Re: Radius-Geopriv: Whose location?

[Jari Arkko <jari.arkko@piuha.net>]

I would be happiest if the document provided both the
user and the access device location, as available. In
addition, it would be great if the document addressed
privacy concerns* for user location. For instance, the
AAA server could provide an attribute in an Access-Challenge
indicating that sending location information is appropriate
and agreed by the user; the subsequent Access-Request would
then contain the user location AVP. This would enable a privacy
sensitive home network to disable the sending of the location
data across a proxy chain, even if the NAS supports this draft.

*) I do realize that we carry some policies in the AAA
exchanges about disclosing location. We also have
some identity privacy protection. Nevertheless, if
possible, I'd like to avoid sending the data at all
if the parties don't want that, rather than rely solely
on a policy. (But I confess that I'm don't know much about
Geopriv policies.) Also, I am not 100% convinced that we
can in the long term have full identity privacy, given
things like CUI.

--Jari

Joel M. Halpern wrote:

> The main point is that the document should indicate explicitly what 
> location it provides. It could provide both user and NAS location as 
> separate information. It could provide just one of those two and be 
> explicit about which one.
> But, as written, even with the proposed change, the document provides 
> a single attribute and says that it may be either meaning, without 
> explicit differentiation.
>
> Yours,
> Joel
>
> At 09:18 AM 3/2/2005, Bernard Aboba wrote:
>
> > > Requested change:
> > > Decide whether this document is intended to provide subscriber 
> > location
> > > (which is rarely directly useful for AAA), or access device / network
> > > location information.
> >
> > It is ok with me if this document solely handles NAS location, so 
> > that we
> > can (quickly) create another document to handle user location. However,
> > it is not accurate to say that user location is rarely useful for AAA.
> > There are now shipping products that support location-based access
> > control:
> > http://www.nwfusion.com/techinsider/2004/0315techinsiderrev.html
> >
> > Some scenarios in which this is used:
> >
> > a. High security installations, where access is only permitted within
> > restricted areas.
> >
> > b. Manufacturing, where it is important to track the location of people
> > and parts.
> >
> > c. Medical, where it is important to know the location of medical
> > personnel.
> >
> > d. E911, where the location of an emergency call is determined by the 
> > AP,
> > and provided to the RADIUS server.
> >
> >
> > --
> > to unsubscribe send a message to radiusext-request@ops.ietf.org with
> > the word 'unsubscribe' in a single line as the message text body.
> > archive: <http://psg.com/lists/radiusext/>
>
>
>
> --
> to unsubscribe send a message to radiusext-request@ops.ietf.org with
> the word 'unsubscribe' in a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>