[12:23:04] --- LOGGING STARTED
[12:34:37] --- LOGGING STARTED
[12:35:57] --- LOGGING STARTED
[15:16:44] --- dumdidum has joined
[15:16:51] --- dumdidum has left
[15:22:07] --- randy has joined
[15:27:16] --- Hollenbeck has joined
[15:28:29] --- johan.liseborn has joined
[15:30:20] --- ogm has joined
[15:30:25] --- leg has joined
[15:30:35] --- dumdidum has joined
[15:30:39] --- tony1athome has joined
[15:30:49] --- dumdidum has left
[15:31:05] --- dumdidum has joined
[15:31:36] --- bhoeneis has joined
[15:32:00] --- faw has joined
[15:34:13] <tony1athome> Reviewing document status
[15:34:25] --- bhoeneis has left: Disconnected
[15:34:34] <tony1athome> Reviewing agenda
[15:35:37] <tony1athome> Now reviewing document status
[15:35:56] <tony1athome> DHCP in IESG review
[15:36:20] <tony1athome> pidf in RFC editor queue
[15:36:30] <tony1athome> geopriv-pres at RFC editor queue
[15:38:09] <tony1athome> Discussing substitution groups vs any elements
[15:38:21] <tony1athome> XML to move to any elements
[15:39:59] <tony1athome> Now discussing anonymous vs unathenticated...
[15:41:16] <tony1athome> Now discussing geopriv requirements
[15:41:35] <randy> (from nena)
[15:41:57] <randy> Brian Rosen: draft-rosen-nena-geopriv-requirements-00.txt
[15:42:53] --- allison has joined
[15:43:01] <tony1athome> Need some form of digital signature to avoid forged locations
[15:43:16] <tony1athome> How do we deal with emergency calls?
[15:43:19] <randy> Problem with forged/bogus locations used to dispatch emergency services to wrong location
[15:44:05] <tony1athome> How do you verify signature?
[15:45:30] --- Bernie has joined
[15:45:44] <randy> problem is loc comes to phone via dhcp, phone puts it in pidf-lo but can't sign it
[15:45:51] <tony1athome> System that knows the location (spotter) needs to sign.
[15:46:34] <tony1athome> Some links may provide multiple location inputs (e.g. triangulation)
[15:47:22] <tony1athome> Difference between tower location, end location, or (tower location + signal strength)
[15:47:29] <randy> Need context for multiple locations in pidf-lo (e.g., are they both the same traget, or is one a tower)
[15:48:16] <tony1athome> Need to be able to describe granularity of location
[15:48:30] <tony1athome> (describe precision)
[15:48:46] <tony1athome> Need timing of placement information
[15:49:31] --- hughs has joined
[15:49:38] <tony1athome> Need "postal community" and "legal" community fields [can be inferred from tower? -- tli]
[15:50:08] <tony1athome> [substitute tower identifier? -- tli]
[15:50:15] <randy> expiration of location
[15:50:30] <randy> location may be valid for years though
[15:50:52] <randy> (for fixed phones)
[15:51:29] <tony1athome> Confidence and uncertainty... [is this accuracy and precision? -- tli]
[15:51:44] --- jorma has joined
[15:52:10] <randy> John Morris asks (via AIM) if psap will reject calls that don't meet requirements
[15:52:27] --- jean-francois has joined
[15:52:39] <randy> Brian answers no, they may flag suspicious calls but not automatically reject them
[15:52:39] <tony1athome> Calls without info are taken and flagged suspicious
[15:52:59] <tony1athome> In DoS attacks, suspicious calls may be dropped
[15:53:13] <randy> psap wants requirements as MUST but intends to process calls that don't meet them anyway in most cases
[15:53:34] --- timrang has joined
[15:53:38] <tony1athome> [which means that they're not really MUSTs -- tli ;-)]
[15:53:47] --- sureshk has joined
[15:54:11] <randy> discussion of placetypes
[15:54:33] --- johan.liseborn has left: Logged out
[15:54:55] <tony1athome> Need location information hooks
[15:55:39] <tony1athome> Ambiguity is addressed by simple
[15:55:51] <randy> Jonathan notes that pidf already provides some of the facilities needed here
[15:56:17] --- jorma has left
[15:56:31] <randy> Brian says multiple locations problem is not handled now
[15:57:12] <randy> Rohan discusses the way ambiguity is handled -- simple doesn't solve
[15:57:31] --- jorma has joined
[15:58:05] <tony1athome> [Pictures of cats... ]
[15:58:10] --- allison has left: Logged out
[15:58:44] <tony1athome> Usage clarification, considerations and recommendations for pidf-lo
[15:59:02] <tony1athome> draft-winterbottom-geopriv-pidf-lo...
[15:59:50] <tony1athome> How do you resolve multiple PIDF documents?
[16:00:30] <tony1athome> Some rules for resolution, but still under study
[16:00:47] <tony1athome> GML is big, only need a subset
[16:01:22] <tony1athome> Address selection problems
[16:01:44] <tony1athome> Rules for what's well formed
[16:01:54] <tony1athome> Scoping of GML to limit descriptions
[16:02:32] <tony1athome> Some pidf-lo types are being deprecated in future GML
[16:02:49] <tony1athome> Restrict number of CRSs
[16:03:08] --- jorma has left
[16:03:33] <tony1athome> Restrict shapes for coverage & uncertainty
[16:04:32] <tony1athome> Q: What about future shapes?
[16:04:43] <tony1athome> a: don't need anything very fancy in most cases
[16:04:49] <tony1athome> q: Why do we need shaping?
[16:05:30] <Bernie>
[16:05:51] <tony1athome> a: Exeactly
[16:06:06] --- jorma has joined
[16:06:14] <tony1athome> q: GSM requirements keep changing
[16:06:50] <tony1athome> a: Doing some things in GML are hard (elipses, etc.), restrict shapes to those listed in draft
[16:07:05] <tony1athome> q: Other folks have done this...
[16:07:18] --- DougRoyer has joined
[16:07:30] <tony1athome> How do we map their objects to ours
[16:07:45] <tony1athome> a: Some examples of this in draft
[16:08:33] --- timrang has left: Replaced by new connection
[16:08:34] --- timrang has joined
[16:08:34] --- timrang has left
[16:08:36] <tony1athome> comment: This is good.
[16:08:51] <tony1athome> [Happy cat...]
[16:08:57] <randy> Jon welcomes the work and offers to help
[16:09:05] --- jorma has left
[16:09:17] <tony1athome> SAML in authorization policies
[16:09:29] <tony1athome> draft-guenther-geopriv-saml-policy-00
[16:10:09] <tony1athome> SAML == Security Assoc. markup language
[16:10:24] <tony1athome> SAML used in XML for exchangin security info
[16:10:42] <tony1athome> SAML to become OASIS std
[16:11:01] <tony1athome> Draft proposes some policy language
[16:11:29] <tony1athome> [over my head... -- tli]
[16:11:54] <randy> authorization and authentication issues
[16:11:55] <tony1athome> [Happy cat]
[16:12:07] <randy> applicability to and better mapping for geopriv
[16:12:12] <tony1athome> Domain auth draft
[16:13:03] <tony1athome> [Missing author, discussion delayed]
[16:13:09] <randy> Allison suggests showing slides of frolicing cats is good for a group
[16:13:17] <tony1athome> Carrying location in Radius
[16:13:40] <tony1athome> [Some of us are allergic, however ;-) ]
[16:14:14] <tony1athome> Precision is confusing
[16:14:24] <tony1athome> Use term 'entity"
[16:14:39] <tony1athome> Registry of operator name prefixes
[16:14:47] <tony1athome> Use an IANA registry
[16:15:09] <tony1athome> Use a well known type (GSM, CDMA, REALM)
[16:15:20] <tony1athome> REALM == FQDN type of identifiers
[16:15:24] <tony1athome> More work to be done here
[16:16:00] <tony1athome> When to send location info?
[16:16:29] <tony1athome> Capability advertised by NAS
[16:16:49] <tony1athome> Home network challenges NAS and gets info
[16:17:49] --- avayadave has joined
[16:18:00] <tony1athome> [Happy cat]
[16:18:23] <DougRoyer> Where are you going next?
[16:18:35] <DougRoyer> SORRY - WRONG WINDOW!
[16:18:38] <tony1athome> Domain authorization
[16:19:01] --- jorma has joined
[16:19:43] <tony1athome> Rationale: how does user trust info?
[16:20:12] <tony1athome> RFC 3275 XML signature
[16:20:23] <tony1athome> Timestamp tuple
[16:20:34] <tony1athome> Add expiration time
[16:21:00] <tony1athome> Can add to ruleset without voiding signature
[16:21:08] <tony1athome> Each tuple is independently signed
[16:22:05] <tony1athome> Jon Peterson: Authenticate in whole or in parts consensus was for 'whole'
[16:22:29] <tony1athome> Document can only have a single signator
[16:22:51] <tony1athome> Could carry multiple documents...
[16:22:59] <tony1athome> So why not sign whole?
[16:23:00] --- avayadave has left
[16:23:26] --- avayadave has joined
[16:25:18] <tony1athome> q: How about signing just the location info, not the rest of the gorp?
[16:25:39] <tony1athome> Origin information doesn't need to be signed
[16:25:54] --- jorma has left
[16:26:58] <tony1athome> [over my head -- tli]
[16:27:02] --- jorma has joined
[16:27:54] <randy> discussion about obtaining location prior to putting it in pidf-lo
[16:28:45] --- hughs has left: Replaced by new connection
[16:28:46] --- hughs has joined
[16:28:47] --- hughs has left
[16:29:37] --- faw has left: Replaced by new connection
[16:29:38] --- faw has joined
[16:30:22] --- hughs has joined
[16:30:44] <randy> jr: root problem is origin signature and how to carry them
[16:31:09] --- tony1athome has left: Replaced by new connection
[16:31:26] --- tony1athome has joined
[16:31:47] <randy> jr: if the group is saying layer 2 can't be used to transport loc we need to make this clear to ietf and external orgs
[16:32:56] <randy> hr: when using ip there may not be any service provider to verify things
[16:34:11] <randy> (hs not hr)
[16:34:22] <tony1athome> If signature is not required, then bad guys can not provide signature...
[16:34:39] <randy> hs: can't expect joe's butcher shop to have a signed cert issues by vzw
[16:36:05] --- Dan has joined
[16:36:09] --- Minneapolis has joined
[16:36:12] --- dumdidum has left: Disconnected
[16:36:44] <tony1athome> End system can't modify location info
[16:37:36] --- jorma has left
[16:38:03] <tony1athome> Architectural discussion needs to be resolved
[16:38:14] <tony1athome> [Happy cat]
[16:38:49] <tony1athome> HTTP location delivery
[16:39:01] --- avayadave has left: Disconnected
[16:39:06] --- avayadave has joined
[16:40:22] <tony1athome> Rationale: location is access network problem
[16:40:27] <tony1athome> separate discovery vs delivery
[16:40:35] <randy> Note that early on the group had two drafts: one for putting location info in http for non-private locations (e.g., lakes, mountains); the other for asking/supplying location in http
[16:42:25] <tony1athome> Tie location to access device
[16:42:36] <tony1athome> Deliver with pidf-lo
[16:42:50] <tony1athome> Location is a network resource
[16:43:11] <tony1athome> Cleint requests info using HTTP POST
[16:44:57] <tony1athome> q: how does the server detect and prevent spoofing?
[16:47:52] <tony1athome> q: Is the client querying? Or the server?
[16:48:00] <tony1athome> a: Just the client
[16:48:50] <tony1athome> q: Doesn't the server become a point of failure
[16:49:06] <tony1athome> q: Isn't this an abuse of HTTP?
[16:49:34] <tony1athome> Correction: client may assert a location
[16:49:40] --- jorma has joined
[16:50:00] <tony1athome> Client may request location key
[16:50:10] <tony1athome> Or provide ruleset to location server
[16:50:54] <tony1athome> PIDF-LO changes don't change the request protocol
[16:51:07] <tony1athome> Clients can assert their knowledge
[16:51:16] <tony1athome> Location tied to device, not user
[16:51:34] <tony1athome> Provide location updates with lower overhead
[16:51:35] <randy> (Note this is very different from the early http draft; that document incidently carried location in http; this document uses http as a means to carry loc)
[16:51:42] <tony1athome> How do NATs work?
[16:51:48] --- avayadave has left: Replaced by new connection
[16:51:48] --- avayadave has joined
[16:51:48] --- avayadave has left
[16:51:55] <tony1athome> How do we deal with third party identity
[16:52:28] <randy> Brian Rosen: if we have multiple ways to determine location, new devices won't work
[16:52:57] <tony1athome> L2 mechanisms are going to create many different mechanisms
[16:52:57] <randy> Rohan: need common mech such as http or else there will be multiple layer 2 mechs
[16:53:29] <randy> jr asks about nat impact
[16:54:12] --- Dan has left
[16:54:15] <randy> jp talks about arch
[16:55:07] <randy> jp suggests devices could subscribe to their own loc using sip presence
[16:55:23] <randy> jr says it is an auth issue: make sure only give loc to right device
[16:56:12] --- ogm has left
[16:57:27] <randy> brian says he is not concerned about cell phones, since the service provider restricts the devices that can be used
[16:57:28] --- jorma has left
[16:57:41] <randy> brian is worried about random sip phones connecting to various networks
[16:58:10] --- Minneapolis has left: Disconnected
[16:59:07] --- Hollenbeck has left
[16:59:24] --- allison has joined
[17:00:19] --- jorma has joined
[17:00:31] --- ogm has joined
[17:00:33] <randy> hannes mentions OMA's location protocol; they make many assumptions about arch that are fund diff than what we do
[17:01:43] <allison> inc
[17:02:25] --- Barry Leiba has joined
[17:02:55] <randy> rohan describes slide showing that geoloc server may be much closer to wifi client than the dhcp server
[17:03:19] <tony1athome> And that DHCP server may not have reasonable location data
[17:04:08] --- Barry Leiba has left
[17:04:13] --- jorma has left
[17:04:59] <tony1athome> Query to WG: Should IETF architect this?
[17:05:34] <tony1athome> Is it exclusive or one of many?
[17:05:46] <tony1athome> Handcount
[17:05:54] <tony1athome> Few for
[17:06:09] <tony1athome> Q: one view or multiple views
[17:06:23] <tony1athome> Multiple
[17:06:27] <randy> maybe 1/4 of the room felt it was useful, only one hand for not useful
[17:06:38] <randy> general sense that multiple arch is ok
[17:06:41] <tony1athome> [That one would be me]
[17:07:02] <tony1athome> Q: What do we do?
[17:09:00] <tony1athome> Assertion: we need one architecture for the Internet, but others can do other little things within closed system
[17:10:34] --- jorma has joined
[17:10:58] <allison> Another re-statement: we would describe a reasonably detailed system architecture that we believe works for the big-I Internet and provide egeopriv properties.
[17:11:21] <tony1athome> jr: This is a major layering violation
[17:12:34] <allison> I think we might want to provide a boxology for a change (answering JDR, not at the mic)
[17:13:03] <tony1athome> [We need to distinguish between multiple architectures and multiple mechanisms -- tli]
[17:13:49] <randy> Hannes: trying to map out how to use it in every environment is a mess
[17:13:53] --- sureshk has left
[17:14:10] --- sureshk has joined
[17:14:42] <tony1athome> [Because each environment will have a different mechanism...]
[17:14:49] <randy> jp: we need to figure out what properties we can get from each layer, determine security properties, etc., and compare to requirements of different deployment environments. We may end up with multiple archs, but at least we'll know why
[17:17:24] <randy> henning: we need to understand the tradeoffs of the dif mech, not just pick one
[17:17:45] <randy> 911 is not only solution we need to meet
[17:17:52] --- jorma has left
[17:18:16] <randy> brian rosen: pizza delivery company also needs to be able to trust location, not just psap
[17:19:30] <randy> brian rosen: usually we deal with failure by dropping; we can't do that here
[17:19:36] <randy> comment: arch != mech
[17:21:20] <tony1athome> Q: Define roles and properties?
[17:21:23] <tony1athome> Overwhelming yes
[17:21:30] <tony1athome> Including volunteers
[17:22:28] <tony1athome> Volunteers asked to go write draft(s) preferably one
[17:22:58] <tony1athome> Rohan: Disagreements will be about properties
[17:23:07] <tony1athome> Need to document disagreements
[17:23:12] <tony1athome> Done
[17:23:15] --- tony1athome has left
[17:23:19] --- randy has left
[17:23:21] --- ogm has left
[17:23:37] --- allison has left: Logged out
[17:24:01] --- faw has left
[17:25:29] --- hughs has left
[17:30:59] --- Bernie has left: Disconnected
[17:31:24] --- jean-francois has left
[17:48:37] --- leg has left: Disconnected
[17:49:56] --- danc has joined
[17:51:06] --- danc has left
[18:01:48] --- sureshk has left: Disconnected
[19:02:52] --- DougRoyer has left
[19:25:06] --- leg has joined
[19:25:08] --- leg has left