>
>I wouldn't go so far to label LCP as an aberration (more below), but I agree with the basic message.
>
>I hope that HELD makes Marc's point absolutely clear:
>
> The LIS MUST
> verify that the client is the target of the returned location, i.e.,
> the LIS MUST NOT provide location to other entities than the target.
> Note that this is a necessary, but not sufficient criterion for
> authorization. A LIS MAY deny requests according to any local
> policy.
>
>There is no such 'right'. Besides, we're not in any position to assign any 'rights'.
>
>I think that the concept of 'LCP policy' is a good way to address these concerns. This actually provides a way that we can treat an LCP as part of the architecture.
>
>This is the policy under which we imagine that a LCP server might operate. LCP has all of the functions that are required (requester authentication, privacy protections, rule makers, etcŠ), it's just that most of these are hard-coded. However, we need to be absolutely clear when we are making statements that depend on this policy.
>
>And like Marc says, we should never assume that this policy exists; that wouldn't be right.
I think "LCP Policy" sounds like rules from a rulemaker. Which raises the question:
why are the results of this application of the rules not bound into a PIDF-LO in
all cases? (Now that I have caught up a bit further, I see Brian asked the same
question).
I heard the "thin edge of the wedge" argument answered as "pragmatic applications
won out"; but GEOPRIV has always been about ensuring that the tools were there
for the privacy-concerned individuals to indicate their desires--and it has been in
the face of those "pragmatic" desires from providers all along. If we include the
PIDF-LO rules along with location to the target, no harm is done that I can see.
Why not, then?
I also heard someone ask whether this was geopriv or ecrit. It's
geopriv, and that means that the many special exemptions granted to emergency
services are not the baseline here. It's still an important use case, but we don't
start from that model, any more than we start from the model that it is up to
the target to prove that someone *doesn't* have the right to their location.
Lastly, I still didn't hear anyone answer my question about whether this
document has been shared with apps-discuss or SAAG. I'll assume the answer
is no, then. May I ask that the WG Chairs solicit that review now, in current
round of discussion?
thanks,
Ted Hardie
_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www.ietf.org/mailman/listinfo/geopriv
