RE: full integrity?

From: James Card ^lt;>
Date: Fri May 24 2002 - 02:16:13 EDT

5/22/02 1:48:59 PM, Randall Gellens <>

>I was trying to get an idea of how wg participants felt about
>accuracy adjustments being the primary method of disclosure
>control, as opposed to also allowing multiple locations.

My preference would be to always transmit exactly two spatial
coordinate sets (minimal case, two lat/lon points; with optional
altitude and/or direction/velocity vectors).

The process I currently envision would be something like this:

1. Calculate the current (most recent) geospatial position,
   returning a single point. Let's make an example with very
   simple math: 2 degrees north latitude, 2 degrees east

2. Calculate the estimated error or degree of precision. In this
   example we'll say it is +/- 0.2 degree longitude, +/- .1
   degree latitude.

3. Add and subtract the estimated error to create a bounding
   box. Our example location is now defined by two lat/lon
   points: one at 1.9 degrees north, 1.8 degrees east; and the
   other at 2.1 degrees north, 2.2 degrees east.

   This represents the best-case calculation of position, and
   would be transmitted only in response to requests whose
   authentication/authorization/policy clearance matched the
   highest level of trust.

4. All other requests would cause a further calculation to
   expand the size of the bounding box surrounding the location.
   The size of the resulting box would vary in inverse
   proportion to the degree of trust assigned to the request
   (through the policy/authentication mechanism).

The result might be something like the following diagram, where
the "o" represents the single point from step 1, the small box
(with the "*" characters marking the reference points of the
bounding box) presents the highest-precision estimate of
position from step 3, and the large outer box might be the
coordinates provided to less trusted requestors.

   | |
   | +-------* |
   | | o | |
   | *-------+ |
   | |
   | |
   | |
   | |

The recipient of the data would always understand that the
actual position is contained within the bounding box, and could
then determine whether that provides enough "accuracy" for their

I see no need to transmit any additional "confidence level" or
"degree of precision" information. You always get exactly two
lat/lon points. Applications that require a single lat/lon point
may simply calculate the centroid of the bounding box.

I also see no need to transmit more than one set of location
data in any given transaction. The requestor can always assume
that they have received the most accurate information available
(given the authentication/policy status of their request).

This is admittedly a very simplified model -- and that is what I
like about it -- but I believe that we've slogged through arcane
detail and abstract discussion long enough; I needed a simple
way to summarize my thinking about the multiple locations /
accuracy adjustment question.

To summarize: I favor full integrity, always transmitting the
the greatest precision that is consistent with the policy
mechanism under which the request was authenticated.

James Card  --
The wise person restrains his words, and the one who keeps 
his cool is a discerning person. -- Proverbs 17:27
Received on Fri May 24 02:18:44 2002

This archive was generated by hypermail 2.1.8 : Thu Jan 22 2004 - 12:32:23 EST