Nothing.
We might have a different view of what is necessary for this group to produce though.
I think that you are obliquely suggesting that we need to establish a baseline for what identity can be used, how it is used, references to the mechanisms to employ, etc... All that would be necessary for a Rule Maker to identify and authorize arbitrary Location Recipients.
That's really great if you think that third party requesting is part of the end-game architecture. Third parties from all over request location information I don't think that. In fact, we'd be wasting our time if we pursued that. It's a big problem that isn't worth solving. Not because it wouldn't be useful, but because it isn't necessary.
Location by reference solves much of this problem by allowing us to move from location configuration (local) to presence (global) where all those sorts of problems are in the process of being solved. That's the end-game I'm thinking about.
Third party requests don't really figure in this end-game. Third party requests exist because we have an immediate need that cannot be addressed by the end-game solution. That need has very specific requirements that held-identity-extensions addresses.
Let me suggest an alternative then. We state the following: the means by which authentication of requesters is established is a matter for local policy. Tools that are provided include TLS (authentication by shared private key, PKI, etc...) and HTTP authentication. If you like, you can authenticate based on the source IP of the request if that suits you.
It's all up to the discretion of the Rule Maker.
--Martin
------------------------------------------------------------------------------------------------
This message is for the designated recipient only and may
contain privileged, proprietary, or otherwise private information.
If you have received it in error, please notify the sender
immediately and delete the original. Any unauthorized use of
this email is prohibited.
------------------------------------------------------------------------------------------------
[mf2]
_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www.ietf.org/mailman/listinfo/geopriv
