a
291	   connection to other servers.  It is RECOMMENDED that discovery
292	   [I-D.ietf-geopriv-lis-discovery] and an initial query are performed
293	   before establishing any connections to other servers.  If a Device
294	   performs the HELD query after establishing a connection to another
295	   server, the Device may receive inaccurate location information.

297	   Devices that establish VPN connections for use by other devices
298	   inside a LAN or other closed network could serve as a LIS, that
299	   implements the HELD protocol, for those other Devices.  Devices
300	   within the closed network are not necessarily able to detect the
301	   presence of the VPN.  In this case, a VPN device should provide the
302	   address of the LIS server it provides, in response to discovery
303	   queries, rather than passing such queries through the VPN tunnel.
304	   Otherwise, the other devices would be totally unaware that they could
305	   receive inaccurate location information.

307	   It could also be useful for a VPN device to serve as a LIS for other
308	   location configuration options such as Dynamic Host Configuration
309	   Protocol (DHCP)[RFC3825] or Link Layer Discovery Protocol - Media
310	   Endpoint Discovery (LLDP-MED) [LLDP-MED].  For this case, the VPN
311	   device that serves as a LIS may first acquire its own location using
312	   HELD.

314	4.1.2.  LIS Handling of NATs and VPNs

316	   In the cases where the Device connects to the LIS through a VPN or a
317	   NAT that serves a large geographic area or multiple geographic
318	   locations (for example, a NAT used by an enterprise to connect their
319	   private network to the Internet), the LIS might not be able to return
320	   an accurate LI.  If the LIS cannot determine LI for the device, it
321	   should provide an error response to the requesting device.  The LIS
322	   needs to be configured to recognize identifiers that represent these
323	   conditions.

325	   LIS operators have a large role in ensuring the best possible
326	   environment for location determination.  The LIS operator needs to
327	   ensure that the LIS is properly configured with identifiers that fall
328	   within NATs and VPNs.  In order to serve a Device on a remote side of
329	   a NAT or VPN a LIS needs to have a presence on the side of the NAT or
330	   VPN nearest the Device.

332	4.2.  Location by Value

334	   Where a Device requires LI directly, it can request that the LIS
335	   create a PIDF-LO document.  This approach fits well with a
336	   configuration whereby the device directly makes use of the provided
337	   PIDF-LO document.  The details on the information that may be
338	   included in the PIDF-LO MUST follow the subset of those rules
339	   relating to the construction of the "location-info" element in the
340	   PIDF-LO Usage Clarification, Considerations and Recommendations
341	   document [RFC5491].  Further detail is included in the detailed
342	   protocol section of this document Section 6

344	4.3.  Location by Reference

346	   Requesting location directly does not always address the requirements
347	   of an application.  A Device can request a location URI instead of
348	   literal location.  A Location URI is a URI [RFC3986] of any scheme,
349	   which a Location Recipient (LR) can use to retrieve LI.  A location
350	   URI provided by a LIS can be assumed to be globally-addressable; that
351	   is, anyone in possession of the URI can access the LIS.

353	   However, possession of the URI does not in any way suggest that the
354	   LIS indiscriminately reveals the location associated with the
355	   location URI.  The specific requirements associated with the
356	   dereference of the location are specified in
357	   [I-D.ietf-geopriv-lbyr-requirements].  The location dereference
358	   protocol details are out of scope of this document.  As such, many of
359	   the requirements in [I-D.ietf-geopriv-lbyr-requirements] (e.g.,
360	   cancelling of location references) are not intended to be supported
361	   by this specification.  It is anticipated that future specifications
362	   may address these requirements.

364	5.  Protocol Description

366	   As discussed in Section 4 the HELD protocol provides for the
367	   retrieval of the device's location in the form of a PIDF-LO document
368	   and/or Location URI(s) from a LIS.  Three messages are defined to
369	   support the location retrieval: locationRequest, locationResponse and
370	   error.  Messages are defined as XML documents.

372	   The Location Request (locationRequest) message is described in
373	   Section 5.1.  A Location Request message from a Device indicates
374	   whether location in the form of a PIDF-LO document (with specific
375	   type(s) of location) and/or Location URI(s) should be returned.  The
376	   LIS replies with a locationResponse message, including a PIDF-LO
377	   document and/or one or more Location URIs in case of success.  In the
378	   case of an error, the LIS replies with an error message.

380	   A MIME type "application/held+xml" is registered in Section 11.3 to
381	   distinguish HELD messages from other XML document bodies.  This
382	   specification follows the recommendations and conventions described
383	   in [RFC3023], including the naming convention of the type ('+xml'
384	   suffix) and the usage of the 'charset' parameter.

386	   Section 6 contains a more thorough description of the protocol
387	   parameters, valid values, and how each should be handled.  Section 7
388	   contains a more specific definition of the structure of these
389	   messages in the form of an XML Schema [W3C.REC-xmlschema-1-20041028].

391	   This document describes the use of a combination of HTTP [RFC2616],
392	   TLS [RFC5246] and TCP [RFC0793] in Section 8.

394	5.1.  Location Request

396	   A location request message is sent from the Device to the LIS when
397	   the Device requires its own LI.  The type of LI that a Device
398	   requests is determined by the type of LI that is included in the
399	   "locationType" element.

401	   The location request is made by sending a document formed of a
402	   "locationRequest" element.  The LIS uses the source IP address of the
403	   location request message as the primary source of identity for the
404	   requesting device or target.  It is anticipated that other Device
405	   identities may be provided through schema extensions.

407	   The LIS MUST ignore any part of a location request message that it
408	   does not understand, except the document element.

410	5.2.  Location Response

412	   A successful response to a location request MUST contain a PIDF-LO
413	   and/or location URI(s).  The response SHOULD contain location
414	   information of the requested "locationType".  The cases whereby a
415	   different type of location information MAY be returned are described
416	   in Section 6.2.

418	5.3.  Indicating Errors

420	   If the LIS is unable to provide location information based on the
421	   received locationRequest message, it MUST return an error message.
422	   The LIS may return an error message in response to requests for any
423	   "locationType".

425	   An error indication document consists of an "error" element.  The
426	   "error" element MUST include a "code" attribute that indicates the
427	   type of error.  A set of predefined error codes are included in
428	   Section 6.3.

430	   Error responses MAY also include a "message" attribute that can
431	   include additional information.  This information SHOULD be for
432	   diagnostic purposes only, and MAY be in any language.  The language
433	   of the message SHOULD be indicated with an "xml:lang" attribute.

435	6.  Protocol Parameters

437	   This section describes in detail the parameters that are used for
438	   this protocol.  Table 1 lists the top-level components used within
439	   the protocol and where they are mandatory or optional for each of the
440	   messages.

442	   +----------------+----------------+----------------+----------------+
443	   | Parameter      |    Location    |    Location    |      Error     |
444	   |                |     Request    |    Response    |                |
445	   +----------------+----------------+----------------+----------------+
446	   | responseTime   |        o       |                |                |
447	   | (Section 6.1)  |                |                |                |
448	   | locationType   |        o       |                |                |
449	   | (Section 6.2)  |                |                |                |
450	   | code           |                |                |        m       |
451	   | (Section 6.3)  |                |                |                |
452	   | message        |                |                |        o       |
453	   | (Section 6.4)  |                |                |                |
454	   | locationUriSet |                |        o       |                |
455	   | (Section 6.5)  |                |                |                |
456	   | Presence       |                |        o       |                |
457	   | (PIDF-LO)      |                |                |                |
458	   | (Section 6.6)  |                |                |                |
459	   +----------------+----------------+----------------+----------------+

461	                     Table 1: Message Parameter Usage

463	6.1.  "responseTime" Parameter

465	   The "responseTime" attribute MAY be included in a location request
466	   message.  The "responseTime" attribute includes a time value
467	   indicating to the LIS how long the Device is prepared to wait for a
468	   response or a purpose for which the Device needs the location.

470	   In the case of emergency services, the purpose of obtaining the LI
471	   could be either for routing a call to the appropriate PSAP or
472	   indicating the location to which responders should be dispatched.
473	   The values defined for the purpose, "emergencyRouting" and
474	   "emergencyDispatch", will likely be governed by jurisdictional
475	   policies, and should be configurable on the LIS.

477	   The time value in the "responseTime" attribute is expressed as a non-
478	   negative integer in units of milliseconds.  The time value is
479	   indicative only and the LIS is under no obligation to strictly adhere
480	   to the time limit implied; any enforcement of the time limit is left
481	   to the requesting Device.  The LIS provides the most accurate LI that
482	   can be determined within the specified interval for the specific
483	   service.

485	   The LIS may use the value of the time in the "responseTime" attribute
486	   as input when selecting the method of location determination, where
487	   multiple such methods exist.  If the "responseTime" attribute is
488	   absent, then the LIS should return the most precise LI it is capable
489	   of determining, with the time interval being implementation
490	   dependent.

492	6.2.  "locationType" Parameter

494	   The "locationType" element MAY be included in a location request
495	   message.  It contains a list of LI types that are requested by the
496	   Device.  The following list describes the possible values:

498	   any:  The LIS SHOULD attempt to provide LI in all forms available to
499	      it.
500	   geodetic:  The LIS SHOULD return a location by value in the form of a
501	      geodetic location for the Target.
502	   civic:  The LIS SHOULD return a location by value in the form of a
503	      civic address for the Target.
504	   locationURI:  The LIS SHOULD return a set of location URIs for the
505	      Target.

507	   The LIS SHOULD return the requested location type or types.  The
508	   location types the LIS returns also depend on the setting of the
509	   optional "exact" attribute.  If the "exact" attribute is set to
510	   "true" then the LIS MUST return either the requested location type or
511	   provide an error response.  The "exact" attribute does not apply (is
512	   ignored) for a request for a location type of "any".  Further detail
513	   of the "exact" attribute processing is provided in the following
514	   Section 6.2.1.

516	   In the case of a request for specific locationType(s) and the "exact"
517	   attribute is false, the LIS MAY provide additional location types, or
518	   it MAY provide alternative types if the request cannot be satisfied
519	   for a requested location type.  The "SHOULD"-strength requirements on
520	   this parameter for specific location types are included to allow for
521	   soft-failover.  This enables a fixed client configuration that
522	   prefers a specific location type without causing location requests to
523	   fail when that location type is unavailable.  For example, a notebook
524	   computer could be configured to retrieve civic addresses, which is
525	   usually available from typical home or work situations.  However,
526	   when using a wireless modem, the LIS might be unable to provide a
527	   civic address and thus provides a geodetic address.

529	   The LIS SHOULD return location information in a form that is suited
530	   for routing and responding to an emergency call in its jurisdiction,
531	   specifically by value.  The LIS MAY alternatively or additionally
532	   return a location URI.  If the "locationType" element is absent, a
533	   value of "any" MUST be assumed as the default.  A location URI
534	   provided by the LIS is a reference to the most current available LI
535	   and is not a stable reference to a specific location.

537	   It should be noted that the protocol does not support a request to
538	   just receive one of a subset of location types.  For example, in the
539	   case where a Device has a preference for just "geodetic" or "civic",
540	   it is necessary to make the request without an "exact" attribute,
541	   including both location types.  In this case, if neither is available
542	   a LIS SHOULD return a locationURI if available.

544	   The LIS SHOULD provide the locations in the response in the same
545	   order in which they were included in the "locationType" element in
546	   the request.  Indeed, the primary advantage of including specific
547	   location types in a request when the "exact" attribute is set to
548	   "false" is to ensure that one receives the available locations in a
549	   specific order.  For example, a locationRequest for "civic" could
550	   yield any of the following location types in the response:

552	   o  civic
553	   o  civic, geodetic
554	   o  civic, locationURI
555	   o  civic, geodetic, locationURI
556	   o  civic, locationURI, geodetic
557	   o  geodetic, locationURI (only if civic is not available)
558	   o  locationURI, geodetic (only if civic is not available)
559	   o  geodetic (only if civic is not available)
560	   o  locationURI (only if civic is not available)

562	   For the example above, if the "exact" attribute was "true", then the
563	   only possible response is either a "civic" location or an error
564	   message.

566	6.2.1.  "exact" Attribute

568	   The "exact" attribute MAY be included in a location request message
569	   when the "locationType" element is included.  When the "exact"
570	   attribute is set to "true", it indicates to the LIS that the contents
571	   of the "locationType" parameter MUST be strictly followed.  The
572	   default value of "false" allows the LIS the option of returning
573	   something beyond what is specified, such as a set of location URIs
574	   when only a civic location was requested.

576	   A value of "true" indicates that the LIS MUST provide a location of
577	   the requested type or types or MUST provide an error.  The LIS MUST
578	   provide the requested types only.  The LIS MUST handle an exact
579	   request that includes a "locationType" element set to "any" as if the
580	   "exact" attribute were set to "false".

582	6.3.  "code" Parameter

584	   All "error" responses MUST contain a response code.  All errors are
585	   application-level errors, and MUST only be provided in successfully
586	   processed transport-level responses.  For example where HTTP/HTTPS is
587	   used as the transport, HELD error messages MUST be carried by a 200
588	   OK HTTP/HTTPS response.

590	   The value of the response code MUST be one of the following tokens:

592	   requestError:  This code indicates that the request was badly formed
593	      in some fashion (other than the XML content).
594	   xmlError:  This code indicates that the XML content of the request
595	      was either badly formed or invalid.
596	   generalLisError:  This code indicates that an unspecified error
597	      occurred at the LIS.
598	   locationUnknown:  This code indicates that the LIS could not
599	      determine the location of the Device.  The same request can be
600	      sent by the Device at a later time.  Devices MUST limit any
601	      attempts to retry requests.
602	   unsupportedMessage:  This code indicates that an element in the XML
603	      document for the request, was not supported or understood by the
604	      LIS.  This error code is used when a HELD request contains a
605	      document element that is not supported by the receiver.
606	   timeout:  This code indicates that the LIS could not satisfy the
607	      request within the time specified in the "responseTime" parameter.
608	   cannotProvideLiType:  This code indicates that the LIS was unable to
609	      provide LI of the type or types requested.  This code is used when
610	      the "exact" attribute on the "locationType" parameter is set to
611	      "true".
612	   notLocatable:  This code indicates that the LIS is unable to locate
613	      the Device, and that the Device MUST NOT make further attempts to
614	      retrieve LI from this LIS.  This error code is used to indicate
615	      that the Device is outside the access network served by the LIS;
616	      for instance, the VPN and NAT scenarios discussed in
617	      Section 4.1.2.

619	6.4.  "message" Parameter

621	   The "error" message MAY include one or more "message" attributes to
622	   convey some additional, human-readable information about the result
623	   of the request.  The message MAY be included in any language, which
624	   SHOULD be indicated by the "xml:lang", attribute.  The default
625	   language is assumed to be English.

627	6.5.  "locationUriSet" Parameter

629	   The "locationUriSet" element, received in a "locationResponse"
630	   message MAY contain any number of "locationURI" elements.  It is
631	   RECOMMENDED that the LIS allocate a Location URI for each scheme that
632	   it supports and that each scheme is present only once.  URI schemes
633	   and their secure variants, such as http and https, MUST be regarded
634	   as two separate schemes.

636	   If a "locationUriSet" element is received in a "locationResponse"
637	   message, it MUST contain an "expires" attribute, which defines the
638	   length of time for which the set of "locationURI" elements are valid.

640	6.5.1.  "locationURI" Parameter

642	   The "locationURI" element includes a single Location URI.  In order
643	   for a URI of any particular scheme to be included in a response,
644	   there MUST be a specification that defines how that URI can be used
645	   to retrieve location information.  The details of the protocol for
646	   dereferencing must meet the location dereference protocol
647	   requirements as specified in [I-D.ietf-geopriv-lbyr-requirements] and
648	   are outside the scope of this base HELD specification.

650	   Each Location URI that is allocated by the LIS is unique to the
651	   device that is requesting it.  At the time the location URI is
652	   provided in the response, there is no binding to a specific location
653	   type and the location URI is totally independent of the specific type
654	   of location it might reference.  The specific location type is
655	   determined at the time of dereference.

657	   A "locationURI" SHOULD NOT contain any information that could be used
658	   to identify the Device or Target.  Thus, it is RECOMMENDED that the
659	   "locationURI" element contain a public address for the LIS and an
660	   anonymous identifier, such as a local identifier or unlinked
661	   pseudonym.

663	   When a LIS returns a "locationURI" element to a Device, the policy on
664	   the "locationURI" is set by the LIS alone.  This specification does
665	   not include a mechanism for the HELD client to set access control
666	   policies on a "locationURI".  Conversely, there is no mechanism, in
667	   this protocol as defined in this document, for the LIS to provide a
668	   Device the access control policy to be applied to a "locationURI".
669	   Since the Device is not aware of the access controls to be applied to
670	   (subsequent) requests to dereference a "locationURI", the client
671	   SHOULD protect a "locationURI" as if it were a Location Object -
672	   i.e., the Device SHOULD send a "locationURI" over encrypted channels,
673	   and only to entities that are authorized to have access to the
674	   location.

676	   Further guidelines to ensure the privacy and confidentiality of the
677	   information contained in the "locationResponse" message, including
678	   the "locationURI", are included in Section 9.3.

680	6.5.2.  "expires" Parameter

682	   The "expires" attribute is only included in a "locationResponse"
683	   message when a "locationUriSet" element is included.  The "expires"
684	   attribute indicates the date/time at which the Location URIs provided
685	   by the LIS will expire.  The "expires" attribute does not define the
686	   length of time a location received by dereferencing the location URI
687	   will be valid.  The "expires" attribute is RECOMMENDED not to exceed
688	   24 hours and SHOULD be a minimum of 30 minutes.

690	   Location responses that contain a "locationUriSet" element MUST
691	   include the expiry time in the "expires" attribute.  If a Device
692	   dereferences a location URI after the expiry time, the dereference
693	   SHOULD fail.

695	6.6.  "Presence" Parameter (PIDF-LO)

697	   A single "presence" parameter MAY be included in the
698	   "locationResponse" message when specific locationTypes (e.g.,
699	   "geodetic" or "civic") are requested or a "locationType" of "any" is
700	   requested.  The LIS MUST follow the subset of the rules relating to
701	   the construction of the "location-info" element in the PIDF-LO Usage
702	   Clarification, Considerations and Recommendations document [RFC5491]
703	   in generating the PIDF-LO for the presence parameter.

705	   The LIS MUST NOT include any means of identifying the Device in the
706	   PIDF-LO unless it is able to verify that the identifier is correct
707	   and inclusion of identity is expressly permitted by a Rule Maker.
708	   Therefore, PIDF parameters that contain identity are either omitted
709	   or contain unlinked pseudonyms [RFC3693].  A unique, unlinked
710	   presentity URI SHOULD be generated by the LIS for the mandatory
711	   presence "entity" attribute of the PIDF document.  Optional
712	   parameters such as the "contact" element and the "deviceID" element
713	   [RFC4479] are not used.

715	   Note that the presence parameter is not explicitly shown in the XML
716	   schema in Section 7 for a location response message, due to XML
717	   schema constraints, since PIDF is already defined and registered
718	   separately.  Thus, the "##other" namespace serves as a placeholder
719	   for the presence parameter in the schema.

721	7.  XML Schema

723	   This section gives the XML Schema Definition
724	   [W3C.REC-xmlschema-1-20041028], [W3C.REC-xmlschema-2-20041028] of the
725	   "application/held+xml" format.  This is presented as a formal
726	   definition of the "application/held+xml" format.  Note that the XML
727	   Schema definition is not intended to be used with on-the-fly
728	   validation of the presence XML document.  Whitespaces are included in
729	   the schema to conform to the line length restrictions of the RFC
730	   format without having a negative impact on the readability of the
731	   document.  Any conforming processor should remove leading and
732	   trailing white spaces.

734	  <?xml version="1.0"?>
735	  <xs:schema
736	      targetNamespace="urn:ietf:params:xml:ns:geopriv:held"
737	      xmlns:xs="http://www.w3.org/2001/XMLSchema"
738	      xmlns:held="urn:ietf:params:xml:ns:geopriv:held"
739	      xmlns:xml="http://www.w3.org/XML/1998/namespace"
740	      elementFormDefault="qualified"
741	      attributeFormDefault="unqualified">

743	    <xs:annotation>
744	      <xs:documentation>
745	        This document (RFC xxxx) defines HELD messages.
746	        <!-- [[NOTE TO RFC-EDITOR: Please replace XXXX
747	             with the RFC number for this specification.]] -->
748	      </xs:documentation>
749	    </xs:annotation>

751	    <xs:import namespace="http://www.w3.org/XML/1998/namespace"/>

753	    <!-- Return Location -->
754	    <xs:complexType name="returnLocationType">
755	      <xs:complexContent>
756	        <xs:restriction base="xs:anyType">
757	          <xs:sequence>
758	            <xs:element name="locationURI" type="xs:anyURI"
759	                        maxOccurs="unbounded"/>
760	          </xs:sequence>
761	          <xs:attribute name="expires" type="xs:dateTime"
762	                        use="required"/>
763	        </xs:restriction>
764	      </xs:complexContent>
765	    </xs:complexType>
766	    <!-- responseTime Type -->
767	    <xs:simpleType name="responseTimeType">
768	      <xs:union>
769	        <xs:simpleType>
770	          <xs:restriction base="xs:token">
771	            <xs:enumeration value="emergencyRouting"/>
772	            <xs:enumeration value="emergencyDispatch"/>
773	          </xs:restriction>
774	        </xs:simpleType>
775	        <xs:simpleType>
776	          <xs:restriction base="xs:nonNegativeInteger">
777	            <xs:minInclusive value="0"/>
778	          </xs:restriction>
779	        </xs:simpleType>
780	      </xs:union>
781	    </xs:simpleType>

783	    <!-- Location Type -->
784	    <xs:simpleType name="locationTypeBase">
785	      <xs:union>
786	        <xs:simpleType>
787	          <xs:restriction base="xs:token">
788	            <xs:enumeration value="any"/>
789	          </xs:restriction>
790	        </xs:simpleType>
791	        <xs:simpleType>
792	          <xs:restriction base="held:locationTypeList">
793	            <xs:minLength value="1"/>
794	          </xs:restriction>
795	        </xs:simpleType>
796	      </xs:union>
797	    </xs:simpleType>

799	    <xs:simpleType name="locationTypeList">
800	      <xs:list>
801	        <xs:simpleType>
802	          <xs:restriction base="xs:token">
803	            <xs:enumeration value="civic"/>
804	            <xs:enumeration value="geodetic"/>
805	            <xs:enumeration value="locationURI"/>
806	          </xs:restriction>
807	        </xs:simpleType>
808	      </xs:list>
809	    </xs:simpleType>

811	    <xs:complexType name="locationTypeType">
812	      <xs:simpleContent>
813	        <xs:extension base="held:locationTypeBase">
814	          <xs:attribute name="exact" type="xs:boolean"
815	                        use="optional" default="false"/>
816	        </xs:extension>
817	      </xs:simpleContent>
818	    </xs:complexType>

820	    <!-- Message Definitions -->
821	    <xs:complexType name="baseRequestType">
822	      <xs:complexContent>
823	        <xs:restriction base="xs:anyType">
824	          <xs:sequence/>
825	          <xs:attribute name="responseTime" type="held:responseTimeType"
826	                        use="optional"/>
827	          <xs:anyAttribute namespace="##any" processContents="lax"/>
828	        </xs:restriction>
829	      </xs:complexContent>
830	    </xs:complexType>

832	    <xs:complexType name="errorType">
833	      <xs:complexContent>
834	        <xs:restriction base="xs:anyType">
835	          <xs:sequence>
836	            <xs:element name="message" type="held:errorMsgType"
837	                        minOccurs="0" maxOccurs="unbounded"/>
838	            <xs:any namespace="##other" processContents="lax"
839	                    minOccurs="0" maxOccurs="unbounded"/>
840	          </xs:sequence>
841	          <xs:attribute name="code" type="xs:token"
842	                        use="required"/>
843	          <xs:anyAttribute namespace="##any" processContents="lax"/>
844	        </xs:restriction>
845	      </xs:complexContent>
846	    </xs:complexType>

848	    <xs:complexType name="errorMsgType">
849	      <xs:simpleContent>
850	        <xs:extension base="xs:token">
851	          <xs:attribute ref="xml:lang"/>
852	          <xs:anyAttribute namespace="##any" processContents="lax"/>
853	        </xs:extension>
854	      </xs:simpleContent>
855	    </xs:complexType>

857	    <xs:element name="error" type="held:errorType"/>

859	    <!-- Location Response -->
860	    <xs:complexType name="locationResponseType">
861	      <xs:complexContent>
862	        <xs:restriction base="xs:anyType">
863	          <xs:sequence>
864	            <xs:element name="locationUriSet"
865	                        type="held:returnLocationType"
866	                        minOccurs="0"/>
867	            <xs:any namespace="##other" processContents="lax"
868	                    minOccurs="0" maxOccurs="unbounded"/>
869	          </xs:sequence>
870	        </xs:restriction>
871	      </xs:complexContent>
872	    </xs:complexType>

874	    <xs:element name="locationResponse"
875	                type="held:locationResponseType"/>

877	    <!-- Location Request -->

879	    <xs:complexType name="locationRequestType">
880	      <xs:complexContent>
881	        <xs:extension base="held:baseRequestType">
882	          <xs:sequence>
883	            <xs:element name="locationType"
884	                        type="held:locationTypeType"
885	                        minOccurs="0"/>
886	            <xs:any namespace="##other" processContents="lax"
887	                    minOccurs="0" maxOccurs="unbounded"/>
888	          </xs:sequence>
889	        </xs:extension>
890	      </xs:complexContent>
891	    </xs:complexType>

893	    <xs:element name="locationRequest"
894	                type="held:locationRequestType"/>

896	  </xs:schema>

898	8.  HTTP Binding

900	   This section describes the use of HTTP [RFC2616] and HTTP Over TLS
901	   [RFC2818] as transport mechanisms for the HELD protocol, which a
902	   conforming LIS and Device MUST support.

904	   Although HELD uses HTTP as a transport, it uses a strict subset of
905	   HTTP features, and due to the restrictions of some features, a LIS is
906	   not a fully compliant HTTP server.  It is intended that a LIS can
907	   easily be built using an HTTP server with extensibility mechanisms,
908	   and that a HELD Device can trivially use existing HTTP libraries.
909	   This subset of requirements helps implementors avoid ambiguity with
910	   the many options the full HTTP protocol offers.

912	   A Device that conforms to this specification MAY choose not to
913	   support HTTP authentication [RFC2617] or cookies [RFC2965].  Because
914	   the Device and the LIS may not necessarily have a prior relationship,
915	   the LIS SHOULD NOT require a Device to authenticate, either using the
916	   above HTTP authentication methods or TLS client authentication.
917	   Unless all Devices that access a LIS can be expected to be able to
918	   authenticate in a certain fashion, denying access to location
919	   information could prevent a Device from using location-dependent
920	   services, such as emergency calling.

922	   A HELD request is carried in the body of an HTTP POST request.  The
923	   Device MUST include a Host header in the request.

925	   The MIME type of HELD request and response bodies is
926	   "application/held+xml".  LIS and Device MUST provide this value in
927	   the HTTP Content-Type and Accept header fields.If the LIS does not
928	   receive the appropriate Content-Type and Accept header fields, the
929	   LIS SHOULD fail the request, returning a 406 (not acceptable)
930	   response.  HELD responses SHOULD include a Content-Length header.

932	   Devices MUST NOT use the "Expect" header or the "Range" header in
933	   HELD requests.  The LIS MAY return 501 (not implemented) errors if
934	   either of these HTTP features are used.  In the case that the LIS
935	   receives a request from the Device containing a If-* (conditional)
936	   header, the LIS SHOULD return a 412 (precondition failed) response.

938	   The POST method is the only method REQUIRED for HELD.  If a LIS
939	   chooses to support GET or HEAD, it SHOULD consider the kind of
940	   application doing the GET.  Since a HELD Device only uses a POST
941	   method, the GET or HEAD MUST be either an escaped URL (e.g., somebody
942	   found a URL in protocol traces or log files and fed it into their
943	   browser) or somebody doing testing/ debugging.  The LIS could provide
944	   information in the HELD response indicating that the URL corresponds
945	   to a LIS server and only responds to HELD POST requests or the LIS
946	   could instead try to avoid any leak of information by returning a
947	   very generic HTTP error message such as 404 (not found).

949	   The LIS populates the HTTP headers of responses so that they are
950	   consistent with the contents of the message.  In particular, the
951	   "CacheControl" header SHOULD be set to disable caching of any PIDF-LO
952	   document or Location URIs by HTTP intermediaries.  Otherwise, there
953	   is the risk of stale locations and/or the unauthorized disclosure of
954	   the LI.  This also allows the LIS to control any caching with the
955	   HELD "expires" parameter.  The HTTP status code MUST indicate a 2xx
956	   series response for all HELD locationResponse and HELD error
957	   messages.

959	   The LIS MAY redirect a HELD request.  A Device MUST handle redirects,
960	   by using the Location header provided by the server in a 3xx
961	   response.  When redirecting, the Device MUST observe the delay
962	   indicated by the Retry-After header.  The Device MUST authenticate
963	   the server that returns the redirect response before following the
964	   redirect, if a Device requires that the server is authenticated.  A
965	   Device SHOULD authenticate the LIS indicated in a redirect.

967	   The LIS SHOULD support persistent connections and request pipelining.
968	   If pipelining is not supported, the LIS MUST NOT allow persistent
969	   connections.  The Device MUST support termination of a response by
970	   the closing of a connection.

972	   Implementations of HELD that implement HTTP transport MUST implement
973	   transport over TLS [RFC2818].  TLS provides message integrity and
974	   confidentiality between Device and LIS.  The Device MUST implement
975	   the server authentication method described in HTTPS [RFC2818].  The
976	   device uses the URI obtained during LIS discovery to authenticate the
977	   server.  The details of this authentication method are provided in
978	   section 3.1 of HTTPS [RFC2818].  When TLS is used, the Device SHOULD
979	   fail a request if server authentication fails, except in the event of
980	   an emergency.

982	9.  Security Considerations

984	   HELD is a location acquisition protocol whereby the a client requests
985	   its location from a LIS.  Specific requirements and security
986	   considerations for location acquisition protocols are provided in
987	   [I-D.ietf-geopriv-l7-lcp-ps].  An in-depth discussion of the security
988	   considerations applicable to the use of Location URIs and by
989	   reference provision of LI is included in
990	   [I-D.ietf-geopriv-lbyr-requirements].

992	   By using the HELD protocol, the client and the LIS expose themselves
993	   to two types of risk:

995	   Accuracy:  Client receives incorrect location information
996	   Privacy:  An unauthorized entity receives location information

998	   The provision of an accurate and privacy/confidentiality protected
999	   location to the requestor depends on the success of five steps:

1001	      1.  The client must determine the proper LIS.
1002	      2.  The client must connect to the proper LIS.
1003	      3.  The LIS must be able to identify the device by its identifier
1004	      (IP Address).
1005	      4.  The LIS must be able to return the desired location.
1006	      5.  HELD messages must be transmitted unmodified between the LIS
1007	      and the client.

1009	   Of these, only the second, third and the fifth are within the scope
1010	   of this document.  The first step is based on either manual
1011	   configuration or on the LIS discovery defined in
1012	   [I-D.ietf-geopriv-lis-discovery], in which appropriate security
1013	   considerations are already discussed.  The fourth step is dependent
1014	   on the specific positioning capabilities of the LIS, and is thus
1015	   outside the scope of this document.

1017	9.1.  Assuring that the proper LIS has been contacted

1019	   This document assumes that the LIS to be contacted is identified
1020	   either by an IP address or a domain name, as is the case for a LIS
1021	   discovered as described in LIS Discovery
1022	   [I-D.ietf-geopriv-lis-discovery].  When the HELD transaction is
1023	   conducted using TLS [RFC5246], the LIS can authenticate its identity,
1024	   either as a domain name or as an IP address, to the client by
1025	   presenting a certificate containing that identifier as a
1026	   subjectAltName (i.e., as an iPAddress or dNSName, respectively).  In
1027	   the case of the HTTP binding described above, this is exactly the
1028	   authentication described by TLS [RFC2818].  If the client has
1029	   external information as to the expected identity or credentials of
1030	   the proper LIS (e.g., a certificate fingerprint), these checks MAY be
1031	   omitted.  Any binding of HELD MUST be capable of being transacted
1032	   over TLS so that the client can request the above authentication, and
1033	   a LIS implementation for a binding MUST include this feature.  Note
1034	   that in order for the presented certificate to be valid at the
1035	   client, the client must be able to validate the certificate.  In
1036	   particular, the validation path of the certificate must end in one of
1037	   the client's trust anchors, even if that trust anchor is the LIS
1038	   certificate itself.

1040	9.2.  Protecting responses from modification

1042	   In order to prevent that response from being modified en route,
1043	   messages must be transmitted over an integrity-protected channel.
1044	   When the transaction is being conducted over TLS (a required feature
1045	   per Section 9.1), the channel will be integrity protected by
1046	   appropriate ciphersuites.  When TLS is not used, this protection will
1047	   vary depending on the binding; in most cases, without protection from
1048	   TLS, the response will not be protected from modification en route.

1050	9.3.  Privacy and Confidentiality

1052	   Location information returned by the LIS must be protected from
1053	   access by unauthorized parties, whether those parties request the
1054	   location from the LIS or intercept it en route.  As in Section 9.2,
1055	   transactions conducted over TLS with appropriate ciphersuites are
1056	   protected from access by unauthorized parties en route.  Conversely,
1057	   in most cases, when not conducted over TLS, the response will be
1058	   accessible while en route from the LIS to the requestor.

1060	   Because HELD is an LCP and identifies clients and targets by IP
1061	   addresses, a requestor is authorized to access location for an IP
1062	   address only if it is the holder of that IP address.  The LIS MUST
1063	   verify that the client is the target of the returned location, i.e.,
1064	   the LIS MUST NOT provide location to other entities than the target.
1065	   Note that this is a necessary, but not sufficient criterion for
1066	   authorization.  A LIS MAY deny requests according to any local
1067	   policy.

1069	   A prerequisite for meeting this requirement is that the LIS must have
1070	   some assurance of the identity of the client.  Since the target of
1071	   the returned location is identified by an IP address, simply sending
1072	   the response to this IP address will provide sufficient assurance in
1073	   many cases.  This is the default mechanism in HELD for assuring that
1074	   location is given only to authorized clients; LIS implementations
1075	   MUST support a mode of operation in which this is the only client
1076	   authentication.

1078	   Using IP return routability as an authenticator means that location
1079	   information is vulnerable to exposure through IP address spoofing
1080	   attacks.  A temporary spoofing of IP address could mean that a device
1081	   c ould request a Location Object or Location URI that would result in
1082	   receiving another Device's location if the attacker is able to
1083	   receive packets sent to the spoofed address.  In addition, in cases
1084	   where a Device drops off the network for various reasons, the re-use
1085	   of the Device's IP address could result in another Device receiving
1086	   the original Device's location rather than its own location.  These
1087	   exposures are limited by the following:

1089	   o  Location URIs MUST have a limited lifetime, as reflected by the
1090	      value for the expires element in Section 6.5.2.  The lifetime of
1091	      location URIs necessarily depends on the nature of the access.
1092	   o  The LIS and network SHOULD be configured so that the LIS is made
1093	      aware of Device movement within the network and addressing
1094	      changes.  If the LIS detects a change in the network that results
1095	      in it no longer being able to determine the location of the
1096	      Device, then all location URIs for that Device SHOULD be
1097	      invalidated.

1099	   The above measures are dependent on network configuration, which
1100	   SHOULD be considered.  For instance, in a fixed internet access,
1101	   providers may be able to restrict the allocation of IP addresses to a
1102	   single physical line, ensuring that spoofing is not possible; in such
1103	   an environment, additional measures may not be necessary.

1105	10.  Examples

1107	   The following sections provide basic HTTP/HTTPS examples, a simple
1108	   location request example and a location request for multiple location
1109	   types example along with the relevant location responses.  To focus
1110	   on important portions of messages, the examples in Section 10.2 and
1111	   Section 10.3 do not show HTTP/HTTPS headers or the XML prologue.  In
1112	   addition, sections of XML not relevant to the example are replaced
1113	   with comments.

1115	10.1.   HTTPS Example Messages

1117	   The examples in this section show complete HTTP/HTTPS messages that
1118	   include the HELD request or response document.

1120	   This example shows the most basic request for a LO.  The POST
1121	   includes an empty "locationRequest" element.

1123	         POST /location HTTP/1.1
1124	         Host: lis.example.com:49152
1125	         Content-Type: application/held+xml
1126	         Content-Length: 87

1128	         <?xml version="1.0"?>
1129	         <locationRequest xmlns="urn:ietf:params:xml:ns:geopriv:held"/>

1131	   Since the above request does not include a "locationType" element,
1132	   the successful response to the request may contain any type of
1133	   location.  The following shows a response containing a minimal
1134	   PIDF-LO.

1136	   HTTP/1.1 200 OK
1137	   Server: Example LIS
1138	   Date: Tue, 10 Jan 2006 03:42:29 GMT
1139	   Expires: Tue, 10 Jan 2006 03:42:29 GMT
1140	   Cache-control: private
1141	   Content-Type: application/held+xml
1142	   Content-Length: 594

1144	   <?xml version="1.0"?>
1145	    <locationResponse xmlns="urn:ietf:params:xml:ns:geopriv:held">
1146	     <presence xmlns="urn:ietf:params:xml:ns:pidf"
1147	      entity="pres:3650n87934c@ls.example.com">
1148	      <tuple id="b650sf789nd">
1149	       <status>
1150	        <geopriv xmlns="urn:ietf:params:xml:ns:pidf:geopriv10">
1151	         <location-info>
1152	          <Point xmlns="http://www.opengis.net/gml"
1153	           srsName="urn:ogc:def:crs:EPSG::4326">
1154	           <pos>-34.407 150.88001</pos>
1155	          </Point>
1156	         </location-info>
1157	         <usage-rules
1158	          xmlns:gbp="urn:ietf:params:xml:ns:pidf:geopriv10:basicPolicy">
1159	          <gbp:retention-expiry>2006-01-11T03:42:28+00:00
1160	          </gbp:retention-expiry>
1161	         </usage-rules>
1162	         <method>Wiremap</method>
1163	        </geopriv>
1164	       </status>
1165	       <timestamp>2006-01-10T03:42:28+00:00</timestamp>
1166	      </tuple>
1167	     </presence>
1168	    </locationResponse>

1170	   The error response to the request is an error document.  The
1171	   following response shows an example error response.

1173	         HTTP/1.1 200 OK
1174	         Server: Example LIS
1175	         Expires: Tue, 10 Jan 2006 03:49:20 GMT
1176	         Cache-control: private
1177	         Content-Type: application/held+xml
1178	         Content-Length: 135

1180	         <?xml version="1.0"?>
1181	         <error xmlns="urn:ietf:params:xml:ns:geopriv:held"
1182	            code="locationUnknown">
1183	           <message xml:lang="en">Unable to determine location
1184	           </message>
1185	         </error>

1187	10.2.  Simple Location Request Example

1189	   The location request shown below doesn't specify any location types
1190	   or response time.

1192	   <locationRequest xmlns="urn:ietf:params:xml:ns:geopriv:held"/>

1194	   The example response to this location request contains a list of
1195	   Location URIs.

1197	   <locationResponse xmlns="urn:ietf:params:xml:ns:geopriv:held">
1198	     <locationUriSet expires="2006-01-01T13:00:00">
1199	       <locationURI>https://ls.example.com:9768/357yc6s64ceyoiuy5ax3o
1200	       </locationURI>
1201	       <locationURI>sip:9769+357yc6s64ceyoiuy5ax3o@ls.example.com
1202	       </locationURI>
1203	     </locationUriSet>
1204	   </locationResponse>
1205	   An error response to this location request is shown below:

1207	         <error xmlns="urn:ietf:params:xml:ns:geopriv:held"
1208	                    code="locationUnknown"/>
1209	           <message="Location not available"
1210	           </message>
1211	         </error>

1213	10.3.  Location Request Example for Multiple Location Types

1215	   The following Location Request message includes a request for
1216	   geodetic, civic and any Location URIs.

1218	         <locationRequest xmlns="urn:ietf:params:xml:ns:geopriv:held">
1219	          <locationType exact="true">
1220	            geodetic
1221	            civic
1222	            locationURI
1223	          </locationType>
1224	          </locationRequest>

1226	   The corresponding Location Response message includes the requested
1227	   location information, including two location URIs.

1229	     <locationResponse xmlns="urn:ietf:params:xml:ns:geopriv:held">
1230	      <locationUriSet expires="2006-01-01T13:00:00">
1231	       <locationURI>https://ls.example.com:9768/357yc6s64ceyoiuy5ax3o
1232	       </locationURI>
1233	       <locationURI>sip:9769+357yc6s64ceyoiuy5ax3o@ls.example.com:
1234	       </locationURI>
1235	      </locationUriSet>
1236	      <presence xmlns="urn:ietf:params:xml:ns:pidf"
1237	        entity="pres:ae3be8585902e2253ce2@10.102.23.9">
1238	      <tuple id="lisLocation">
1239	       <status>
1240	        <geopriv xmlns="urn:ietf:params:xml:ns:pidf:geopriv10">
1241	        <location-info>
1242	         <gs:Circle xmlns:gs="http://www.opengis.net/pidflo/1.0"
1243	           xmlns:gml="http://www.opengis.net/gml"
1244	           srsName="urn:ogc:def:crs:EPSG::4326">
1245	          <gml:pos>-34.407242 150.882518</gml:pos>
1246	          <gs:radius uom="urn:ogc:def:uom:EPSG::9001">30
1247	          </gs:radius>
1248	         </gs:Circle>
1249	         <ca:civicAddress
1250	           xmlns:ca="urn:ietf:params:xml:ns:pidf:geopriv10:civicAddr"
1251	           xml:lang="en-au">
1252	          <ca:country>AU</ca:country>
1253	          <ca:A1>NSW</ca:A1>
1254	          <ca:A3>Wollongong</ca:A3>
1255	          <ca:A4>Gwynneville</ca:A4>
1256	          <ca:STS>Northfield Avenue</ca:STS>
1257	          <ca:LMK>University of Wollongong</ca:LMK>
1258	          <ca:FLR>2</ca:FLR>
1259	          <ca:NAM>Andrew Corporation</ca:NAM>
1260	          <ca:PC>2500</ca:PC>
1261	          <ca:BLD>39</ca:BLD>
1262	          <ca:SEAT>WS-183</ca:SEAT>
1263	          <ca:POBOX>U40</ca:POBOX>
1264	        </ca:civicAddress>
1265	       </location-info>
1266	       <usage-rules
1267	         xmlns:gbp="urn:ietf:params:xml:ns:pidf:geopriv10:basicPolicy">
1268	        <gbp:retransmission-allowed>false
1269	        </gbp:retransmission-allowed>
1270	        <gbp:retention-expiry>2007-05-25T12:35:02+10:00
1271	        </gbp:retention-expiry>
1272	       </usage-rules>
1273	       <method>Wiremap</method>
1274	      </geopriv>
1275	     </status>
1276	     <timestamp>2007-05-24T12:35:02+10:00</timestamp>
1277	    </tuple>
1278	   </presence>
1279	   </locationResponse>

1281	11.  IANA Considerations

1283	   This document requires several IANA registrations detailed in the
1284	   following sections.

1286	11.1.  URN Sub-Namespace Registration for
1287	       urn:ietf:params:xml:ns:geopriv:held

1289	   This section registers a new XML namespace,
1290	   "urn:ietf:params:xml:ns:geopriv:held", per the guidelines in

1292	   [RFC3688].

1294	      URI: urn:ietf:params:xml:ns:geopriv:held
1295	      Registrant Contact: IETF, GEOPRIV working group,
1296	      (geopriv@ietf.org), Mary Barnes (mary.barnes@nortel.com).
1297	      XML:

1299	         BEGIN
1300	           <?xml version="1.0"?>
1301	           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
1302	             "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
1303	           <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
1304	             <head>
1305	               <title>HELD Messages</title>
1306	             </head>
1307	             <body>
1308	               <h1>Namespace for HELD Messages</h1>
1309	               <h2>urn:ietf:params:xml:ns:geopriv:held</h2>
1310	       [NOTE TO IANA/RFC-EDITOR: Please replace XXXX
1311	       with the RFC number for this specification.]
1312	               <p>See RFCXXXX</p>
1313	             </body>
1314	           </html>
1315	         END

1317	11.2.  XML Schema Registration

1319	   This section registers an XML schema as per the guidelines in
1320	   [RFC3688].

1322	   URI:  urn:ietf:params:xml:schema:geopriv:held
1323	   Registrant Contact:  IETF, GEOPRIV working group, (geopriv@ietf.org),
1324	      Mary Barnes (mary.barnes@nortel.com).
1325	   Schema:  The XML for this schema can be found as the entirety of
1326	      Section 7 of this document.

1328	11.3.  MIME Media Type Registration for 'application/held+xml'

1330	   This section registers the "application/held+xml" MIME type.

1332	   To:  ietf-types@iana.org
1333	   Subject:  Registration of MIME media type application/held+xml
1334	   MIME media type name:  application
1335	   MIME subtype name:  held+xml
1336	   Required parameters:  (none)
1337	   Optional parameters:  charset
1338	      Indicates the character encoding of enclosed XML.  Default is
1339	      UTF-8.
1340	   Encoding considerations:  Uses XML, which can employ 8-bit
1341	      characters, depending on the character encoding used.  See RFC
1342	      3023 [RFC3023], section 3.2.
1343	   Security considerations:  This content type is designed to carry
1344	      protocol data related to the location of an entity, which could
1345	      include information that is considered private.  Appropriate
1346	      precautions should be taken to limit disclosure of this
1347	      information.
1348	   Interoperability considerations:  This content type provides a basis
1349	      for a protocol
1350	   Published specification:  RFC XXXX [NOTE TO IANA/RFC-EDITOR: Please
1351	      replace XXXX with the RFC number for this specification.]
1352	   Applications which use this media type:  Location information
1353	      providers and consumers.
1354	   Additional Information:  Magic Number(s): (none)
1355	      File extension(s): .xml
1356	      Macintosh File Type Code(s): (none)
1357	   Person & email address to contact for further information:  Mary
1358	      Barnes <mary.barnes@nortel.com>
1359	   Intended usage:  LIMITED USE
1360	   Author/Change controller:  The IETF
1361	   Other information:  This media type is a specialization of
1362	      application/xml [RFC3023], and many of the considerations
1363	      described there also apply to application/held+xml.

1365	11.4.  Error code Registry

1367	   This document requests that the IANA create a new registry for the
1368	   HELD protocol including an initial registry for error codes.  The
1369	   error codes are included in HELD error messages as described in
1370	   Section 6.3 and defined in the schema in the 'codeType' token in the
1371	   XML schema in (Section 7)

1373	   The following summarizes the requested registry:

1375	   Related Registry:   Geopriv HELD Registries, Error codes for HELD
1376	   Defining RFC:  RFC XXXX [NOTE TO IANA/RFC-EDITOR: Please replace XXXX
1377	      with the RFC number for this specification.]
1378	   Registration/Assignment Procedures:  Following the policies outlined
1379	      in [RFC5226], the IANA policy for assigning new values for the
1380	      Error codes for HELD shall be Standards Action: Values are
1381	      assigned only for Standards Track RFCs approved by the IESG.

1383	   Registrant Contact:  IETF, GEOPRIV working group, (geopriv@ietf.org),
1384	      Mary Barnes (mary.barnes@nortel.com).

1386	   This section pre-registers the following seven initial error codes as
1387	   described above in Section 6.3:

1389	   requestError:  This code indicates that the request was badly formed
1390	      in some fashion.
1391	   xmlError:  This code indicates that the XML content of the request
1392	      was either badly formed or invalid.
1393	   generalLisError:  This code indicates that an unspecified error
1394	      occurred at the LIS.
1395	   locationUnknown:  This code indicates that the LIS could not
1396	      determine the location of the Device.
1397	   unsupportedMessage:  This code indicates that the request was not
1398	      supported or understood by the LIS.  This error code is used when
1399	      a HELD request contains a document element that is not supported
1400	      by the receiver.
1401	   timeout:  This code indicates that the LIS could not satisfy the
1402	      request within the time specified in the "responseTime" parameter.
1403	   cannotProvideLiType:  This code indicates that the LIS was unable to
1404	      provide LI of the type or types requested.  This code is used when
1405	      the "exact" attribute on the "locationType" parameter is set to
1406	      "true".
1407	   notLocatable:  This code indicates that the LIS is unable to locate
1408	      the Device, and that the Device MUST NOT make further attempts to
1409	      retrieve LI from this LIS.  This error code is used to indicate
1410	      that the Device is outside the access network served by the LIS;
1411	      for instance, the VPN and NAT scenarios discussed in
1412	      Section 4.1.2.

1414	12.  Contributors

1416	   James Winterbottom, Martin Thomson and Barbara Stark are the authors
1417	   of the original document, from which this WG document was derived.
1418	   Their contact information is included in the Author's address
1419	   section.  In addition, they also contributed to the WG document,
1420	   including the XML schema.

1422	13.  Acknowledgements

1424	   The author/contributors would like to thank the participants in the
1425	   GEOPRIV WG and the following people for their constructive input and
1426	   feedback on this document (in alphabetical order): Nadine Abbott,
1427	   Bernard Aboba, Eric Arolick, Richard Barnes (in particular the
1428	   security section), Peter Blatherwick, Ben Campbell, Guy Caron, Eddy
1429	   Corbett, Martin Dawson, Lisa Dusseault, Jerome Grenier, Ted Hardie,
1430	   Cullen Jennings, Neil Justusson, Tat Lam, Marc Linsner, Patti
1431	   McCalmont, Roger Marshall, Perry Prozeniuk, Carl Reed, Julian
1432	   Reschke, Eric Rescorla, Brian Rosen, John Schnizlein, Shida Schubert,
1433	   Henning Schulzrinne, Ed Shrum, Doug Stuard, Hannes Tschofenig and
1434	   Karl Heinz Wolf.

1436	14.  Changes since last Version

1438	   NOTE TO THE RFC-Editor: Please remove this section prior to
1439	   publication as an RFC.

1441	   Changes from 14 to 15(Gen-Art and IETF discussion ML comments post
1442	   3rd IETF LC):

1444	   1) Clarification around device support for cookies or basic/digest
1445	   authentication.

1447	   2)Additional text in section 6.3 (PIDF-LO) around the LIS including
1448	   (and not including) any information identifying the device in the
1449	   returned PIDF-LO.

1451	   3) As always, a few additional editorial changes and clarifications.

1453	   Changes from 13 to 14 (AD comments post 2nd IETF LC):

1455	   1) Section 4.3: Removed reference to location-dereference protocol
1456	   document.  Generalized statement wrt HELD not meeting all the lbyr
1457	   requirements (e.g., cancelling of location references).

1459	   2) Removed section 5.1 (Delivery Protocol) and just left the
1460	   statement that this document describes the use of HTTP and that HELD
1461	   is an application layer protocol.

1463	   3) Section 6.1: "the LIS should provide the most accurate LI" -> "the
1464	   LIS provides the most accurate LI" to avoid the inference of a
1465	   normative requirement.

1467	   4) Section 6.3: clarified "locationUnknown" error code.

1469	   5) Section 6.4: changed text to indication that errors can contain
1470	   multiple "message" parameters to accommodate errors in different
1471	   languages.

1473	   6) Section 7 : updated XML schema to reflect change in error message
1474	   to accommodate multiple "message" parameters.  Note, a few other
1475	   changes to XML schema based on "strict" validation.

1477	   7) Section 8: clarified that redirect should be authenticated if the
1478	   Device requires that the redirect server is authenticated.

1480	   8) Section 10:

1482	   - updated examples due to updates to XML schema

1484	   - removed empty POST example.

1486	   9) Section 11.4: Changed IANA registration for error codes from
1487	   "Specification Required" to "Standards Action"

1489	   10) Other minor clarifications.

1491	   Changes from WG 12 to 13 (Post-2nd WGLC):

1493	   1) Fixed editorial error in section 6.2 with regards to empty
1494	   "locationType" - error was introduced in 06 to 07 changes.

1496	   2) Added additional text in section 6.5.1 to improve security
1497	   associated with locationURIs.

1499	   3) Modified XML schema for errorType and responseType to allow an
1500	   attribute to be returned.  Also, added extensibility to errorType.

1502	   Changes from WG 11 to 12 (Post-2nd WGLC):

1504	   1) Expanded text in section 8 (HTTP binding) to provide more detail
1505	   about the requirements for an HTTP implementation supporting HELD.
1506	   Clarified the mandatory functionality and specific handling of other
1507	   functionality of HTTP.

1509	   2) Clarification in section 9.1 for clients that have external info
1510	   wrt the identity or credentials of the LIS.

1512	   3) More nits.

1514	   Changes from WG 10 to 11 (Post-2nd WGLC):

1516	   1) Added additional text around the scope and applicability of the
1517	   URI returned from LIS Discovery (section 4).

1519	   2) Removed HTTP GET - will always use POST.

1521	   3) Removed sentence wrt mobile devices in section 6.2.

1523	   4) Added specific recommendation for minimum value for expires in
1524	   section 6.5.2 (30 Minutes).

1526	   5) Remove reference to RFC 3704 (for IP address spoofing) in section
1527	   9.3 (bullet 2).

1529	   6) Clarified that both HTTP and HTTPS are allowed - changed last
1530	   bullet in section 5.1 from REQUIRES to RECOMMENDS.

1532	   7) Clarification wrt "presence" parameter in section 6.6 - a "single"
1533	   presence parameter may be included.

1535	   Changes from WG 09 to 10 (2nd WGLC):

1537	   1) Updated text for Devices and VPNs (section 4.1.1) to include
1538	   servers such as HTTP and SOCKs, thus changed the text to be generic
1539	   in terms of locating LIS before connecting to one of these servers,
1540	   etc.

1542	   2) Fixed (still buggy) HTTP examples.

1544	   3) Added text explaining the whitespaces in XML schema are for
1545	   readability/document format limitations and that they should be
1546	   handled via parser/schema validation.

1548	   4) Miscellaneous editorial nits

1550	   Changes from WG 08 to 09 (Post-IETF LC: continued resolution of sec-
1551	   dir and gen-art review comments, along with apps-area feedback):

1553	   1) Removed heldref/heldrefs URIs, including fixing examples (which
1554	   were buggy anyways).

1556	   2) Clarified text for locationURI - specifying that the deref
1557	   protocol must define or appropriately restrict and clarifying that
1558	   requirements for deref must be met and that deref details are out of
1559	   scope for this document.

1561	   3) Clarified text in security section for support of both HTTP/HTTPS.

1563	   4) Changed definition for Location Type to force the specification of
1564	   at least one location type.

1566	   Changes from WG 07 to 08 (IETF LC: sec-dir and gen-art review
1567	   comments):

1569	   1) Fix editorial nits: rearranging sections in 4.1 for readibility,
1570	   etc.

1572	   2) Added back text in Device and VPN section referencing DHCP and
1573	   LLDP-MED when a VPN device serves as a LIS.

1575	   3) Clarified the use of both HTTP and HTTPS.

1577	   4) Defined two URIs related to 3 respectively - divided IANA
1578	   registrations into sub-sections to accomodate this change.  (Note:
1579	   LIS Discovery will now define that URI, thus this document defines
1580	   the one associatied with a Location reference).

1582	   5) Clarified the description of the location URI in Protocol Overview
1583	   and Protocol parameter sections.  Note that these sections again
1584	   reference location dereference protocol for completeness and
1585	   clarification of issues that are out of scope for this base document.

1587	   6) Defined new error code: notLocatable.

1589	   7) Clarifications and corrections in security section.

1591	   8) Clarified text for locationType, specifically removing extra text
1592	   from "any" description and putting that in a separate paragraph.
1593	   Also, provided an example.

1595	   9) Added boundaries for "expires" parameter.

1597	   10) Clarified that the HELD protocol as defined by this document does
1598	   not allow for canceling location references.

1600	   Changes from WG 06 to 07 (PROTO review comments):

1602	   1) Fix nits: remove unused references, move requirements to
1603	   Informational References section, fix long line in ABNF, fix ABNF
1604	   (quotes around '?'), add schemaLocation to import namespace in XML
1605	   schema.

1607	   2) Remove text in Device and VPN section referencing DHCP and LLDP-
1608	   MED when a VPN device serves as a LIS, per Issue 1 resolution at
1609	   IETF-71.  (Editorial oversight in producing version 06).

1611	   Changes from WG 05 to 06 (2nd WGLC comments):

1613	   1) Updated security section based on WG feedback, including
1614	   condensing section 10.1.1 (Assuring the proper LIS has been
1615	   contacted), restructuring sections by flattening, adding an
1616	   additional step to the list that had been in the Accuracy section and
1617	   removing summary section.

1619	   2) Changed URI schema to "helds" to address concerns over referential
1620	   integrity and for consistency with mandate of TLS for HELD.

1622	   3) Editorial clarifications including fixing examples to match HELD
1623	   URI definition (e.g., adding port, adding randomness to URI examples,
1624	   etc.)

1626	   4) Updated references removing unused references and moving
1627	   requirements docs to Informational Reference section to avoid
1628	   downrefs.

1630	   Changes from WG 04 to 05 (WGLC comments):

1632	   1) Totally replaced the security section with the details provided by
1633	   Richard Barnes so that we don't need a reference to the location
1634	   security document.

1636	   2) Fixed error codes in schema to allow extensibility.  Change the
1637	   IANA registration to be "specification required".

1639	   3) Cleaned up the HELD: URI description, per comments from Martin and
1640	   James and partially addressing HELD-04 Issue 1.  Put the definition
1641	   in a separate section and clarified the applicability (to also
1642	   include being a results of the discovery process) and fixed examples.

1644	   4) Updated the LocationURI section to be more accurate, address
1645	   HELD-04 Issue 3, and include the reference to the new HELD:URI
1646	   section.  Also, fixed an error in the doc in that the top level parm
1647	   in the locationResponse is actually locationUriSet, which contains
1648	   any number of locationURI elements and the "expires" parameter.  So,
1649	   Table 1 was also updated and a new section for the LocationURISet was
1650	   added that includes the subsections for the "locationURI" and
1651	   "expires".  And, then clarified that "expires" applies to
1652	   "locationURISet" and not per "locationURI".

1654	   5) Editorial nits: pointed out offline by Richard (e.g., by-value ->
1655	   by value, by-reference -> by reference, etc.) and onlist by James and
1656	   Martin.  Please refer to the diff for a complete view of editorial
1657	   changes.

1659	   6) Added text in HTTP binding section to disable HTTP caching
1660	   (HELD-04 Issue 5 on the list).

1662	   Changes from WG 03 to 04:

1664	   1) Terminology: clarified in terminology section that "attribute" and
1665	   "element" are used in the strict XML sense and "parameter" is used as
1666	   a general protocol term Replaced term "HTTP delivery" with "HTTP
1667	   transport".  Still have two terms "HTTP transport" and "HTTP
1668	   binding", but those are consistent with general uses of HTTP.

1670	   2) Editorial changes and clarifications: per Roger Marshall's and
1671	   Eric Arolick's comments and subsequent WG mailing list discussion.

1673	   3) Changed normative language for describing expected and recommended
1674	   LIS behaviors to be non-normative recommendations in cases where the
1675	   protocol parameters were not the target of the discussion (e.g., we
1676	   can't prescribe to the LIS how it determines location or what it
1677	   defines to be an "accurate" location).

1679	   4) Clarified responseTime attribute (section 6.1).  Changed type from
1680	   "decimal" to "nonNegativeInteger" in XML schema (section 7)

1682	   5) Updated Table 1 in section 6 to only include top-level parameters
1683	   and fixed some errors in that table (i.e., code for locationResponse)
1684	   and adding PIDF-LO to the table.  Added a detailed section describing
1685	   PIDF-LO (section 6.6), moving some of the normative text in the
1686	   Protocol Overview to this section.

1688	   6) Added schema and description for locationURI to section 6.5.
1689	   Added IANA registration for HELD: URI schema.

1691	   7) Added IANA registry for error codes.

1693	   Changes from WG 02 to 03:

1695	   1) Added text to address concern over use of IP address as device
1696	   identifier, per long email thread - changes to section 3 (overview)
1697	   and section 4 (protocol overview).

1699	   2) Removed WSDL (section 8 updated, section 8.1 and 10.4 removed)

1701	   3) Added extensibility to baseRequestType in the schema (an oversight
1702	   from previous edits), along with fixing some other nits in schema
1703	   (section 7)

1705	   4) Moved discussion of Location URI from section 5.3 (Location
1706	   Response) to where it rightly belonged in Section 6.5 (Location URI
1707	   Parameter).

1709	   5) Clarified text for "expires" parameter (6.5.1) - it's an optional
1710	   parm, but required for LocationURIs

1712	   6) Clarified responseTime parameter: when missing, then the LCS
1713	   provides most precise LI, with the time required being implementation
1714	   specific.

1716	   7) Clarified that the MUST use in section 8 (HTTP binding) is a MUST
1717	   implement.

1719	   8) Updated references (removed unused/added new).

1721	   Changes from WG 01 to 02:

1723	   1) Updated Terminology to be consistent with WG agreements and other
1724	   documents (e.g., LCS -> LIS and removed duplicate terms).  In the
1725	   end, there are no new terms defined in this document.

1727	   2) Modified definition of responseTime to reflect WG consensus.

1729	   3) Removed jurisdictionalCivic and postalCivic locationTypes (leaving
1730	   just "civic").

1732	   4) Clarified text that locationType is optional.  Fixed table 1 and
1733	   text in section 5.2 (locationRequest description).  Text in section
1734	   6.2 (description of locationType element) already defined the default
1735	   to be "any".

1737	   5) Simplified error responses.  Separated the definition of error
1738	   response type from the locationResponse type thus no need for
1739	   defining an error code of "success".  This simplifies the schema and
1740	   processing.

1742	   6) Updated schema/examples for the above.

1744	   7) Updated Appendix A based on updates to requirements document,
1745	   specifically changes to A.1, A.3 and adding A.10.

1747	   8) Miscellaneous editorial clarifications.

1749	   Changes from WG 00 to 01:

1751	   1) heldResponse renamed to locationResponse.

1753	   2) Changed namespace references for the PIDF-LO geoShape in the
1754	   schema to match the agreed GML PIDF-LO Geometry Shape Application
1755	   Schema.

1757	   3) Removed "options" element - leaving optionality/extensibility to
1758	   XML mechanisms.

1760	   4) Changed error codes to be enumerations and not redefinitions of
1761	   HTTP response codes.

1763	   5) Updated schema/examples for the above and removed some remnants of
1764	   the context element.

1766	   6) Clarified the definition of "Location Information (LI)" to include
1767	   a reference to the location (to match the XML schema and provide
1768	   consistency of usage throughout the document).  Added an additional
1769	   statement in section 7.2 (locationType) to clarify that LCS MAY also
1770	   return a Location URI.

1772	   7) Modifed the definition of "Location Configuration Server (LCS)" to
1773	   be consistent with the current definiton in the requirements
1774	   document.

1776	   8) Updated Location Response (section 6.3) to remove reference to
1777	   context and discuss the used of a local identifier or unlinked
1778	   pseudonym in providing privacy/security.

1780	   9) Clarified that the source IP address in the request is used as the
1781	   identifier for the target/device for the HELD protocol as defined in
1782	   this document.

1784	   10) Miscellaneous editorial clarifications.

1786	15.  References

1788	15.1.  Normative References

1790	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
1791	              Requirement Levels", BCP 14, RFC 2119, March 1997.

1793	   [RFC5246]  Dierks, T. and E. Rescorla, "The Transport Layer Security
1794	              (TLS) Protocol Version 1.2", RFC 5246, August 2008.

1796	   [RFC2965]  Kristol, D. and L. Montulli, "HTTP State Management
1797	              Mechanism", RFC 2965, October 2000.

1799	   [RFC2616]  Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
1800	              Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
1801	              Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.

1803	   [RFC2818]  Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.

1805	   [RFC3688]  Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
1806	              January 2004.

1808	   [RFC5491]  Winterbottom, J., Thomson, M., and H. Tschofenig, "GEOPRIV
1809	              Presence Information Data Format Location Object (PIDF-LO)
1810	              Usage Clarification, Considerations, and Recommendations",
1811	              RFC 5491, March 2009.

1813	   [W3C.REC-xmlschema-1-20041028]
1814	              Thompson, H., Mendelsohn, N., Maloney, M., and D. Beech,
1815	              "XML Schema Part 1: Structures Second Edition", World Wide
1816	              Web Consortium Recommendation REC-xmlschema-1-20041028,
1817	              October 2004,
1818	              <http://www.w3.org/TR/2004/REC-xmlschema-1-20041028>.

1820	   [W3C.REC-xmlschema-2-20041028]
1821	              Malhotra, A. and P. Biron, "XML Schema Part 2: Datatypes
1822	              Second Edition", World Wide Web Consortium
1823	              Recommendation REC-xmlschema-2-20041028, October 2004,
1824	              <http://www.w3.org/TR/2004/REC-xmlschema-2-20041028>.

1826	   [I-D.ietf-geopriv-lis-discovery]
1827	              Thomson, M. and J. Winterbottom, "Discovering the Local
1828	              Location Information Server (LIS)",
1829	              draft-ietf-geopriv-lis-discovery-11 (work in progress),
1830	              May 2009.

1832	15.2.  Informative References

1834	   [RFC0793]  Postel, J., "Transmission Control Protocol", STD 7,
1835	              RFC 793, September 1981.

1837	   [RFC2617]  Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S.,
1838	              Leach, P., Luotonen, A., and L. Stewart, "HTTP
1839	              Authentication: Basic and Digest Access Authentication",
1840	              RFC 2617, June 1999.

1842	   [RFC3023]  Murata, M., St. Laurent, S., and D. Kohn, "XML Media
1843	              Types", RFC 3023, January 2001.

1845	   [RFC3693]  Cuellar, J., Morris, J., Mulligan, D., Peterson, J., and
1846	              J. Polk, "Geopriv Requirements", RFC 3693, February 2004.

1848	   [RFC3825]  Polk, J., Schnizlein, J., and M. Linsner, "Dynamic Host
1849	              Configuration Protocol Option for Coordinate-based
1850	              Location Configuration Information", RFC 3825, July 2004.

1852	   [LLDP-MED]
1853	              TIA, "ANSI/TIA-1057 Link Layer Discovery Protocol - Media
1854	              Endpoint Discovery".

1856	   [RFC3986]  Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
1857	              Resource Identifier (URI): Generic Syntax", STD 66,
1858	              RFC 3986, January 2005.

1860	   [RFC4479]  Rosenberg, J., "A Data Model for Presence", RFC 4479,
1861	              July 2006.

1863	   [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
1864	              IANA Considerations Section in RFCs", BCP 26, RFC 5226,
1865	              May 2008.

1867	   [I-D.ietf-geopriv-l7-lcp-ps]
1868	              Tschofenig, H. and H. Schulzrinne, "GEOPRIV Layer 7
1869	              Location Configuration Protocol; Problem Statement and
1870	              Requirements", draft-ietf-geopriv-l7-lcp-ps-09 (work in
1871	              progress), February 2009.

1873	   [I-D.ietf-geopriv-lbyr-requirements]
1874	              Marshall, R., "Requirements for a Location-by-Reference
1875	              Mechanism", draft-ietf-geopriv-lbyr-requirements-07 (work
1876	              in progress), February 2009.

1878	   [I-D.ietf-sip-location-conveyance]
1879	              Polk, J. and B. Rosen, "Location Conveyance for the
1880	              Session Initiation Protocol",
1881	              draft-ietf-sip-location-conveyance-13 (work in progress),
1882	              March 2009.

1884	Appendix A.  HELD Compliance to IETF LCP requirements

1886	   This appendix describes HELD's compliance to the requirements
1887	   specified in the [I-D.ietf-geopriv-l7-lcp-ps].

1889	A.1.  L7-1: Identifier Choice

1891	   "The L7 LCP MUST be able to carry different identifiers or MUST
1892	   define an identifier that is mandatory to implement.  Regarding the
1893	   latter aspect, such an identifier is only appropriate if it is from
1894	   the same realm as the one for which the location information service
1895	   maintains identifier to location mapping."

1897	   COMPLY

1899	   HELD uses the IP address of the location request message as the
1900	   primary source of identity for the requesting device or target.  This
1901	   identity can be used with other contextual network information to
1902	   provide a physical location for the Target for many network
1903	   deployments.  There may be network deployments where an IP address
1904	   alone is insufficient to identify a Target in a network.  However,
1905	   any necessary identity extensions for these networks is beyond the
1906	   scope of this document.

1908	A.2.  L7-2: Mobility Support

1910	   "The GEOPRIV Layer 7 Location Configuration Protocol MUST support a
1911	   broad range of mobility from devices that can only move between
1912	   reboots, to devices that can change attachment points with the impact
1913	   that their IP address is changed, to devices that do not change their
1914	   IP address while roaming, to devices that continuously move by being
1915	   attached to the same network attachment point."

1917	   COMPLY

1919	   Mobility support is inherently a characteristic of the access network
1920	   technology and HELD is designed to be access network agnostic.
1921	   Consequently HELD complies with this requirement.  In addition HELD
1922	   provides specific support for mobile environments by providing an
1923	   optional responseTime attribute in location request messages.
1924	   Wireless networks often have several different mechanisms at their
1925	   disposal for position determination (e.g.  Assisted GPS versus
1926	   location based on serving base station identity), each providing
1927	   different degrees of accuracy and taking different amounts of time to
1928	   yield a result.  The responseTime parameter provides the LIS with a
1929	   criterion which it can use to select a location determination
1930	   technique.

1932	A.3.  L7-3: ASP and Access Network Provider Relationship

1934	   "The design of the L7 LCP MUST NOT assume a business or trust
1935	   relationship between the Application Service Provider (ASP) and the
1936	   Access Network Provider.  Requirements for resolving a reference to
1937	   location information are not discussed in this document."

1939	   COMPLY

1941	   HELD describes a location acquisition protocol between a Device and a
1942	   LIS.  In the context of HELD, the LIS is within the Access Network.
1943	   Thus, HELD is independent of the business or trust relationship
1944	   between the Application Service Provider (ASP) and the Access Network
1945	   Provider.  Location acquisition using HELD is subject to the
1946	   restrictions described in Section 9.

1948	A.4.  L7-4: Layer 2 and Layer 3 Provider Relationship

1950	   "The design of the GEOPRIV Layer 7 Location Configuration Protocol
1951	   MUST assume that there is a trust and business relationship between
1952	   the L2 and the L3 provider.  The L3 provider operates the LIS and
1953	   needs to obtain location information from the L2 provider since this
1954	   one is closest to the end host.  If the L2 and L3 provider for the
1955	   same host are different entities, they cooperate for the purposes
1956	   needed to determine end system locations."

1958	   COMPLY

1960	   HELD was specifically designed with this model in mind and readily
1961	   allows itself to chaining requests between operators without a change
1962	   in protocol being required.  HELD is a webservices protocol which can
1963	   be bound to transports other than HTTP, such as BEEP.  Using a
1964	   protocol such as BEEP offers the option of high request throughput
1965	   over a dedicated connection between an L3 provider and an L2 provider
1966	   without incurring the serial restriction imposed by HTTP.  This is
1967	   less easy to do with protocols that do not decouple themselves from
1968	   the transport.

1970	A.5.  L7-5: Legacy Device Considerations

1972	   "The design of the GEOPRIV Layer 7 Location Configuration Protocol
1973	   MUST consider legacy residential NAT devices and NTEs in an DSL
1974	   environment that cannot be upgraded to support additional protocols,
1975	   for example to pass additional information through DHCP."

1977	   COMPLY

1979	   HELD is an application protocol and operates on top of IP.  A HELD
1980	   request from a host behind a residential NAT will traverse the NAT
1981	   acquiring the external address of the home router.  The location
1982	   provided to the host therefore will be the address of the home router
1983	   in this circumstance.  No changes are required to the home router in
1984	   order to support this function, HELD was designed specifically to
1985	   address this deployment scenario.

1987	A.6.  L7-6: VPN Awareness

1989	   "The design of the GEOPRIV Layer 7 Location Configuration Protocol
1990	   MUST assume that at least one end of a VPN is aware of the VPN
1991	   functionality.  In an enterprise scenario, the enterprise side will
1992	   provide the LIS used by the client and can thereby detect whether the
1993	   LIS request was initiated through a VPN tunnel."

1995	   COMPLY

1997	   HELD does not preclude a LIS on the far end of a VPN tunnel being
1998	   aware that the client request is occurring over that tunnel.  It also
1999	   does not preclude a client device from accessing a LIS serving the
2000	   local physical network and subsequently using the location
2001	   information with an application that is accessed over a VPN tunnel.

2003	A.7.  L7-7: Network Access Authentication

2005	   "The design of the GEOPRIV Layer 7 Location Configuration Protocol
2006	   MUST NOT assume prior network access authentication."

2008	   COMPLY

2010	   HELD makes no assumptions about prior network access authentication.
2011	   HELD strongly recommends the use of TLS with server-side certificates
2012	   for communication between the end-point and the LIS.  There is no
2013	   requirement for the end-point to authenticate with the LIS.

2015	A.8.  L7-8: Network Topology Unawareness

2017	   "The design of the GEOPRIV Layer 7 Location Configuration Protocol
2018	   MUST NOT assume end systems being aware of the access network
2019	   topology.  End systems are, however, able to determine their public
2020	   IP address(es) via mechanisms such as STUN or NSIS NATFW NSLP."

2022	   COMPLY

2024	   HELD makes no assumption about the network topology.  HELD doesn't
2025	   require that the device know its external IP address, except where
2026	   that is required for discovery of the LIS.

2028	A.9.  L7-9: Discovery Mechanism

2030	   "The L7 LCP MUST define a single mandatory to implement discovery
2031	   mechanism."

2033	   COMPLY

2035	   HELD uses the discovery mechanism in
2036	   [I-D.ietf-geopriv-lis-discovery].

2038	A.10.  L7-10: PIDF-LO Creation

2040	   "When a LIS creates a PIDF-LO per RFC 4119 then it MUST put the
2041	   <geopriv> element into the <device> element of the presence document
2042	   (see RFC 4479).  This ensures that the resulting PIDF-LO document,
2043	   which is subsequently distributed to other entities, conforms to the
2044	   rules outlined in ". [RFC5491]

2046	   COMPLY

2048	   HELD protocol overview (Section 4 ) describes the requirements on the
2049	   LIS in creating the PIDF-LO and prescribes that the PIDF-LO generated
2050	   by the LIS MUST conform to [RFC5491].

2052	Authors' Addresses

2054	   Mary Barnes (editor)
2055	   Nortel
2056	   2201 Lakeside Blvd
2057	   Richardson, TX
2058	   USA

2060	   Email: mary.barnes@nortel.com

2062	   James Winterbottom
2063	   Andrew
2064	   PO Box U40
2065	   Wollongong University Campus, NSW  2500
2066	   AU

2068	   Phone: +61 2 4221 2938
2069	   Email: james.winterbottom@andrew.com
2070	   URI:   http://www.andrew.com/

2072	   Martin Thomson
2073	   Andrew
2074	   PO Box U40
2075	   Wollongong University Campus, NSW  2500
2076	   AU

2078	   Phone: +61 2 4221 2915
2079	   Email: martin.thomson@andrew.com
2080	   URI:   http://www.andrew.com/

2082	   Barbara Stark
2083	   BellSouth
2084	   Room 7A43
2085	   725 W Peachtree St.
2086	   Atlanta, GA  30308
2087	   US

2089	   Email: barbara.stark@att.com