Internet Draft John B. Morris, Jr. Center for Democracy and Technology J. Cuellar Siemens AG A. Gogic QUALCOMM, Inc. D. Mulligan A. Burstein Samuelson Law, Technology, and Public Policy Clinic Expires: Dec. 2002 June 2002 The use of Multiple Locations in the Location Object Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Copyright Notice Copyright (C) The Internet Society (2001). All Rights Reserved. Morris, et.al Expires Dec 2002 1 The use of Multiple Locations in the LO June 2002 Table of Contents 1. Abstract.......................................................2 2. Summary........................................................2 3. Conventions Used in This Document..............................3 4. Underlying Assumptions.........................................3 4.1. Location Representation in the Location Object............4 4.2. Location Representation Format............................4 4.3. Provisions for Precision and Confidence...................4 4.4. Multiple Representations of a Single Location.............5 5. User-controlled Precision of Location Representation...........5 6. Misstatement of Location Information...........................5 7. Multiple Locations.............................................6 7.1. General Principles........................................6 7.2. The Semantics of Multiple Locations within a Single Object 6 8. Acknowledgements...............................................7 9. References.....................................................7 10. Author's Addresses............................................7 11. Full Copyright Statement......................................7 1. Abstract This document discusses three major questions that were posed and discussed at some length at the interim meeting in San Diego, June 2002: (1) Should geopriv facilitate the misrepresentation of location information? (2) Should the geopriv Location Object (LO) accommodate multiple locations as part of a single positioning transaction? (3) If so, should the Location Object hold multiple locations in a single object, or should the multiple locations be contained in multiple objects? In this paper we propose an answer to those questions. 2. Summary In this paper we propose the following: (1) Geopriv should not facilitate the misrepresentation of location information (but it should also not try to prohibit it). (2) The protocol should allow multiple Locations within one Location Object, meaning that the intended location is one of the Locations included in the LO. Morris, et.al Expires Dec 2002 2 The use of Multiple Locations in the LO June 2002 (3) Further each Location may contain different representations of the location (for instance, the results of different measuring technologies). (4) An application may use multiple locations contained in multiple objects if desired. The relationship between LO, Locations and Location Representations may be seen schematically as follows: The Location Object MAY contain zero, one, or several Locations (= Location Fields) L1, L2, etc: LO = +------+------+------+------+------+------+--------+------+ | ID | Cred | .. | L1 | .. | Li | .. | Ln | +------+------+------+------+------+------+--------+------+ \_______________ ___________________/ \/ Location Information The intended semantics of the Location Information is then that one of the Li is Location Information = L1 or L2 or ... Ln in the sense that the Location Information "holds" (for whatever purpose the using protocol uses the location) exactly if one location Li "holds". Further, a Location (field) Li is MAY contain different "Location Representations" Li (i=1,.., n) = +--------+--------+--------+--------+--------+ | LRi1 | LRi2 | LRi3 | .. | LRim | +--------+--------+--------+--------+--------+ The intended semantics of a Location Li is Li = LRi1 and LRi2 and ... LRim in the sense that location Li "holds" (for whatever purpose the using protocol uses the location) exactly if all location representations LRij "hold". 3. Conventions Used in This Document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [KEYWORDS]. 4. Underlying Assumptions Morris, et.al Expires Dec 2002 3 The use of Multiple Locations in the LO June 2002 The following are are assumptions on which the later questions are in part based. 4.1. Location Representation in the Location Object Each Location Object (LO) MAY contain one or several representations of location in a single specified format. But a LO does not have to contain one Location. For instance it may be just a query for a Location or an Authorization Credential or for some negotiation. 4.2. Location Representation Format To ensure interoperability at least one specific format (to be determined by the group) will be selected to express a location representation. Any geopriv conformant implementation MUST support this format. (Probably this specific format will support different levels of precision.) The geopriv specification MAY define other formats that the implementations SHOULD support. One possible common format could be latitude, longitude, altitude triplet (LAT, LON, ALT). This format is quite universal and independent of potentially elaborate and dynamic databases. Perhaps another choice of format, for instance one of the formats developed by LIF, OpenGIS, 3GPP, or another organization should be adopted. 4.3. Provisions for Precision and Confidence Each location representation contained in the LO MAY include elements for precision and confidence. But the precision (accuracy) is perhaps part of the format itself, not an extra field in the LO. On the other hand, confidence is not usually a parameter of the format itself. Thus, while precision will be probably not an extra field in the LO, confidence will be out of scope or a field associated with a representation in a LO. The "precision" of a location measurement indicates an area within which a target is located, with a given degree of confidence. For example, if the location of a target is known with certainty to be within a rectangular region that is five kilometers wide and 10 kilometers long, then 50 square kilometers gives a measure of the precision with which the target's location is known. "Confidence," on the other hand, indicates the level of reliability given to each location indication. The confidence level of a given location measurement indicates the probability that the target is actually located within a certain area around a specific point. As seen from this example, precision may in principle be indicated by any arbitrarily shaped area. A commonly used undiluted precision indication is a circle, and is conveyed by linear distance (expressed in meters) from the location datum in which measurement confidence reaches its peak. Thus, as an example, it may be said that the LO is at (LAT = 47 deg 15 min 29 sec, LON = 15 deg 39 min 53 sec), with precision of 25 meters, and confidence of 67%. Other simple commonly used areas are ellipses. Morris, et.al Expires Dec 2002 4 The use of Multiple Locations in the LO June 2002 As we shall see from a later discussion, precision with which location is conveyed to a client may be intentionally diluted by broadening the precision area, which then is termed "granularity". 4.4. Multiple Representations of a Single Location A LO MAY contain multiple representations of the same location. A single location can be expressed within the LO in more than one format, such as a latitude-longitude pair, a postal address, or a political entity, such as a province or country. Multiple representations fulfill several purposes. First, multiple representations can provide more useful or understandable forms of location information to applications or Location Recipients. Multiple representations can also provide guidance for user-supplied location information. Finally, multiple representations of a single location can reflect multiple measurements of the same location. These differences might arise from discrepancies among different measuring devices or technologies. Thus, for a given location, a LO might include the results of a GPS calculation and a triangulation off of cellular transmitter towers. Results of two measurements in most cases will not be precisely the same, but the LO will view them as multiple representations of the same location and allow the application to determine how best to handle the two representations. 5. User-controlled Precision of Location Representation The geopriv protocol MUST allow a user to control the precision of location information. There are many reasons that this control is desirable or necessary, and the LO cannot permit some representations while refusing others. To distinguish between user controlled precision and measurement precision, it is advised that the former be named "granularity". If location information is provided with diluted granularity, it MUST contain the optional precision parameter discussed earlier. 6. Misstatement of Location Information The geopriv protocol MUST not create the assumption that the location returned to a requester is either truthful or deceptive. Although the geopriv protocol should not explicitly facilitate the misstatement of location information, it should also not prohibit it. This neutrality would provide utility for many kinds of uses, and would preclude the need for elaborate technology to distinguish misstated locations from truthful ones. This implicitly means that optional precision and confidence parameters may also be misstated. The issue may be a subject for further discussion. Morris, et.al Expires Dec 2002 5 The use of Multiple Locations in the LO June 2002 Providing misstated (deceptive) information may be one of the available tools to guard LO owner's privacy. However, use of misstated location information is not endorsed as a preferred means for guarding privacy, and providers of misstated information should be warned of potential pitfalls. We suggest that control of precision (granularity) of location should be viewed as a primary tool for guarding privacy. 7. Multiple Locations 7.1. General Principle Geopriv should support the expression of multiple locations within a single transaction. 7.2. The Semantics of Multiple Locations within a Single Object The geopriv object cannot be confined to have only one meaning --in many cases it may be the representation of the actual position of the target at the time of transmission. There are other possible meanings, such as planned trajectory of travel, beginning and end of a vehicle (such as train) where target is located, etc. "If multiple location within a single objects are used, there should be implied semantics that the object's location is in one of the following locations, i.e. they are connected with an OR". At the interim meeting the following four approaches were discussed: o The geopriv protocol should not handle multiple locations at all. A transaction may involve only one LO, and that LO contains only one location. Note that it is still feasible with this approach to define a more complex semantics around an object by means of a higher layer protocol. o The geopriv LO may contain multiple locations, with the required interpretation that multiple locations mean "the intended location is at most one of the following locations." o Same as above, but the LO will permit a field to specify how the multiple locations are to be related, that is, with ORs, ANDs, etc. This approach, although theoretically possible, may be too difficult to implement, since possible relationships can be too complex to convey in a single field. o The LO must contain only one location, but may contain a flag that signifies that the LO does not completely specify the intended location. We propose that geopriv should use the second approach to allowing multiple locations. Morris, et.al Expires Dec 2002 6 The use of Multiple Locations in the LO June 2002 8. Acknowledgements We wish to thank the members of the IETF geopriv WG for their comments and suggestions. Detailed comments or text were provided by Randall Gellens and other the participants of the geopriv interim meeting in San Diego. 9. References [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. 10. Author's Addresses Jorge R Cuellar Siemens AG Corporate Technology CT IC 3 81730 Munich Email: Jorge.Cuellar@mchp.siemens.de Germany John B. Morris, Jr. Director, Internet Standards, Technology & Policy Project Center for Democracy and Technology 1634 I Street NW, Suite 1100 Washington, DC 20006 Email: jmorris@cdt.org USA http://www.cdt.org Aleksandar M. Gogic QUALCOMM, Incorporated 5775 Morehouse Drive San Diego, CA 92121-1714 USA Email: agogic@qualcomm.com Aaron Burstein Samuelson Law, Technology and Public Policy Clinic Boalt Hall School of Law University of California Berkeley, CA 94720-7 Email: burstein@boalthall.berkeley.edu Deirdre K. Mulligan Samuelson Law, Technology and Public Policy Clinic Boalt Hall School of Law University of California Berkeley, CA 94720-7 Email: dmulligan@law.berkeley.edu 11. Full Copyright Statement Copyright (C) The Internet Society (date). All Rights Reserved. Morris, et.al Expires Dec 2002 7 The use of Multiple Locations in the LO June 2002 This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Morris, et.al Expires Dec 2002 8