RE: Back to terminology

From: Randall Gellens ^lt;rg+ietf@qualcomm.com>
Date: Tue Feb 19 2002 - 17:19:55 EST

At 11:43 PM +0100 2/17/02, Cuellar Jorge wrote:

>"the location recipient has to verify the authenticity of the
>policies of the owner", this distinction becomes important.

I'm not sure that we need to get involved in the policies themselves,
including how they are authenticated. Maybe at a later stage, after
the initial work is done. As long as our work allows policies to be
specified and enforced, in a way that meets our requirements for
security and privacy, I think that may be enough to start with. In
fact, we must (per our charter) start with the requirements.

>OK. My distinction between the different types of Location Recipients
>("private", "lawful" (= "regulatory") and "operational") is quite premature.

I especially do not want to get into any awareness within our work of
legal or regulatory issues. I think that can easily become a rat
hole. This is one reason to avoid getting into policy details.

>At some point or other we will have to consider that not all types of
>recipients will be subject to the same laws or policies

I'd like to avoid doing that. If an operational entity is forced by
law or regulation or contract to impose constraints on the policies
of its users, that's their business. As long as our work permits
this to occur, it needn't concern us.

>certain properly authenticated "lawful
>location recipients" are always authorized to get any location information
>they ask for.

This is a detail of a policy. If we stay out of such matters, we
avoid a great deal of complexity.
Received on Tue Feb 19 17:23:01 2002

This archive was generated by hypermail 2.1.8 : Thu Jan 22 2004 - 12:32:22 EST