RE: [Geopriv] LoST features

From: Rosen, Brian ^lt;>
Date: Thu Aug 31 2006 - 14:14:11 EDT

Sorry, wrong list, I apologize

> -----Original Message-----
> From: Andrew Newton []
> Sent: Thursday, August 31, 2006 2:12 PM
> To: Rosen, Brian
> Cc: GEOPRIV; Ecrit@Ietf.Org
> Subject: Re: [Geopriv] LoST features
> Is LoST a GEOPRIV item? My comments follow your message for the sake
> people on the ECRIT list.
> Rosen, Brian wrote:
> > In NENA, we're talking about using LoST as a way for a PSAP to get
> > right responders for a location. In North America, there is one
> > (in most, but not all jurisdictions), 9-1-1. If you ask for the
> > sos.police service, with a location in New York City, you will be
> > the sos, 9-1-1 response.
> >
> > What we would like is if the PSAP makes the same query, it would get
> > URI for NYPD.
> >
> > It might also be used for a multilevel routing decision, where a
> > query got you to a high level (say, a state-level) ESRP, which reran
> > query itself (same service, same location) to get the actual URI of
> > PSAP.
> >
> > This means (only) that the response depends on the identity of who
> > asking.
> >
> > I have advocated that the query could be restricted to a secure
> > connection (TLS or IPSEC), and the authentication information for
> > could be used to make an authorization decision on what to return.
> >
> > Does this seem reasonable enough that the document could say the
> > response MAY depend on the identity of the requestor, and the
> > MAY be the identity supplied for a secure connection to the server?
> > not sure we need anything else.
> I'm not to wild about the concept in general, but I'm certainly
> how
> you want to implement it. You are counting on the TLS stack to do
> authentication, but what this means to a lot of TLS libraries is that
> client authentication results in no query. I do not believe that is a
> desirable behavior. In fact, I thought we had as a requirement that
> queries can come from anywhere... and as we all should know by now,
> is
> no universal PKI.
> I'd rather an optional authentication id be passed in with the query,
> which the LoST server can make any special authorization decisions.
> -andy

Geopriv mailing list
Received on Thu, 31 Aug 2006 14:14:11 -0400

This archive was generated by hypermail 2.1.8 : Thu Aug 31 2006 - 16:15:51 EDT