If it were simply a matter of managing expectations, it might be as simple as re-branding the identifier: rather than "location URI" we could label it the "where I am right now URI". Or, we could rely on good UI to make the consequences clear.
In all cases, I'd like to temper this with the observation that this particular mode - that of location recipients coming directly to a LIS for their location information - is not necessarily the best option. In my view, a presence service - with a stable identifier for the Target - is a more usable option.
--Martin
> -----Original Message-----
> From: Henning Schulzrinne [mailto:hgs@cs.columbia.edu]
> Sent: Saturday, 3 April 2010 8:51 AM
> To: Richard Barnes
> Cc: Tschofenig, Hannes (NSN - FI/Espoo); geopriv@ietf.org; Thomson,
> Martin
> Subject: Re: [Geopriv] Deploying authorization policy
>
> I suspect there are shades of gray here. It's clearly used for pictures
> (or albums), not so much for larger-scale access (e.g., all my Picasa
> pictures or the whole Facebook profile). Thus, I suspect a "secret"
> location URL that reveals where I am at 5 pm today may not raise much
> of an eyebrow, but a URL that allows tracking me from today until next
> December more so. To their credit, Picasa also does a pretty decent job
> of explaining how to use this URL, e.g., by showing an HTML snippet.
>
> Henning
>
> On Apr 2, 2010, at 5:40 PM, Richard Barnes wrote:
>
> > Henning,
> >
> > It seems to me that the the "random stuff in a URI" authentication
> scheme is already really used today. For example, say I post pictures
> to Picasa. I can mark albums as public or private, and only the public
> albums show up on my user page when a random stranger views it, at a
> URI of the form:
> >
> > <http://picasaweb.google.com/username>
> >
> > However, when I as the owner load a picture or album page, it
> provides a URI that I can send to anyone that will show them the
> picture (but nothing else) or one that shows the album. These URIs
> have the form:
> >
> >
> <http://picasaweb.google.com/username/albumname?authkey=293590D256FBEE1
> F75E816>
> >
> > (Borrowing Henning's random bytes.)
> >
> > So it seems like the market is refuting your hypothesis about user
> preferences.
> >
> > --Richard
> >
> >
> >
> > On Apr 2, 2010, at 5:06 PM, Henning Schulzrinne wrote:
> >
> >>>
> >>> One thing that I believe where some misunderstanding starts is that
> >>> users are expected to hand around new URLs all the time (whenever
> they
> >>> fetch new onces from their LIS). This is in theory possible but in
> >>> practice that might be difficult. Instead, it is more likely that
> one
> >>> would want to publish location to a server that fulfills already
> other
> >>> rules (such as a presence server alike concept; you could even call
> >>> Yahoo's FireEagle, Ovi Chat, Google's Latitude). Other uses have a
> >>> long-term contact point to go to for many reasons already.
> >>
> >> On a side note: One of the problems with by-possession URLs is that
> the semantics are not always clear to the user. In other words, by
> looking at the URL, users can't tell that they are giving away their
> location, for example. People include URLs in email messages, Twitter
> posts and web pages all the time, without fully understanding the
> semantics and the consequences. I suspect people would be upset if
> >>
> >> http://www.facebook.com/henning.schulzrinne
> >>
> >> just gave public access (as it does today), while
> >>
> >> http://www.facebook.com/henning.schulzrinne/293590D256FBEE1F75E816
> >>
> >> gave full access to everything, without further authentication.
> >>
> >> Henning
> >> _______________________________________________
> >> Geopriv mailing list
> >> Geopriv@ietf.org
> >> https://www.ietf.org/mailman/listinfo/geopriv
> >
> >
_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www.ietf.org/mailman/listinfo/geopriv
