1 / 7

draft-ietf-geopriv-lbyr-requirements-02 status update

draft-ietf-geopriv-lbyr-requirements-02 status update. Roger Marshall IETF71 Philadelphia 2008. Changes since last version (1). A summary of changes from -01 to the current -02: Introduction - reworded "Basic Actors“ section changed to "Overview of Location by Reference"

gil
Télécharger la présentation

draft-ietf-geopriv-lbyr-requirements-02 status update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. draft-ietf-geopriv-lbyr-requirements-02status update Roger Marshall IETF71 Philadelphia 2008

  2. Changes since last version (1) A summary of changes from -01 to the current -02: • Introduction - reworded • "Basic Actors“ section changed to "Overview of Location by Reference" • New diagram which includes RM (RuleMaker) element

  3. Changes since last version (2) Changes between -01 and -02 (con’t): • Changed C2. Location URI expiration: • When a location URI has a limited validity interval, its lifetime MUST be indicated. (Also added to deref req section as D6) • Changed C7. Location URI Valid-for: • A location URI validity interval, if used, MUST include the validity time, in seconds, as an indication of how long the client can consider a location URI to be valid. (based on dhcp- uri-option example) • Needs some text for baseline timestamp – “from now”

  4. Changes since last version (3) Rewording Changes between -01 and -02 (con’t): • C5. User Identity Protection: • The location URI MUST NOT contain any user identifying information that identifies the user, device or address of record, (e.g., which includes phone extensions, badge numbers, first or last names, etc.), within the URI form. • D3. Authentication: • The location dereference protocol MUST include mechanisms to authenticate both the client and the server. • D4. Dereferenced Location Form: • The value returned by the dereference protocol MUST contain a well-formed PIDF-LO document.

  5. Changes since last version (4) Rewording Changes between -01 and -02 (con’t): • D5. Location URI Repeated Use: • The location dereference protocol MUST support the ability for the same location URI to be resolved more than once, based on dereference server configuration. • Added D9 and D10 per R. Barnes: • D9. Location Privacy: The location dereference protocol MUST support the application of privacy rules to the dissemination of a requested location object. • D10. Location Confidentiality: The dereference protocol MUST support encryption of messages sent between the location dereference client and the location dereference server, and MAY alternatively provide messaging unencrypted. • Suggested need for more security related text inside

  6. Changes since last version (5) Changes between -01 and -02 (con’t): • Removed C4 • Removed C4. Random Generated: • The location URI MUST be hard to guess, i.e., it MUST contain a cryptographically random component. • Replaced C4 with 3 new requirements • C8. Location URI Anonymous: • The location URI MUST NOT reveal any information about the Target other than it's location. • C9. Location URI Not guessable: • Location URIs that do not require authentication and authorization MUST NOT be guessable, based on the use of a cryptographically random sequence somewhere within the URI. (Note that the number of bits depends to some extent on the number of active location URIs that might exist at the one time; 128-bit is most likely enough for the short term.) • C10. Location URI Optional: • In the case of user-provided authorization policies, where anonymous or non-guessable location URIs are not warranted, the location configuration protocol MAY support optional location URI forms.

  7. Open Issues List Discussion around Location-URIs: • Location URI – encoding styles • Random alphanumeric string • Constrained for MUST use when auth^2 not used • Unique • if unique one of two things: • …through space & time (e.g., SIP Call_ID) • …within a domain for specified time • Location URI – intention defined by type • Static, location doesn’t get updated • Dynamic, location updates • Location URI – Possession model • Under what circumstances? • LCP acronym still in use… no heartburn? LCP = Link Control Protocol elsewhere (in IETF)

More Related