RE: Back to terminology

From: Cuellar Jorge ^lt;Jorge.R.Cuellar@mchp.siemens.de>
Date: Thu Feb 21 2002 - 06:23:42 EST

Axel,

Thank you very much for your comments. They are very much appreciated.

> it seems to me like a lot of the discussion following your response
> to Kenji's and my comments, was geared more towards requirements (and
> scope of the working group) than towards terminology. I'm not
> sure I fully understand the process here - is there going to be a
> separate I-D on the terminology, or will the terminology bit be
> the basis for a requirement I-D?

Well, terminology does not only settle what are we
talking about (and thus gives an upper bound to our scope),
but also it decides in which abstraction level we want to talk about
things. If our scope is such that we do not need to make
a distinction, let us better do not do it. Of course, in
this discussion phase, it is sometimes safer to distinguish
between things now and conflate them if appropriate later,
as John Morris pointed already in a mail. But my intention
is only to introduce distinctions that _might_ prove to be
significant later on.

> Anyway, I'll try to respond to your email, just concentrating on
> the pure terminology, and avoiding any discussion of scope and
> requirements.

> Jorge wrote:

> > In principle, I do agree. In an abstract view, there is no
> > difference between ultimate location recipients or location servers:
> > they just react to the policies of the owner. But when you look
> > more concretely and you are worried about how things will be
> > implemented, a difference appears. You may argue that the
> > difference I am making is not at the abstract requirements level,
> > but is biased towards an implementation. Yes, perhaps I would
> > agree, but still I think we need to do this. It all depends on your
> > abstraction level. As soon as the requirements are concrete enough
> > that to the point where you say: "the location recipient has to
> > verify the authenticity of the policies of the owner", this
> > distinction becomes important.

> [...]

> > My intention was to have Location Receivers to be exactly the
> > disjoint union of Location Servers and Ultimate Location Receivers.
> > (I do not think that one of the three terms is redundant).

> I have no problem with distinguishing between a Location Server
> and an Ultimate Location Receivers. I guess I'm just not too
> happy about the choice of terms. How about a "Location Receiver"
> that can either be an "Ultimate Location Receiver" or an
> "Intermediate Location Receiver"? This would make it clearer
> that "Location Receiver" is the more general term, and the other
> two are specializations thereof (or, as you put it, the LR
> is the disjoint union of ULR and ILR).

I would also agree with this term.

> Jorge wrote:

> > OK. My distinction between the different types of Location
> > Recipients ("private", "lawful" (= "regulatory") and "operational")
> > is quite premature. At some point or other we will have to consider
> > that not all types of recipients will be subject to the same laws or
> > policies (as Axel writes: ... these [policies] would specify that
> > certain properly authenticated "lawful location recipients" are
> > always authorized to get any location information they ask for.
> > These policies would have a higher priority than those of the
> > "owner", i.e. the owner cannot override them.). I anticipate that
> > not only "lawful" (= "regulatory") location recipients but also
> > "operational" ones will be treated differently than ordinary ones.
> > In this case I agree, this distinctions do not have to be made yet,
> > (and perhaps are not the correct ones).

> OK, then we'd have another distinction between different types of
> Location Recipients, depending on their legal roles. This
> distinction would be orthogonal to the distinction between
> "Intermediate" and "Ultimate". Having them in the terminology
> won't harm us, it remains to be seen if we will actually need
> to make use of this distinction.

Let us have this terminology on the back of our heads an not
in front of our eyes.

> You have singled out "lawful/regulatory" as well as "access
> network operators" as cases that may need special treatment,
> I guess all the rest would be "private" (not the greatest term,
> either, since a network operator in most cases will also be
> a private entity, but I wouldn't have a better suggestion).
> Are we reasonably sure we haven't missed out on anyone? I must
> say I still have my doubts that the "access network operator"
> does require a special kind of treatment. It should not be
> entitled to "override" the privacy preferences of the "owner"
> (whereas the "lawful/regulatory" should be able to).

I think the "access network" has already
brought a confusion in other mails. There are
two different things here:

1. the "operational" Location Recipients
(of which "access network operator", is only an example). Indeed,
if you look at the papers from the European Community on privacy of
personal data, they give a different "legal" status to data that
is collected for the operational purposes of running the network, etc.

Also the privacy requirements of UMTS distinguish this
type of location information in their policies. In this sense,
I think that "lawful/regulatory" as well as "operational"
Location Recipients may be treated differently from ordinary ones.

But in order to simplify the discussion now, as Randall pointed out:

> If an operational entity is forced by
> law or regulation or contract to impose constraints on the policies
> of its users, that's their business. As long as our work permits
> this to occur, it needn't concern us.

I agree, this differentiation is now premature. At this
point of the discussion, we do not need to talk about
"lawful/regulatory" or "operational" Location Recipients.

Going back to the "access network operator":
there is another entity, the

2. Location Data Source: This is the original source of the sighting.
Often this is some network entity, authenticated and
authorized by the network, but perhaps totally unknown to the
target/owner, unaware of the full details of the
policies of the owner, and/or not fully trusted by him.
This may be an entity in the "access network".

I do think that this entity in general has to be treated differently from
"Location Recipients". It may run in a very small processor, with
no power to process the policies of all the owners passing by.
It may be untrusted, in a roaming situation. The owner has
no possibility of saying "_his_ location data is authorized by me",
because he doesn't know who he is. (This is not a matter of the
mechanics of authentication/authorization, it is a matter
of being able or not in principle to authorize the data.)

---------

In summary, my proposal now is to have the following terms:

Target: The entity whose location is desired by the Location
Recipient. The target may be a device (say, a cellular phone), a
person (say, the subscriber of the cellular phone), an animal, a ship
or truck, equipment in the field, etc.

Owner of the privacy rights of the target, or, for abbreviation, the
owner: An entity that has the authorization to decide the policies
that apply to the location information of the target.

Location Server (or "Intermediate Location Receiver"):
Software and/or hardware entity offering Location
Service capabilities based on user-defined privacy policies.

Ultimate Location Recipient: A Location Recipient that is the ultimate
recipient of the location information (he may not pass this
information, or derived one, to others, except to the target or the
owner). He does not to be aware of the policies of the owner.

Location Data Source: The original source of the sighting.

--------

That is all! The terms "lawful/regulatory", "operational"
or "private" Location Recipients are not needed now.
(We'll keep those things in the back of our heads.)

The term Location Recipient denotes only the disjoint union of
Location Servers (or "Intermediate Location Receiver") and
Ultimate Location Recipients.

What I would like to ask the group in particular is, if they
are comfortable with:
- the target not necessarily being a device
- the "owner" as the being "owner of the privacy rights"

Those two points were not settled in the discussion so far,
and my impression was that there were a couple of different
opinions.

Best regards,

Jorge
Received on Thu Feb 21 06:26:03 2002

This archive was generated by hypermail 2.1.8 : Thu Jan 22 2004 - 12:32:22 EST