120 likes | 133 Views
GEOPRIV Policy draft-ietf-geopriv-policy draft-ietf-geopriv-common-policy. Henning Schulzrinne Columbia University with J. Morris, H. Tschofenig, J. Cuellar, J. Polk, J. Rosenberg. Issues. Commonality: should privacy rules be part of PIDF, not just PIDF-LO?
E N D
GEOPRIV Policydraft-ietf-geopriv-policydraft-ietf-geopriv-common-policy Henning Schulzrinne Columbia University with J. Morris, H. Tschofenig, J. Cuellar, J. Polk, J. Rosenberg GEOPRIV - IETF 59 (Seoul)
Issues • Commonality: should privacy rules be part of PIDF, not just PIDF-LO? • Editorial – mostly resolved in author meeting yesterday GEOPRIV - IETF 59 (Seoul)
Policy relationships common policy geopriv-specific presence-specific future RPID CIPID GEOPRIV - IETF 59 (Seoul)
Basic structure of rules • Conditions • identity, sphere, validity • identity as <uri> or <domain> + <except> • Actions • Transformations GEOPRIV - IETF 59 (Seoul)
Exceptions for identity matching • Very restricted set of exceptions, but better viewed as more capable matching • Match domain and then check if user matches exceptions • Can be translated into row matching conditions (D;U1,U2,…): • domain == D && user NOT IN (U1,U2,…) • Does not interfere with additive nature or order-independence • Will modify to only allow user, not user@domain to avoid nonsensical “all in example.com except joe@bar.com” GEOPRIV - IETF 59 (Seoul)
Combining rules • Rule matches if all conditions match • Combine matching rules only • additive permissions • order immaterial • Any field can be Undef (“NULL”) • name, type (integer, bool and enum; set; …), value • TRUE has a lower privacy protection • larger integer = lower privacy • set union = lower privacy GEOPRIV - IETF 59 (Seoul)
Combining rules • Boolean: TRUE iff any row = TRUE • Integer: max(rows) • Set: union GEOPRIV - IETF 59 (Seoul)
Open issues ? • Additional data types needed? • URI in common is really a user identifier • depends on using protocol and authentication mechanism • in SIP, could be From, PAI or authentication user name GEOPRIV - IETF 59 (Seoul)
Geo conditions • Civil location match • any set of civil coordinates • currently, can express “if I’m on Main Street anywhere” • useful mostly if user doesn’t know full hierarchy • Geo location match • current location fully contained within spherical trapezoid of longitude/latitude values • should specify ordering, <north>, <south>, <east>, <west> ? GEOPRIV - IETF 59 (Seoul)
Geo transformations • Set distribute flag • Set retention time • Keep rule (should this be generic, not just geopriv?) • Provide civil location • none, country, region, city, building, full • Provide geospatial location • resolution in bits • will add datum qualifier • Provide timezone ? GEOPRIV - IETF 59 (Seoul)
Example <cp:rule id="AA56i09"> <cp:conditions> <cp:validity> <cp:from>2003-10-01T17:00:00+01:00</cp:from> <cp:to>2004-10-01T00:00:00+01:00</cp:to> </cp:validity> <gp:civil-loc-condition> <country>DE</country> <A1>Bavaria</A1> <A3>Munich</A3> <A4>Perlach</A4> </gp:civil-loc-condition> </cp:conditions> <cp:actions> <cp:confirmation>false</cp:confirmation> </cp:actions> <cp:transformations> <gp:civil-loc-transformation>full</gp:civil-loc-transformation> <gp:set-distribution>false</gp:set-distribution> <gp:keep-rules>true</gp:keep-rules> </cp:transformations> </cp:rule> GEOPRIV - IETF 59 (Seoul)
Conclusion • Will produce new documents with editorial changes • Using protocol document needed to flesh out <id> (was: <uri>) element • Believed to be ready for WGLC GEOPRIV - IETF 59 (Seoul)