90 likes | 210 Views
Requirements for PANA support of location based services draft-anjum-pana-location-requirements-00.txt. F. Anjum D. Famolari A. Ghosh Y. Ohba H. Tschofenig. What?. Location based services Location based authorization (LBAr): Authorization based on location credentials
E N D
Requirements for PANA support of location based services draft-anjum-pana-location-requirements-00.txt F. Anjum D. Famolari A. Ghosh Y. Ohba H. Tschofenig IETF65 PANA WG
What? • Location based services • Location based authorization (LBAr): Authorization based on location credentials • Can be incorporated into PANA messaging • Location credentials may be incorporated as data fields in payloads of selected PANA messages • E.g. GPS latitude/longitude information AAA Server NAS MN PANA RADIUS/Diameter
How? • Two components • Technology to determine the user location (securely) • NOT OUR FOCUS HERE • Ability to convey information about the user location from the client device to network
Requirements for LBAr R1PAA must be able to obtain location information for a PaC. R2 PAA must be able to determine changes in PaC location during a PANA session R3 PAA must be capable of terminating network access in case the PaC location is outside the authorized region. R4 The PaC must be able to send location information confidentially to the PAA. R5 The PAA should also be able to verify that the location information indeed originated at the claimed PaC.
R1 PAA must be able to obtain location information for a PaC • Location credentials may be provided by PaC • In this case PaC is colocated with a location module (e.g. GPS receiver) that computes the required credentials • PANA messaging will be used to transfer the credentials from PaC to PAA • Location credentials could be provided by a third party location provider • E.g. In U-TDOA, location is computed by the network provider • In this case some out-of-band messaging is required between PAA and location provider • Not of concern for us here.
R2 PAA must be able to determine changes in PaC location during a PANA session • As a result of PaC mobility, PaC can move out of range • PANA “Access Phase” messaging may be used to get location updates from the PaC • Location updates can be triggered based on timeouts at the PaC or periodic queries from the PAA or any other appropriate mechanisms
R3 PAA must be capable of terminating network access in case the PaC location is outside the authorized region • PANA “Termination Phase” messaging may be used to end the PANA session • PAA should inform the EP to remove access privileges for the PaC
R4 The PaC must be able to send location information confidentially to the PAA.R5 The PAA should also be able to verify that the location information indeed originated at the claimed PaC.
Other issues • Usage of privacy policies needs to be described in more detail.