draft-ietf-geopriv-held-measurements-07.txt   draft-ietf-geopriv-held-measurements-08.txt 
GEOPRIV M. Thomson GEOPRIV M. Thomson
Internet-Draft Microsoft Internet-Draft Microsoft
Intended status: Standards Track J. Winterbottom Intended status: Standards Track J. Winterbottom
Expires: October 13, 2013 Commscope Expires: December 26, 2013 Unaffiliated
April 11, 2013 June 24, 2013
Using Device-provided Location-Related Measurements in Location Using Device-provided Location-Related Measurements in Location
Configuration Protocols Configuration Protocols
draft-ietf-geopriv-held-measurements-07 draft-ietf-geopriv-held-measurements-08
Abstract Abstract
A method is described by which a Device is able to provide location- This document describes a protocol for a Device to provide location-
related measurement data to a LIS within a request for location related measurement data to a Location Information Server (LIS)
information. Location-related measurement information are within a request for location information. Location-related
observations concerning properties related to the position of a measurement information are observations concerning properties
Device, which could be data about network attachment or about the related to the position of a Device, which could be data about
physical environment. When a LIS generates location information for network attachment or about the physical environment. A LIS is able
a Device, information from the Device can improve the accuracy of the to use the location-related measurement data to improve the accuracy
location estimate. A basic set of location-related measurements are of the location estimate it provides to the Device. A basic set of
defined, including common modes of network attachment as well as location-related measurements are defined, including common modes of
assisted Global Navigation Satellite System (GNSS) parameters. network attachment as well as assisted Global Navigation Satellite
System (GNSS) parameters.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 13, 2013. This Internet-Draft will expire on December 26, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Conventions used in this document . . . . . . . . . . . . . . 4 2. Conventions used in this document . . . . . . . . . . . . . . 5
3. Location-Related Measurements in LCPs . . . . . . . . . . . . 5 3. Location-Related Measurements in LCPs . . . . . . . . . . . . 5
4. Location-Related Measurement Data Types . . . . . . . . . . . 6 4. Location-Related Measurement Data Types . . . . . . . . . . . 7
4.1. Measurement Container . . . . . . . . . . . . . . . . . . 7 4.1. Measurement Container . . . . . . . . . . . . . . . . . . 7
4.1.1. Time of Measurement . . . . . . . . . . . . . . . . . 7 4.1.1. Time of Measurement . . . . . . . . . . . . . . . . . 8
4.1.2. Expiry Time on Location-Related Measurement Data . . 8 4.1.2. Expiry Time on Location-Related Measurement Data . . 8
4.2. RMS Error and Number of Samples . . . . . . . . . . . . . 8 4.2. RMS Error and Number of Samples . . . . . . . . . . . . . 9
4.2.1. Time RMS Error . . . . . . . . . . . . . . . . . . . 9 4.2.1. Time RMS Error . . . . . . . . . . . . . . . . . . . 9
4.3. Measurement Request . . . . . . . . . . . . . . . . . . . 9 4.3. Measurement Request . . . . . . . . . . . . . . . . . . . 10
4.4. Identifying Location Provenance . . . . . . . . . . . . . 10 4.4. Identifying Location Provenance . . . . . . . . . . . . . 11
5. Location-Related Measurement Data Types . . . . . . . . . . . 12 5. Location-Related Measurement Data Types . . . . . . . . . . . 13
5.1. LLDP Measurements . . . . . . . . . . . . . . . . . . . . 13 5.1. LLDP Measurements . . . . . . . . . . . . . . . . . . . . 14
5.2. DHCP Relay Agent Information Measurements . . . . . . . . 14 5.2. DHCP Relay Agent Information Measurements . . . . . . . . 15
5.3. 802.11 WLAN Measurements . . . . . . . . . . . . . . . . 14 5.3. 802.11 WLAN Measurements . . . . . . . . . . . . . . . . 15
5.3.1. Wifi Measurement Requests . . . . . . . . . . . . . . 17 5.3.1. Wifi Measurement Requests . . . . . . . . . . . . . . 19
5.4. Cellular Measurements . . . . . . . . . . . . . . . . . . 18 5.4. Cellular Measurements . . . . . . . . . . . . . . . . . . 19
5.4.1. Cellular Measurement Requests . . . . . . . . . . . . 20 5.4.1. Cellular Measurement Requests . . . . . . . . . . . . 22
5.5. GNSS Measurements . . . . . . . . . . . . . . . . . . . . 21 5.5. GNSS Measurements . . . . . . . . . . . . . . . . . . . . 22
5.5.1. GNSS System and Signal . . . . . . . . . . . . . . . 22 5.5.1. GNSS System and Signal . . . . . . . . . . . . . . . 24
5.5.2. Time . . . . . . . . . . . . . . . . . . . . . . . . 23 5.5.2. Time . . . . . . . . . . . . . . . . . . . . . . . . 24
5.5.3. Per-Satellite Measurement Data . . . . . . . . . . . 23 5.5.3. Per-Satellite Measurement Data . . . . . . . . . . . 24
5.5.4. GNSS Measurement Requests . . . . . . . . . . . . . . 24 5.5.4. GNSS Measurement Requests . . . . . . . . . . . . . . 25
5.6. DSL Measurements . . . . . . . . . . . . . . . . . . . . 24 5.6. DSL Measurements . . . . . . . . . . . . . . . . . . . . 25
5.6.1. L2TP Measurements . . . . . . . . . . . . . . . . . . 25 5.6.1. L2TP Measurements . . . . . . . . . . . . . . . . . . 26
5.6.2. RADIUS Measurements . . . . . . . . . . . . . . . . . 25 5.6.2. RADIUS Measurements . . . . . . . . . . . . . . . . . 26
5.6.3. Ethernet VLAN Tag Measurements . . . . . . . . . . . 26 5.6.3. Ethernet VLAN Tag Measurements . . . . . . . . . . . 27
5.6.4. ATM Virtual Circuit Measurements . . . . . . . . . . 26 5.6.4. ATM Virtual Circuit Measurements . . . . . . . . . . 28
6. Privacy Considerations . . . . . . . . . . . . . . . . . . . 27 6. Privacy Considerations . . . . . . . . . . . . . . . . . . . 28
6.1. Measurement Data Privacy Model . . . . . . . . . . . . . 27 6.1. Measurement Data Privacy Model . . . . . . . . . . . . . 28
6.2. LIS Privacy Requirements . . . . . . . . . . . . . . . . 27 6.2. LIS Privacy Requirements . . . . . . . . . . . . . . . . 29
6.3. Measurement Data and Location URIs . . . . . . . . . . . 28 6.3. Measurement Data and Location URIs . . . . . . . . . . . 29
6.4. Third-Party-Provided Measurement Data . . . . . . . . . . 28 6.4. Third-Party-Provided Measurement Data . . . . . . . . . . 30
7. Security Considerations . . . . . . . . . . . . . . . . . . . 28 7. Security Considerations . . . . . . . . . . . . . . . . . . . 30
7.1. Threat Model . . . . . . . . . . . . . . . . . . . . . . 29 7.1. Threat Model . . . . . . . . . . . . . . . . . . . . . . 30
7.1.1. Acquiring Location Information Without Authorization 29 7.1.1. Acquiring Location Information Without Authorization 31
7.1.2. Extracting Network Topology Data . . . . . . . . . . 30 7.1.2. Extracting Network Topology Data . . . . . . . . . . 32
7.1.3. Lying By Proxy . . . . . . . . . . . . . . . . . . . 30 7.1.3. Exposing Network Topology Data . . . . . . . . . . . 32
7.1.4. Measurement Replay . . . . . . . . . . . . . . . . . 31 7.1.4. Lying By Proxy . . . . . . . . . . . . . . . . . . . 32
7.1.5. Environment Spoofing . . . . . . . . . . . . . . . . 32 7.1.5. Measurement Replay . . . . . . . . . . . . . . . . . 33
7.2. Mitigation . . . . . . . . . . . . . . . . . . . . . . . 33 7.1.6. Environment Spoofing . . . . . . . . . . . . . . . . 34
7.2.1. Measurement Validation . . . . . . . . . . . . . . . 34 7.2. Mitigation . . . . . . . . . . . . . . . . . . . . . . . 35
7.2.1.1. Effectiveness . . . . . . . . . . . . . . . . . . 34 7.2.1. Measurement Validation . . . . . . . . . . . . . . . 36
7.2.1.2. Limitations (Unique Observer) . . . . . . . . . . 35 7.2.1.1. Effectiveness . . . . . . . . . . . . . . . . . . 36
7.2.2. Location Validation . . . . . . . . . . . . . . . . . 35 7.2.1.2. Limitations (Unique Observer) . . . . . . . . . . 37
7.2.2.1. Effectiveness . . . . . . . . . . . . . . . . . . 36 7.2.2. Location Validation . . . . . . . . . . . . . . . . . 38
7.2.2.2. Limitations . . . . . . . . . . . . . . . . . . . 36 7.2.2.1. Effectiveness . . . . . . . . . . . . . . . . . . 38
7.2.3. Supporting Observations . . . . . . . . . . . . . . . 37 7.2.2.2. Limitations . . . . . . . . . . . . . . . . . . . 38
7.2.3.1. Effectiveness . . . . . . . . . . . . . . . . . . 37 7.2.3. Supporting Observations . . . . . . . . . . . . . . . 39
7.2.3.2. Limitations . . . . . . . . . . . . . . . . . . . 37 7.2.3.1. Effectiveness . . . . . . . . . . . . . . . . . . 39
7.2.4. Attribution . . . . . . . . . . . . . . . . . . . . . 38 7.2.3.2. Limitations . . . . . . . . . . . . . . . . . . . 40
7.2.5. Stateful Correlation of Location Requests . . . . . . 39 7.2.4. Attribution . . . . . . . . . . . . . . . . . . . . . 40
8. Measurement Schemas . . . . . . . . . . . . . . . . . . . . . 39 7.2.5. Stateful Correlation of Location Requests . . . . . . 41
8.1. Measurement Container Schema . . . . . . . . . . . . . . 39 7.3. An Unauthorized or Compromised LIS . . . . . . . . . . . 42
8.2. Measurement Source Schema . . . . . . . . . . . . . . . . 41 8. Measurement Schemas . . . . . . . . . . . . . . . . . . . . . 42
8.3. Base Type Schema . . . . . . . . . . . . . . . . . . . . 42 8.1. Measurement Container Schema . . . . . . . . . . . . . . 42
8.4. LLDP Measurement Schema . . . . . . . . . . . . . . . . . 45 8.2. Measurement Source Schema . . . . . . . . . . . . . . . . 44
8.5. DHCP Measurement Schema . . . . . . . . . . . . . . . . . 46 8.3. Base Type Schema . . . . . . . . . . . . . . . . . . . . 45
8.6. WiFi Measurement Schema . . . . . . . . . . . . . . . . . 47 8.4. LLDP Measurement Schema . . . . . . . . . . . . . . . . . 48
8.7. Cellular Measurement Schema . . . . . . . . . . . . . . . 51 8.5. DHCP Measurement Schema . . . . . . . . . . . . . . . . . 49
8.8. GNSS Measurement Schema . . . . . . . . . . . . . . . . . 53 8.6. WiFi Measurement Schema . . . . . . . . . . . . . . . . . 50
8.9. DSL Measurement Schema . . . . . . . . . . . . . . . . . 55 8.7. Cellular Measurement Schema . . . . . . . . . . . . . . . 54
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 57 8.8. GNSS Measurement Schema . . . . . . . . . . . . . . . . . 56
9.1. IANA Registry for GNSS Types . . . . . . . . . . . . . . 57 8.9. DSL Measurement Schema . . . . . . . . . . . . . . . . . 58
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 60
9.1. IANA Registry for GNSS Types . . . . . . . . . . . . . . 60
9.2. URN Sub-Namespace Registration for 9.2. URN Sub-Namespace Registration for
urn:ietf:params:xml:ns:pidf:geopriv10:lmsrc . . . . . . . 58 urn:ietf:params:xml:ns:pidf:geopriv10:lmsrc . . . . . . . 61
9.3. URN Sub-Namespace Registration for 9.3. URN Sub-Namespace Registration for
urn:ietf:params:xml:ns:geopriv:lm . . . . . . . . . . . . 59 urn:ietf:params:xml:ns:geopriv:lm . . . . . . . . . . . . 62
9.4. URN Sub-Namespace Registration for 9.4. URN Sub-Namespace Registration for
urn:ietf:params:xml:ns:geopriv:lm:basetypes . . . . . . . 59 urn:ietf:params:xml:ns:geopriv:lm:basetypes . . . . . . . 63
9.5. URN Sub-Namespace Registration for 9.5. URN Sub-Namespace Registration for
urn:ietf:params:xml:ns:geopriv:lm:lldp . . . . . . . . . 60 urn:ietf:params:xml:ns:geopriv:lm:lldp . . . . . . . . . 63
9.6. URN Sub-Namespace Registration for 9.6. URN Sub-Namespace Registration for
urn:ietf:params:xml:ns:geopriv:lm:dhcp . . . . . . . . . 61 urn:ietf:params:xml:ns:geopriv:lm:dhcp . . . . . . . . . 64
9.7. URN Sub-Namespace Registration for 9.7. URN Sub-Namespace Registration for
urn:ietf:params:xml:ns:geopriv:lm:wifi . . . . . . . . . 62 urn:ietf:params:xml:ns:geopriv:lm:wifi . . . . . . . . . 65
9.8. URN Sub-Namespace Registration for 9.8. URN Sub-Namespace Registration for
urn:ietf:params:xml:ns:geopriv:lm:cell . . . . . . . . . 62 urn:ietf:params:xml:ns:geopriv:lm:cell . . . . . . . . . 65
9.9. URN Sub-Namespace Registration for 9.9. URN Sub-Namespace Registration for
urn:ietf:params:xml:ns:geopriv:lm:gnss . . . . . . . . . 63 urn:ietf:params:xml:ns:geopriv:lm:gnss . . . . . . . . . 66
9.10. URN Sub-Namespace Registration for 9.10. URN Sub-Namespace Registration for
urn:ietf:params:xml:ns:geopriv:lm:dsl . . . . . . . . . . 64 urn:ietf:params:xml:ns:geopriv:lm:dsl . . . . . . . . . . 67
9.11. XML Schema Registration for Measurement Source Schema . . 64
9.12. XML Schema Registration for Measurement Container Schema 65 9.11. XML Schema Registration for Measurement Source Schema . . 67
9.13. XML Schema Registration for Base Types Schema . . . . . . 65 9.12. XML Schema Registration for Measurement Container Schema 68
9.14. XML Schema Registration for LLDP Schema . . . . . . . . . 65 9.13. XML Schema Registration for Base Types Schema . . . . . . 68
9.15. XML Schema Registration for DHCP Schema . . . . . . . . . 65 9.14. XML Schema Registration for LLDP Schema . . . . . . . . . 68
9.16. XML Schema Registration for WiFi Schema . . . . . . . . . 66 9.15. XML Schema Registration for DHCP Schema . . . . . . . . . 68
9.17. XML Schema Registration for Cellular Schema . . . . . . . 66 9.16. XML Schema Registration for WiFi Schema . . . . . . . . . 69
9.18. XML Schema Registration for GNSS Schema . . . . . . . . . 66 9.17. XML Schema Registration for Cellular Schema . . . . . . . 69
9.19. XML Schema Registration for DSL Schema . . . . . . . . . 66 9.18. XML Schema Registration for GNSS Schema . . . . . . . . . 69
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 67 9.19. XML Schema Registration for DSL Schema . . . . . . . . . 69
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 67 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 70
11.1. Normative References . . . . . . . . . . . . . . . . . . 67 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 70
11.2. Informative References . . . . . . . . . . . . . . . . . 69 11.1. Normative References . . . . . . . . . . . . . . . . . . 70
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 70 11.2. Informative References . . . . . . . . . . . . . . . . . 72
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 73
1. Introduction 1. Introduction
A location configuration protocol (LCP) provides a means for a Device A Location Configuration Protocol (LCP) provides a means for a Device
to request information about its physical location from an access to request information about its physical location from an access
network. A location information server (LIS) is the server that network. A location information server (LIS) is the server that
provides location information; information that is available due to provides location information that is available due to the knowledge
the knowledge about the network and physical environment that is it has about the network and physical environment.
available to the LIS.
As a part of the access network, the LIS is able to acquire As a part of the access network, the LIS is able to acquire
measurement results from network Devices within the network that are measurement results related to Device location from network elements.
related to Device location. The LIS also has access to information The LIS also has access to information about the network topology
about the network topology that can be used to turn measurement data that can be used to turn measurement data into location information.
into location information. However, this information can be enhanced This information can be further enhanced with information acquired
with information acquired from the Device itself. from the Device itself.
A Device is able to make observations about its network attachment, A Device is able to make observations about its network attachment,
or its physical environment. The location-related measurement data or its physical environment. The location-related measurement data
might be unavailable to the LIS; alternatively, the LIS might be able might be unavailable to the LIS; alternatively, the LIS might be able
to acquire the data, but at a higher cost in time or otherwise. to acquire the data, but at a higher cost, in time or an other
Providing measurement data gives the LIS more options in determining metric. Providing measurement data gives the LIS more options in
location, which could improve the quality of the service provided by determining location, which could improve the quality of the service
the LIS. Improvements in accuracy are one potential gain, but provided by the LIS. Improvements in accuracy are one potential
improved response times and lower error rates are also possible. gain, but improved response times and lower error rates are possible.
This document describes a means for a Device to report location- This document describes a means for a Device to report location-
related measurement data to the LIS. Examples based on the HELD related measurement data to the LIS. Examples based on the HELD
[RFC5985] location configuration protocol are provided. [RFC5985] location configuration protocol are provided.
2. Conventions used in this document 2. Conventions used in this document
The terms LIS and Device are used in this document in a manner The terms LIS and Device are used in this document in a manner
consistent with the usage in [RFC5985]. consistent with the usage in [RFC5985].
This document also uses the following definitions: This document also uses the following definitions:
Location Measurement: An observation about the physical properties Location Measurement: An observation about the physical properties
of a particular Device's network access. The result of a location of a particular Device's position in time and space. The result
measurement - "location-related measurement data", or simply of a location measurement - "location-related measurement data",
"measurement data" given sufficient context - can be used to or simply "measurement data" given sufficient context - can be
determine the location of a Device. Location-related measurement used to determine the location of a Device. Location-related
data does not identify a Device; measurement data can change with measurement data does not directly identify a Device, though it
time if the location of the Device also changes. could do indirectly. Measurement data can change with time if the
location of the Device also changes.
Location-related measurement data does not necessarily contain Location-related measurement data does not necessarily contain
location information directly, but it can be used in combination location information directly, but it can be used in combination
with contextual knowledge of the network, or algorithms to derive with contextual knowledge and/or algorithms to derive location
location information. Examples of location-related measurement information. Examples of location-related measurement data are:
data are: radio signal strength or timing measurements, Ethernet radio signal strength or timing measurements, Ethernet switch and
switch and port identifiers. port identifiers.
Location-related measurement data can be considered sighting Location-related measurement data can be considered sighting
information, based on the definition in [RFC3693]. information, based on the definition in [RFC3693].
Location Estimate: A location estimate is an approximation of where Location Estimate: A location estimate is an approximation of where
the Device is located. Location estimates are derived from the Device is located. Location estimates are derived from
location measurements. Location estimates are subject to location measurements. Location estimates are subject to
uncertainty, which arise from errors in measurement results. uncertainty, which arise from errors in measurement results.
GNSS: Global Navigation Satellite System. A satellite-based system GNSS: Global Navigation Satellite System. A satellite-based system
skipping to change at page 5, line 45 skipping to change at page 6, line 5
3. Location-Related Measurements in LCPs 3. Location-Related Measurements in LCPs
This document defines a standard container for the conveyance of This document defines a standard container for the conveyance of
location-related measurement parameters in location configuration location-related measurement parameters in location configuration
protocols. This is an XML container that identifies parameters by protocols. This is an XML container that identifies parameters by
type and allows the Device to provide the results of any measurement type and allows the Device to provide the results of any measurement
it is able to perform. A set of measurement schemas are also defined it is able to perform. A set of measurement schemas are also defined
that can be carried in the generic container. that can be carried in the generic container.
The simplest example of measurement data conveyance is illustrated by A simple example of measurement data conveyance is illustrated by the
the example message in Figure 1. This shows a HELD location request example message in Figure 1. This shows a HELD location request
message with an Ethernet switch and port measurement taken using LLDP message with an Ethernet switch and port measurement taken using LLDP
[IEEE.8021AB]. [IEEE.8021AB].
<locationRequest xmlns="urn:ietf:params:xml:ns:geopriv:held"> <locationRequest xmlns="urn:ietf:params:xml:ns:geopriv:held">
<locationType exact="true">civic</locationType> <locationType exact="true">civic</locationType>
<measurements xmlns="urn:ietf:params:xml:ns:geopriv:lm" <measurements xmlns="urn:ietf:params:xml:ns:geopriv:lm"
time="2008-04-29T14:33:58"> time="2008-04-29T14:33:58">
<lldp xmlns="urn:ietf:params:xml:ns:geopriv:lm:lldp"> <lldp xmlns="urn:ietf:params:xml:ns:geopriv:lm:lldp">
<chassis type="4">0a01003c</chassis> <chassis type="4">0a01003c</chassis>
<port type="6">c2</port> <port type="6">c2</port>
</lldp> </lldp>
</measurements> </measurements>
</locationRequest> </locationRequest>
Figure 1: HELD Location Request with Measurement Data Figure 1: HELD Location Request with Measurement Data
Measurement data that the LIS does not support or understand can be This LIS can ignore measurement data that it does not support or
ignored. The measurements defined in this document follow this rule; understand. The measurements defined in this document follow this
extensions that could result in backward incompatibility MUST be rule: extensions that could result in backward incompatibility MUST
added as new measurement definitions rather than extensions to be added as new measurement definitions rather than extensions to
existing types. existing types.
Multiple sets of measurement data, either of the same type or from Multiple sets of measurement data, either of the same type or from
different sources can be included in the "measurements" element. See different sources, can be included in the "measurements" element.
Section 4.1.1 for details on repetition of this element. See Section 4.1.1 for details on repetition of this element.
Use of location-related measurement data is at the discretion of the A LIS can choose to use or ignore location-related measurement data
LIS, but the "method" parameter in the Presence Information Data in determining location, as long as rules regarding use and retention
Format - Location Object (PIDF-LO) [RFC4119] SHOULD be adjusted to (Section 6) are respected. The "method" parameter in the Presence
reflect the method used. Information Data Format - Location Object (PIDF-LO) [RFC4119] SHOULD
be adjusted to reflect the method used. A correct "method" can
assist location recipients in assessing the quality (both accuracy
and integrity) of location information, though there could be reasons
to withhold information about the source of data.
Measurement data is typically only used to serve the request that it
is included in. There may be exceptions, particularly with respect
to location URIs. Section 6 provides more information on usage
rules.
Location-related measurement data need not be provided exclusively by Location-related measurement data need not be provided exclusively by
Devices. A third party location requester can request location Devices. A third party location requester (for example, see
information using measurement data, if they are able and authorized. [RFC6155]) can request location information using measurement data,
There are privacy considerations relating to the use of measurements if the requester is able to acquire measurement data and authorized
by third parties, which are discussed in Section 6.4. to distribute it. There are specific privacy considerations relating
to the use of measurements by third parties, which are discussed in
Section 6.4.
Location-related measurement data and its use presents a number of Location-related measurement data and its use presents a number of
security challenges. These are described in more detail in privacy and security challenges. These are described in more detail
Section 7. in Section 6 and Section 7.
4. Location-Related Measurement Data Types 4. Location-Related Measurement Data Types
A common container is defined for the expression of location A common container is defined for the expression of location
measurement data, as well as a simple means of identifying specific measurement data, as well as a simple means of identifying specific
types of measurement data for the purposes of requesting them. types of measurement data for the purposes of requesting them.
The following example shows a measurement container with measurement The following example shows a measurement container with measurement
time and expiration time included. A WiFi measurement is enclosed. time and expiration time included. A WiFi measurement is enclosed.
skipping to change at page 7, line 20 skipping to change at page 7, line 41
<bssid>00-12-F0-A0-80-EF</bssid> <bssid>00-12-F0-A0-80-EF</bssid>
<ssid>wlan-home</ssid> <ssid>wlan-home</ssid>
</ap> </ap>
</wifi> </wifi>
</lm:measurements> </lm:measurements>
Figure 2: Measurement Example Figure 2: Measurement Example
4.1. Measurement Container 4.1. Measurement Container
The "measurement" element is used to encapsulate measurement data The "measurements" element is used to encapsulate measurement data
that is collected at a certain point in time. It contains time-based that is collected at a certain point in time. It contains time-based
attributes that are common to all forms of measurement data, and attributes that are common to all forms of measurement data, and
permits the inclusion of arbitrary measurement data. permits the inclusion of arbitrary measurement data. The elements
that are included within the "measurements" element are generically
referred to as "measurement elements".
This container can be added to a request for location information in This container can be added to a request for location information in
any protocol capable of carrying XML, such as a HELD location request any protocol capable of carrying XML, such as a HELD location request
[RFC5985]. [RFC5985].
4.1.1. Time of Measurement 4.1.1. Time of Measurement
The "time" attribute records the time that the measurement or The "time" attribute records the time that the measurement or
observation was made. This time can be different to the time that observation was made. This time can be different to the time that
the measurement information was reported. Time information can be the measurement information was reported. Time information can be
used to populate a timestamp on the location result, or to determine used to populate a timestamp on the location result, or to determine
if the measurement information is used. if the measurement information is used.
The "time" attribute is optional to avoid forcing an arbitrary choice The "time" attribute SHOULD be used to avoid forcing an arbitrary
of timestamp for relatively static types of measurement (for choice of timestamp for relatively static types of measurement (for
instance, the DSL measurements in Section 5.6) and for legacy Devices instance, the DSL measurements in Section 5.6) and for legacy Devices
that don't record time information (such as the Home Location that don't record time information (such as the Home Location
Register/Home Subscriber Server for cellular). However, time SHOULD Register/Home Subscriber Server for cellular). However, time SHOULD
be provided whenever possible. be provided whenever possible.
The "time" attribute is attached to the root "measurement" element. The "time" attribute is attached to the root "measurement" element.
If it is necessary to provide multiple sets of measurement data with Multiple measurements can often be given the same timestamp, even
different times, multiple "measurement" elements SHOULD be provided. when the measurements were not actually taken at the same time
(consider a set of measurements taken sequentially, where the
difference in time between observations is not significant).
Measurements cannot be grouped if they have different types, or there
is a need for independent time values on each measurement. In these
instances, multiple measurement sets are necessary.
4.1.2. Expiry Time on Location-Related Measurement Data 4.1.2. Expiry Time on Location-Related Measurement Data
A Device is able to indicate an expiry time in the location A Device is able to indicate an expiry time in the location
measurement using the "expires" attribute. Nominally, this attribute measurement using the "expires" attribute. Nominally, this attribute
indicates how long information is expected to be valid for, but it indicates how long information is expected to be valid, but it can
can also indicate a time limit on the retention and use of the also indicate a time limit on the retention and use of the
measurement data. A Device can use this attribute to prevent the LIS measurement data. A Device can use this attribute to request that
from retaining measurement data or limit the time that a LIS retains the LIS not retain measurement data beyond the indicated time.
this information.
Note: Movement of a Device might result in the measurement data Note: Movement of the Device might result in the measurement data
being invalidated before the expiry time. being invalidated before the expiry time.
The LIS MUST NOT keep location-related measurement data beyond the A Device is advised to set the "expires" attribute to earlier of: the
time indicated in the "expires" attribute. time that measurements are likely to be unusable, and the time that
it desires to have measurements discarded by the LIS. A Device that
does not desire measurement data to be retained can omit the
"expires" attribute. Section 6 describes more specific rules
regarding measurement data retention.
4.2. RMS Error and Number of Samples 4.2. RMS Error and Number of Samples
Often a measurement is taken more than once over a period of time. Often a measurement is taken more than once. Reporting the average
Reporting the average of a number of measurement results mitigates of a number of measurement results mitigates the effects of random
the effects of random errors that occur in the measurement process. errors that occur in the measurement process.
Reporting each measurement individually can be the most effective Reporting each measurement individually can be the most effective
method of reporting multiple measurements. This is achieved by method of reporting multiple measurements. This is achieved by
providing multiple "measurement" elements for different times. providing multiple measurement elements for different times.
The alternative is to aggregate multiple measurements and report a The alternative is to aggregate multiple measurements and report a
mean value across the set of measurements. Additional information mean value across the set of measurements. Additional information
about the distribution of the results can be useful in determining about the distribution of the results can be useful in determining
location uncertainty. location uncertainty.
Two optional attributes are provided for certain measurement values: Two attributes are provided for use on some measurement values:
rmsError: The root-mean-squared (RMS) error of the set of rmsError: The root-mean-squared (RMS) error of the set of
measurement values used in calculating the result. RMS error is measurement values used in calculating the result. RMS error is
expressed in the same units as the measurement, unless otherwise expressed in the same units as the measurement, unless otherwise
stated. If an accurate value for RMS error is not known, this stated. If an accurate value for RMS error is not known, this
value can be used to indicate an upper bound or estimate for the value can be used to indicate an upper bound or estimate for the
RMS error. RMS error.
samples: The number of samples that were taken in determining the samples: The number of samples that were taken in determining the
measurement value. If omitted, this value can be assumed to be a measurement value. If omitted, this value can be assumed to be
very large value, so that the RMS error is an indication of the large enough that the RMS error is an indication of the standard
standard deviation of the sample set. deviation of the sample set.
For some measurement techniques, measurement error is largely For some measurement techniques, measurement error is largely
dependent on the measurement technique employed. In these cases, dependent on the measurement technique employed. In these cases,
measurement error is largely a product of the measurement technique measurement error is largely a product of the measurement technique
and not the specific circumstances, so RMS error does not need to be and not the specific circumstances, so RMS error does not need to be
actively measured. A fixed value MAY be provided for RMS error where actively measured. A fixed value MAY be provided for RMS error where
appropriate. appropriate.
The "rmsError" and "samples" elements are added as attributes of The "rmsError" and "samples" elements are added as attributes of
specific measurement data types. specific measurement data types.
4.2.1. Time RMS Error 4.2.1. Time RMS Error
Measurement of time can be significant in certain circumstances. The Measurement of time can be significant in certain circumstances. The
GNSS measurements included in this document are one such case where a GNSS measurements included in this document are one such case where a
small error in time can result in a large error in location. Factors small error in time can result in a large error in location. Factors
such as clock drift and errors in time synchronization can result in such as clock drift and errors in time synchronization can result in
small, but significant, time errors. Including an indication of the small, but significant, time errors. Including an indication of the
quality of the time can be helpful. quality of time measurements can be helpful.
An optional "timeError" attribute can be added to the "measurement" A "timeError" attribute MAY be added to the "measurement" element to
element to indicate the RMS error in time. "timeError" indicates an indicate the RMS error in time. "timeError" indicates an upper bound
upper bound on the time RMS error in seconds. on the time RMS error in seconds.
The "timeError" attribute does not apply where multiple samples of a The "timeError" attribute does not apply where multiple samples of a
measurement are taken over time. If multiple samples are taken, each measurement are taken over time. If multiple samples are taken, each
SHOULD be included in a different "measurement" element. SHOULD be included in a different "measurement" element.
4.3. Measurement Request 4.3. Measurement Request
A measurement request is used by a protocol peer to describe a set of A measurement request is used by a protocol peer to describe a set of
measurement data that it desires. A "measurementRequest" element is measurement data that it desires. A "measurementRequest" element is
defined that can be included in a protocol exchange. defined that can be included in a protocol exchange.
For instance, a LIS can use a measurement request in HELD responses. For instance, a LIS can use a measurement request in HELD responses.
If the LIS is unable to provide location information, but it believes If the LIS is unable to provide location information, but it believes
that a particular measurement type would enable it to provide a that a particular measurement type would enable it to provide a
location, it can include a measurement request in an error response. location, it can include a measurement request in an error response.
The "measurement" element of the measurement request identifies the The "measurement" element of the measurement request identifies the
type of measurement that is requested. The "type" attribute of this type of measurement that is requested. The "type" attribute of this
element indicates the type of measurement, as identified by an XML element indicates the type of measurement, as identified by an XML
qualified name. An optional "samples" attribute indicates how many qualified name. An "samples" attribute MAY be used to indicate how
samples of the identified measurement are requested. many samples of the identified measurement are requested.
The "measurement" element can be repeated to request multiple (or The "measurement" element can be repeated to request multiple (or
alternative) measurement types. alternative) measurement types.
Additional XML content might be defined for a particular measurement Additional XML content might be defined for a particular measurement
type that is used to further refine a request. These elements either type that is used to further refine a request. These elements either
constrain what is requested or specify optional components of the constrain what is requested or specify non-mandatory components of
measurement data that are needed. These are defined along with the the measurement data that are needed. These are defined along with
specific measurement type. the specific measurement type.
In the HELD protocol, the inclusion of a measurement request in an In the HELD protocol, the inclusion of a measurement request in an
error response with a code of "locationUnknown" indicates that the error response with a code of "locationUnknown" indicates that
LIS believes that providing the indicated measurements would increase providing measurements would increase the likelihood of a subsequent
the likelihood of a subsequent request being successful. request being successful.
The following example shows a HELD error response that indicates that The following example shows a HELD error response that indicates that
WiFi measurement data would be useful if a later request were made. WiFi measurement data would be useful if a later request were made.
Additional elements indicate that received signal strength for an Additional elements indicate that received signal strength for an
802.11n access point is requested. 802.11n access point is requested.
<error xmlns="urn:ietf:params:xml:ns:geopriv:held" <error xmlns="urn:ietf:params:xml:ns:geopriv:held"
code="locationUnknown"> code="locationUnknown">
<message xml:lang="en">Insufficient measurement data</message> <message xml:lang="en">Insufficient measurement data</message>
<measurementRequest <measurementRequest
skipping to change at page 11, line 6 skipping to change at page 11, line 39
and the measurement data that was used to determine that location and the measurement data that was used to determine that location
information. information.
The "source" element is added to the "geopriv" element of the PIDF- The "source" element is added to the "geopriv" element of the PIDF-
LO. This element does not identify specific entities. Instead, it LO. This element does not identify specific entities. Instead, it
identifies the type of source. identifies the type of source.
The following types of measurement source are identified: The following types of measurement source are identified:
lis: Location information is based on measurement data that the LIS lis: Location information is based on measurement data that the LIS
or sources that it trusts have acquired. This label might be used or sources that it trusts have acquired. This label MAY be used
if measurement data provided by the Device has been completely if measurement data provided by the Device has been completely
validated by the LIS. validated by the LIS.
device: Location information is based on measurement data that the device: A LIS MUST include this value if the location information is
Device has provided to the LIS. based (in whole or part) on measurement data provided by the
Device and if the measurement data isn't completely validated.
other: Location information is based on measurement data that a other: Location information is based on measurement data that a
third party has provided. This might be an authorized third party third party has provided. This might be an authorized third party
that uses identity parameters [RFC6155] or any other entity. that uses identity parameters [RFC6155] or any other entity. The
LIS MUST include this, unless the third party is trusted by the
LIS to provide measurement data.
No assertion is made about the veracity of the measurement data from No assertion is made about the veracity of the measurement data from
sources other than the LIS. A combination of tags MAY be included to sources other than the LIS. A combination of tags MAY be included to
indicate that measurement data from both sources was used. indicate that measurement data from multiple types of sources was
used.
For example, the first tuple of the following PIDF-LO indicates that For example, the first tuple of the following PIDF-LO indicates that
measurement data from a LIS and a device was combined to produce the measurement data from a LIS and a device was combined to produce the
result, the second tuple was produced by the LIS alone. result, the second tuple was produced by the LIS alone.
<presence xmlns="urn:ietf:params:xml:ns:pidf" <presence xmlns="urn:ietf:params:xml:ns:pidf"
xmlns:gp="urn:ietf:params:xml:ns:pidf:geopriv10" xmlns:gp="urn:ietf:params:xml:ns:pidf:geopriv10"
xmlns:gml="http://www.opengis.net/gml" xmlns:gml="http://www.opengis.net/gml"
xmlns:gs="http://www.opengis.net/pidflo/1.0" xmlns:gs="http://www.opengis.net/pidflo/1.0"
xmlns:lmsrc="urn:ietf:params:xml:ns:pidf:geopriv10:lmsrc" xmlns:lmsrc="urn:ietf:params:xml:ns:pidf:geopriv10:lmsrc"
skipping to change at page 13, line 6 skipping to change at page 14, line 6
</presence> </presence>
PIDF-LO document with source labels PIDF-LO document with source labels
5. Location-Related Measurement Data Types 5. Location-Related Measurement Data Types
This document defines location-related measurement data types for a This document defines location-related measurement data types for a
range of common network types. range of common network types.
All included measurement data definitions allow for arbitrary All included measurement data definitions allow for arbitrary
extension in the corresponding schema. As new parameters that are extension in the corresponding schema. New parameters that are
applicable to location determination are added, these can be added as applicable to location determination are added as new XML elements in
new XML elements in a unique namespace. Though many of the a unique namespace, not by adding elements to an existing namespace.
underlying protocols support extension, creation of specific XML-
based extensions to the measurement format is favored over
accommodating protocol-specific extensions in generic containers.
5.1. LLDP Measurements 5.1. LLDP Measurements
Link-Layer Discovery Protocol (LLDP) [IEEE.8021AB] messages are sent Link-Layer Discovery Protocol (LLDP) [IEEE.8021AB] messages are sent
between adjacent nodes in an IEEE 802 network (e.g. wired Ethernet, between adjacent nodes in an IEEE 802 network (e.g. wired Ethernet,
WiFi, 802.16). These messages all contain identification information WiFi, 802.16). These messages all contain identification information
for the sending node, which can be used to determine location for the sending node, which can be used to determine location
information. A Device that receives LLDP messages can report this information. A Device that receives LLDP messages can report this
information as a location-related measurement to the LIS, which is information as a location-related measurement to the LIS, which is
then able to use the measurement data in determining the location of then able to use the measurement data in determining the location of
the Device. the Device.
Note: The LLDP extensions defined in LLDP Media Endpoint Discovery Note: The LLDP extensions defined in LLDP Media Endpoint Discovery
(LLDP-MED) [ANSI-TIA-1057] provide the ability to acquire location (LLDP-MED) [ANSI-TIA-1057] provide the ability to acquire location
information directly from an LLDP endpoint. Where this information directly from an LLDP endpoint. Where this
skipping to change at page 14, line 16 skipping to change at page 15, line 16
network switches and their attachment to them by other means MAY use network switches and their attachment to them by other means MAY use
this data type to convey this information. this data type to convey this information.
5.2. DHCP Relay Agent Information Measurements 5.2. DHCP Relay Agent Information Measurements
The DHCP Relay Agent Information option [RFC3046] provides The DHCP Relay Agent Information option [RFC3046] provides
measurement data about the network attachment of a Device. This measurement data about the network attachment of a Device. This
measurement data can be included in the "dhcp-rai" element. measurement data can be included in the "dhcp-rai" element.
The elements in the DHCP relay agent information options are opaque The elements in the DHCP relay agent information options are opaque
data types assigned by the DHCP relay agent. The three items are all data types assigned by the DHCP relay agent. The three items MAY be
optional: circuit identifier ("circuit", [RFC3046]), remote omitted if unknown: circuit identifier ("circuit", circuit [RFC3046],
identifier ("remote", Remote ID [RFC3046], or remote-id [RFC4649]) Interface-Id [RFC3315]), remote identifier ("remote", Remote ID
and subscriber identifier ("subscriber", subscriber-id [RFC3993], [RFC3046], or remote-id [RFC4649]) and subscriber identifier
Subscriber-ID [RFC4580]). The DHCPv6 remote-id has an associated ("subscriber", subscriber-id [RFC3993], Subscriber-ID [RFC4580]).
enterprise number [IANA.enterprise] as an XML attribute. The DHCPv6 remote-id has an associated enterprise number
[IANA.enterprise] as an XML attribute.
<measurements xmlns="urn:ietf:params:xml:ns:geopriv:lm" <measurements xmlns="urn:ietf:params:xml:ns:geopriv:lm"
time="2008-04-29T14:33:58"> time="2008-04-29T14:33:58">
<dhcp-rai xmlns="urn:ietf:params:xml:ns:geopriv:lm:dhcp"> <dhcp-rai xmlns="urn:ietf:params:xml:ns:geopriv:lm:dhcp">
<giaddr>::ffff:192.0.2.158</giaddr> <giaddr>192.0.2.158</giaddr>
<circuit>108b</circuit> <circuit>108b</circuit>
</dhcp-rai> </dhcp-rai>
</measurements> </measurements>
Figure 5: DHCP Relay Agent Information Measurement Example Figure 5: DHCP Relay Agent Information Measurement Example
The "giaddr" is specified as a dotted quad IPv4 address or an RFC The "giaddr" is specified as a dotted quad IPv4 address or an RFC
4291 [RFC4291] IPv6 address, using the forms defined in [RFC3986]. 4291 [RFC4291] IPv6 address, using the forms defined in [RFC3986];
The enterprise number is specified as a decimal integer. All other IPv6 addresses SHOULD use the form described in [RFC5952]. The
enterprise number is specified as a decimal integer. All other
information is included verbatim from the DHCP request in hexadecimal information is included verbatim from the DHCP request in hexadecimal
format. format.
The "subscriber" element could be considered sensitive. This
information MUST NOT be provided to a LIS that is not authorized to
receive information about the access network. See Section 7.1.3 for
more details.
5.3. 802.11 WLAN Measurements 5.3. 802.11 WLAN Measurements
In WiFi, or 802.11 [IEEE.80211], networks a Device might be able to In WiFi, or 802.11 [IEEE.80211], networks a Device might be able to
provide information about the access point (AP) that it is attached provide information about the access point (AP) that it is attached
to, or other WiFi points it is able to see. This is provided using to, or other WiFi points it is able to see. This is provided using
the "wifi" element, as shown in Figure 6, which shows a single the "wifi" element, as shown in Figure 6, which shows a single
complete measurement for a single access point. complete measurement for a single access point.
<measurements xmlns="urn:ietf:params:xml:ns:geopriv:lm" <measurements xmlns="urn:ietf:params:xml:ns:geopriv:lm"
time="2011-04-29T14:33:58"> time="2011-04-29T14:33:58">
skipping to change at page 15, line 34 skipping to change at page 16, line 41
<gain>9</gain> <gain>9</gain>
<rcpi dBm="true" rmsError="9.5" samples="1">-98.5</rcpi> <rcpi dBm="true" rmsError="9.5" samples="1">-98.5</rcpi>
<rsni rmsError="6" samples="1">7.5</rsni> <rsni rmsError="6" samples="1">7.5</rsni>
</deviceSignal> </deviceSignal>
</ap> </ap>
</wifi> </wifi>
</measurements> </measurements>
Figure 6: 802.11 WLAN Measurement Example Figure 6: 802.11 WLAN Measurement Example
A wifi element is made up of one or more access points, and an A wifi element is made up of one or more access points, and a
optional "nicType" element. Each access point is described using the "nicType" element, which MAY be omitted. Each access point is
"ap" element, which is comprised of the following fields: described using the "ap" element, which is comprised of the following
fields:
bssid: The basic service set identifier. In an Infrastructure BSS bssid: The basic service set identifier. In an Infrastructure BSS
network, the bssid is the 48 bit MAC address of the access point. network, the bssid is the 48 bit MAC address of the access point.
The "verified" attribute of this element describes whether the The "verified" attribute of this element describes whether the
device has verified the MAC address or it authenticated the access device has verified the MAC address or it authenticated the access
point or the network operating the access point (for example, a point or the network operating the access point (for example, a
captive portal accessed through the access point has been captive portal accessed through the access point has been
authenticated). This attributes defaults to a value of "false" authenticated). This attributes defaults to a value of "false"
when omitted. when omitted.
skipping to change at page 16, line 27 skipping to change at page 17, line 32
channel: The channel number (frequency) that the access point channel: The channel number (frequency) that the access point
operates on. operates on.
location: The location of the access point, as reported by the location: The location of the access point, as reported by the
access point. This element contains any valid location, using the access point. This element contains any valid location, using the
rules for a "location-info" element, as described in [RFC5491]. rules for a "location-info" element, as described in [RFC5491].
type: The network type for the network access. This element type: The network type for the network access. This element
includes the alphabetic suffix of the 802.11 specification that includes the alphabetic suffix of the 802.11 specification that
introduced the radio interface, or PHY; e.g. "a", "b", "g", or introduced the radio interface, or PHY; e.g. "a", "b", "g", or
"n". "n".
band: The frequency band for the radio, in gigahertz (GHz). 802.11 band: The frequency band for the radio, in gigahertz (GHz). 802.11
[IEEE.80211] specifies PHY layers that use 2.4, 3.7 and 5 [IEEE.80211] specifies PHY layers that use 2.4, 3.7 and 5
gigahertz frequency bands. gigahertz frequency bands.
regclass: The regulatory domain and class. The "country" attribute regclass: The operating class (regulatory domain and class in older
optionally includes the applicable two character country versions in 802.11), see Annex E of [IEEE.80211]. The "country"
attribute optionally includes the applicable two character country
identifier (dot11CountryString), which can be followed by an 'O', identifier (dot11CountryString), which can be followed by an 'O',
'I' or 'X'. The element text content includes the value of the 'I' or 'X'. The element text content includes the value of the
regulatory class: an 8-bit integer in decimal form. regulatory class: an 8-bit integer in decimal form.
antenna: The antenna identifier for the antenna that the access antenna: The antenna identifier for the antenna that the access
point is using to transmit the measured signals. point is using to transmit the measured signals.
flightTime: Flight time is the difference between the time of flightTime: Flight time is the difference between the time of
departure (TOD) of signal from a transmitting station and time of departure (TOD) of signal from a transmitting station and time of
arrival (TOA) of signal at a receiving station, as defined in arrival (TOA) of signal at a receiving station, as defined in
[IEEE.80211V]. Measurement of this value requires that stations
[IEEE.80211]. Measurement of this value requires that stations
synchronize their clocks. This value can be measured by access synchronize their clocks. This value can be measured by access
point or Device; because the flight time is assumed to be the same point or Device; because the flight time is assumed to be the same
in either direction - aside from measurement errors - only a in either direction - aside from measurement errors - only a
single element is provided. This element includes optional single element is provided. This element permits the use of the
"rmsError" and "samples" attributes. RMS error might be derived "rmsError" and "samples" attributes. RMS error might be derived
from the reported RMS error in TOD and TOA. from the reported RMS error in TOD and TOA.
apSignal: Measurement information for the signal transmitted by the apSignal: Measurement information for the signal transmitted by the
access point, as observed by the Device. Some of these values are access point, as observed by the Device. Some of these values are
derived from 802.11v [IEEE.80211V] messages exchanged between derived from 802.11v [IEEE.80211] messages exchanged between
Device and access point. The contents of this element include: Device and access point. The contents of this element include:
transmit: The transmit power reported by the access point, in transmit: The transmit power reported by the access point, in
dBm. dBm.
gain: The gain of the access point antenna reported by the access gain: The gain of the access point antenna reported by the access
point, in dB. point, in dB.
rcpi: The received channel power indicator for the access point rcpi: The received channel power indicator for the access point
signal, as measured by the Device. This value SHOULD be in signal, as measured by the Device. This value SHOULD be in
units of dBm (with RMS error in dB). If power is measured units of dBm (with RMS error in dB). If power is measured
in a different fashion, the "dBm" attribute MUST be set to in a different fashion, the "dBm" attribute MUST be set to
"false". Signal strength reporting on current hardware uses "false". Signal strength reporting on current hardware uses
a range of different mechanisms; therefore, the value of the a range of different mechanisms; therefore, the value of the
"nicType" element SHOULD be included if the units are not "nicType" element SHOULD be included if the units are not
known to be in dBm and the value reported by the hardware known to be in dBm and the value reported by the hardware
should be included without modification. This element should be included without modification. This element
includes optional "rmsError" and "samples" attributes. permits the use of the "rmsError" and "samples" attributes.
rsni: The received signal to noise indicator in dB. This element rsni: The received signal to noise indicator in dB. This element
includes optional "rmsError" and "samples" attributes. permits the use of the "rmsError" and "samples" attributes.
deviceSignal: Measurement information for the signal transmitted by deviceSignal: Measurement information for the signal transmitted by
the device, as reported by the access point. This element the device, as reported by the access point. This element
contains the same child elements as the "ap" element, with the contains the same child elements as the "ap" element, with the
access point and Device roles reversed. access point and Device roles reversed.
All elements are optional except for "bssid". The only mandatory element in this structure is "bssid".
The "nicType" element is used to specify the make and model of the The "nicType" element is used to specify the make and model of the
wireless network interface in the Device. Different 802.11 chipsets wireless network interface in the Device. Different 802.11 chipsets
report measurements in different ways, so knowing the network report measurements in different ways, so knowing the network
interface type aids the LIS in determining how to use the provided interface type aids the LIS in determining how to use the provided
measurement data. The content of this field is unconstrained and no measurement data. The content of this field is unconstrained and no
mechanisms are specified to ensure uniqueness. mechanisms are specified to ensure uniqueness. This field is
unlikely to be useful, except under tightly controlled circumstances.
5.3.1. Wifi Measurement Requests 5.3.1. Wifi Measurement Requests
Two elements are defined for requesting WiFi measurements in a Two elements are defined for requesting WiFi measurements in a
measurement request: measurement request:
type: The "type" element identifies the desired type (or types that type: The "type" element identifies the desired type (or types that
are requested. are requested).
parameter: The "parameter" element identifies an optional parameter: The "parameter" element identifies measurements that are
measurements are requested for each measured access point. An requested for each measured access point. An element is
element is identified by its qualified name. The optional identified by its qualified name. The "context" parameter can be
"context" parameter can be used to specify if an element is used to specify if an element is included as a child of the "ap"
included as a child of the "ap" or "device" elements; omission or "device" elements; omission indicates that it applies to both.
indicates that it applies to both.
Multiple types or parameters can be requested by repeating either Multiple types or parameters can be requested by repeating either
element. element.
5.4. Cellular Measurements 5.4. Cellular Measurements
Cellular Devices are common throughout the world and base station Cellular Devices are common throughout the world and base station
identifiers can provide a good source of coarse location information. identifiers can provide a good source of coarse location information.
This information can be provided to a LIS run by the cellar operator, Cellular measurements can be provided to a LIS run by the cellular
or may be provided to an alternative LIS operator that has access to operator, or may be provided to an alternative LIS operator that has
one of several global cell-id to location mapping databases. access to one of several global cell-id to location mapping
databases.
A number of advanced location determination methods have been A number of advanced location determination methods have been
developed for cellular networks. For these methods a range of developed for cellular networks. For these methods a range of
measurement parameters can be collected by the network, Device, or measurement parameters can be collected by the network, Device, or
both in cooperation. This document includes a basic identifier for both in cooperation. This document includes a basic identifier for
the wireless transmitter only; future efforts might define additional the wireless transmitter only; future efforts might define additional
parameters that enable more accurate methods of location parameters that enable more accurate methods of location
determination. determination.
The cellular measurement set allows a Device to report to a LIS any The cellular measurement set allows a Device to report to a LIS any
skipping to change at page 18, line 43 skipping to change at page 20, line 5
cells that it is able to observe. Cells are reported using their cells that it is able to observe. Cells are reported using their
global identifiers. All 3GPP cells are identified by public land global identifiers. All 3GPP cells are identified by public land
mobile network (PLMN), which is formed of mobile country code (MCC) mobile network (PLMN), which is formed of mobile country code (MCC)
and mobile network code (MNC); specific fields are added for each and mobile network code (MNC); specific fields are added for each
network type. network type.
Formats for 3GPP cell identifiers are described in [TS.3GPP.23.003]. Formats for 3GPP cell identifiers are described in [TS.3GPP.23.003].
Bit-level formats for CDMA cell identifiers are described in Bit-level formats for CDMA cell identifiers are described in
[TIA-2000.5]; decimal representations are used. [TIA-2000.5]; decimal representations are used.
MCC and MNC are provided as digit sequences; a leading zero in an MCC MCC and MNC are provided as decimal digit sequences; a leading zero
or MNC is significant. All other values are decimal integers. in an MCC or MNC is significant. All other values are decimal
integers.
<measurements xmlns="urn:ietf:params:xml:ns:geopriv:lm" <measurements xmlns="urn:ietf:params:xml:ns:geopriv:lm"
time="2008-04-29T14:33:58"> time="2008-04-29T14:33:58">
<cellular xmlns="urn:ietf:params:xml:ns:geopriv:lm:cell"> <cellular xmlns="urn:ietf:params:xml:ns:geopriv:lm:cell">
<servingCell> <servingCell>
<mcc>465</mcc><mnc>20</mnc><eucid>80936424</eucid> <mcc>465</mcc><mnc>20</mnc><eucid>80936424</eucid>
</servingCell> </servingCell>
<observedCell> <observedCell>
<mcc>465</mcc><mnc>06</mnc><eucid>10736789</eucid> <mcc>465</mcc><mnc>06</mnc><eucid>10736789</eucid>
</observedCell> </observedCell>
</cellular> </cellular>
</measurements> </measurements>
Long term evolution (LTE) cells are identified by a 28-bit cell Long term evolution (LTE) cells are identified by a 28-bit cell
identifier (eucid). identifier (eucid).
Figure 7: Example LTE Cellular Measurement Figure 7: Example LTE Cellular Measurement
skipping to change at page 20, line 19 skipping to change at page 21, line 31
</observedCell> </observedCell>
</cellular> </cellular>
</measurements> </measurements>
Code division multiple access (CDMA) cells are not identified by Code division multiple access (CDMA) cells are not identified by
PLMN, instead these use a 15-bit system id (sid), a 16-bit network id PLMN, instead these use a 15-bit system id (sid), a 16-bit network id
(nid) and a 16-bit base station id (baseid). (nid) and a 16-bit base station id (baseid).
Figure 10: Example CDMA Cellular Measurement Figure 10: Example CDMA Cellular Measurement
In general a cellular Device will be attached to the cellular network In general, a cellular Device will be attached to the cellular
and so the notion of a serving cell exists. Cellular network also network and so the notion of a serving cell exists. Cellular network
provide overlap between neighbouring sites, so a mobile Device can also provide overlap between neighbouring sites, so a mobile Device
hear more than one cell. The measurement schema supports sending can hear more than one cell. The measurement schema supports sending
both the serving cell and any other cells that the mobile might be both the serving cell and any other cells that the mobile might be
able to hear. In some cases, the Device may simply be listening to able to hear. In some cases, the Device could simply be listening to
cell information without actually attaching to the network, mobiles cell information without actually attaching to the network, mobiles
without a SIM are an example of this. In this case the Device may without a SIM are an example of this. In this case the Device could
simply report cells it can hear without flagging one as a serving report cells it can hear without identifying any particular cell as
cell. An example of this is shown in Figure 11. serving cell. An example of this is shown in Figure 11.
<measurements xmlns="urn:ietf:params:xml:ns:geopriv:lm" <measurements xmlns="urn:ietf:params:xml:ns:geopriv:lm"
time="2008-04-29T14:33:58"> time="2008-04-29T14:33:58">
<cellular xmlns="urn:ietf:params:xml:ns:geopriv:lm:cell"> <cellular xmlns="urn:ietf:params:xml:ns:geopriv:lm:cell">
<observedCell> <observedCell>
<mcc>465</mcc><mnc>20</mnc> <mcc>465</mcc><mnc>20</mnc>
<rnc>2000</rnc><cid>65000</cid> <rnc>2000</rnc><cid>65000</cid>
</observedCell> </observedCell>
<observedCell> <observedCell>
<mcc>465</mcc><mnc>06</mnc> <mcc>465</mcc><mnc>06</mnc>
skipping to change at page 21, line 17 skipping to change at page 22, line 27
network: The network portion of the cell identifier. For 3GPP network: The network portion of the cell identifier. For 3GPP
networks, this is the combination of MCC and MNC; for CDMA, this networks, this is the combination of MCC and MNC; for CDMA, this
is the network identifier. is the network identifier.
Multiple identifier types or networks can be identified by repeating Multiple identifier types or networks can be identified by repeating
either element. either element.
5.5. GNSS Measurements 5.5. GNSS Measurements
GNSS use orbiting satellites to transmit signals. A Device with a A Global Navigation Satellite System (GNSS) uses orbiting satellites
GNSS receiver is able to take measurements from the satellite to transmit signals. A Device with a GNSS receiver is able to take
signals. The results of these measurements can be used to determine measurements from the satellite signals. The results of these
time and the location of the Device. measurements can be used to determine time and the location of the
Device.
Determining location and time in autonomous GNSS receivers follows Determining location and time in autonomous GNSS receivers follows
three steps: three steps:
Signal acquisition: During the signal acquisition stage, the Signal acquisition: During the signal acquisition stage, the
receiver searches for the repeating code that is sent by each GNSS receiver searches for the repeating code that is sent by each GNSS
satellite. Successful operation typically requires measurement satellite. Successful operation typically requires measurement
data for a minimum of 5 satellites. At this stage, measurement data for a minimum of 5 satellites. At this stage, measurement
data is available to the Device. data is available to the Device.
skipping to change at page 23, line 47 skipping to change at page 25, line 12
Both the GPS and Galileo systems use satellite numbers between 1 and Both the GPS and Galileo systems use satellite numbers between 1 and
64. 64.
The GNSS receiver measures the following parameters for each The GNSS receiver measures the following parameters for each
satellite: satellite:
doppler: The observed Doppler shift of the satellite signal, doppler: The observed Doppler shift of the satellite signal,
measured in meters per second. This is converted from a value in measured in meters per second. This is converted from a value in
Hertz by the receiver to allow the measurement to be used without Hertz by the receiver to allow the measurement to be used without
knowledge of the carrier frequency of the satellite system. This knowledge of the carrier frequency of the satellite system. This
value includes an optional RMS error attribute, also measured in value permits the use of RMS error attributes, also measured in
meters per second. meters per second.
codephase: The observed code phase for the satellite signal, codephase: The observed code phase for the satellite signal,
measured in milliseconds. This is converted the system-specific measured in milliseconds. This is converted from the system-
value of chips or wavelengths into a system independent value. specific value of chips or wavelengths into a system independent
value. Larger values indicate larger distances from satellite to
Larger values indicate larger distances from satellite to receiver. This value permits the use of RMS error attributes,
receiver. This value includes an optional RMS error attribute,
also measured in milliseconds. also measured in milliseconds.
cn0: The signal to noise ratio for the satellite signal, measured in cn0: The signal to noise ratio for the satellite signal, measured in
decibel-Hertz (dB-Hz). The expected range is between 20 and 50 decibel-Hertz (dB-Hz). The expected range is between 20 and 50
dB-Hz. dB-Hz.
mp: An estimation of the amount of error that multipath signals mp: An estimation of the amount of error that multipath signals
contribute in metres. This parameter is optional. contribute in meters. This parameter MAY be omitted.
cq: An indication of the carrier quality. Two attributes are cq: An indication of the carrier quality. Two attributes are
included: "continuous" may be either "true" or "false"; direct may included: "continuous" can be either "true" or "false"; direct can
be either "direct" or "inverted". This parameter is optional. be either "direct" or "inverted". This parameter MAY be omitted.
adr: The accumulated Doppler range, measured in metres. This adr: The accumulated Doppler range, measured in meters. This
parameter is optional and is not useful unless multiple sets of parameter MAY be omitted and is not useful unless multiple sets of
GNSS measurements are provided or differential positioning is GNSS measurements are provided or differential positioning is
being performed. being performed.
All values are converted from measures native to the satellite system All values are converted from measures native to the satellite system
to generic measures to ensure consistency of interpretation. Unless to generic measures to ensure consistency of interpretation. Unless
necessary, the schema does not constrain these values. necessary, the schema does not constrain these values.
5.5.4. GNSS Measurement Requests 5.5.4. GNSS Measurement Requests
Measurement requests can include a "gnss" element, which includes the Measurement requests can include a "gnss" element, which includes the
skipping to change at page 25, line 32 skipping to change at page 27, line 4
<src>192.0.2.10</src> <src>192.0.2.10</src>
<dest>192.0.2.61</dest> <dest>192.0.2.61</dest>
<session>528</session> <session>528</session>
</l2tp> </l2tp>
</dsl> </dsl>
</measurements> </measurements>
Figure 13: Example DSL L2TP Measurement Figure 13: Example DSL L2TP Measurement
5.6.2. RADIUS Measurements 5.6.2. RADIUS Measurements
When authenticating network access, the infrastructure provider might When authenticating network access, the infrastructure provider might
employ a RADIUS [RFC2865] proxy at the DSL Access Module (DSLAM) or employ a RADIUS [RFC2865] proxy at the DSL Access Module (DSLAM) or
Access Node (AN). These messages provide the ISP RADIUS server with Access Node (AN). These messages provide the ISP RADIUS server with
an identifier for the DSLAM or AN, plus the slot and port that the an identifier for the DSLAM or AN, plus the slot and port that the
Device is attached on. These data can be provided as a measurement, Device is attached to. These data can be provided as a measurement,
which allows the infrastructure provider LIS to generate location which allows the infrastructure provider LIS to generate location
information. information.
The format of the AN, slot and port identifiers are not defined in The format of the AN, slot and port identifiers are not defined in
the RADIUS protocol. Slot and port together identify a circuit on the RADIUS protocol. Slot and port together identify a circuit on
the AN, analogous to the circuit identifier in [RFC3046]. These the AN, analogous to the circuit identifier in [RFC3046]. These
items are provided directly, as they were in the RADIUS message. An items are provided directly, as they were in the RADIUS message. An
example is shown in Figure 14. example is shown in Figure 14.
<measurements xmlns="urn:ietf:params:xml:ns:geopriv:lm" <measurements xmlns="urn:ietf:params:xml:ns:geopriv:lm"
skipping to change at page 27, line 8 skipping to change at page 28, line 26
<vpi>55</vpi> <vpi>55</vpi>
<vci>6323</vci> <vci>6323</vci>
</dsl> </dsl>
</measurements> </measurements>
Figure 16: Example DSL ATM Measurement Figure 16: Example DSL ATM Measurement
6. Privacy Considerations 6. Privacy Considerations
Location-related measurement data can be as privacy sensitive as Location-related measurement data can be as privacy sensitive as
location information. location information [RFC6280].
Measurement data is effectively equivalent to location information if Measurement data is effectively equivalent to location information if
the contextual knowledge necessary to generate one from the other is the contextual knowledge necessary to generate one from the other is
readily accessible. Even where contextual knowledge is difficult to readily accessible. Even where contextual knowledge is difficult to
acquire, there can be no assurance that an authorized recipient of acquire, there can be no assurance that an authorized recipient of
the contextual knowledge is also authorized to receive location the contextual knowledge is also authorized to receive location
information. information.
In order to protect the privacy of the subject of location-related In order to protect the privacy of the subject of location-related
measurement data, this implies that measurement data is protected measurement data, measurement data MUST be protected with the same
with the same degree of protection as location information. degree of protection as location information. The confidentiality
and authentication provided by TLS MUST be used in order to convey
measurement data over HELD [RFC5985]. Other protocols MUST provide
comparable guarantees.
6.1. Measurement Data Privacy Model 6.1. Measurement Data Privacy Model
It is less desirable to distribute measurement data in the same It is not necessary to distribute measurement data in the same
fashion as location information. Measurement data is less useful to fashion as location information. Measurement data is less useful to
location recipients than location information. Therefore, a simple location recipients than location information. A simple distribution
distribution model is desirable. model is described in this document.
In this simple model, the Device is the only entity that is able to In this simple model, the Device is the only entity that is able to
distribute measurement data. To use an analogy from the GEOPRIV distribute measurement data. To use an analogy from the GEOPRIV
architecture, the Device - as the Location Generator (or the architecture, the Device - as the Location Generator, or the
Measurement Data Generator) - is the sole entity that can assume the Measurement Data Generator - is the sole entity that can act for the
roles of Rule Maker and Location Server. role of both Rule Maker and Location Server.
A Device that provides location-related measurement data, MUST only
do so as explicitly authorized by a Rule Maker. This depends on
having an interface that allows Rule Makers (for instance, users or
administrators) to control where and how measurement data is
provided.
No entity is permitted to redistribute measurement data. The Device No entity is permitted to redistribute measurement data. The Device
directs other entities in how measurement data is used and retained. directs other entities in how measurement data is used and retained.
The GEOPRIV model [RFC6280] protects the location of a Target using
direction provided by a Rule Maker. For the purposes of measurement
data distribution, this model relies on the assumptions made in
Section 3 of HELD [RFC5985]. These assumptions effectively declare
the Device to be a proxy for both Target and Rule Maker.
6.2. LIS Privacy Requirements 6.2. LIS Privacy Requirements
A LIS MUST NOT reveal location-related measurement data or location A LIS MUST NOT reveal location-related measurement data to any other
information based on measurement data to any other entity unless entity. A LIS MUST NOT reveal location information based on
directed to do so by the Device. measurement data to any other entity unless directed to do so by the
Device.
By adding measurement data to a request for location information, the By adding measurement data to a request for location information, the
Device implicitly grants permission for the LIS to generate the Device implicitly grants permission for the LIS to generate the
requested location information using the measurement data. requested location information using the measurement data.
Permission to use this data for any other purpose is not implied. Permission to use this data for any other purpose is not implied.
As long as measurement data is only used in serving the request that As long as measurement data is only used in serving the request that
contains it, rules regarding data retention are not necessary. A LIS contains it, rules regarding data retention are not necessary. A LIS
MUST discard location-related measurement data after servicing a MUST discard location-related measurement data after servicing a
request, unless the Device grants permission to use that information request, unless the Device grants permission to use that information
for other purposes. for other purposes.
6.3. Measurement Data and Location URIs 6.3. Measurement Data and Location URIs
A LIS MAY use measurement data provided by the Device to serve A LIS MAY use measurement data provided by the Device to serve
requests to location URIs, if the Device permits it. A Device requests to location URIs, if the Device permits it. A Device
permits this by including measurement data in a request that permits this by including measurement data in a request that
explicitly requests a location URI. By requesting a location URI, explicitly requests a location URI. By requesting a location URI,
the Device grants permission for the LIS to use the measurement data the Device grants permission for the LIS to use the measurement data
in serving requests to that URI. in serving requests to that location URI. The LIS cannot provide
location recipients with measurement data, as defined in Section 6.1.
Note: In HELD, the "any" type is not an explicit request for a Note: In HELD, the "any" type is not an explicit request for a
location URI, though a location URI might be provided. location URI, though a location URI might be provided.
The usefulness of measurement data that is provided in this fashion The usefulness of measurement data that is provided in this fashion
is limited. The measurement data is only valid at the time that it is limited. The measurement data is only valid at the time that it
was acquired by the Device. At the time that a request is made to a was acquired by the Device. At the time that a request is made to a
location URI, the Device might have moved, rendering the measurement location URI, the Device might have moved, rendering the measurement
data incorrect. data incorrect.
A Device is able to explicitly limit the time that a LIS retains A Device is able to explicitly limit the time that a LIS retains
measurement data by adding an expiry time to the measurement data, measurement data by adding an expiry time to the measurement data. A
see Section 4.1.2. LIS MUST NOT retain location-related measurement data in memory,
storage or logs beyond the time indicated in the "expires" attribute
(Section 4.1.2). A LIS MUST NOT retain measurement data if the
"expires" attribute is absent.
6.4. Third-Party-Provided Measurement Data 6.4. Third-Party-Provided Measurement Data
An authorized third-party request for the location of a Device (see An authorized third-party request for the location of a Device (see
[RFC6155]) can include location-related measurement data. This is [RFC6155]) can include location-related measurement data. This is
possible where the third-party is able to make observations about the possible where the third-party is able to make observations about the
Device. Device.
A third-party that provides measurement data MUST be authorized to A third-party that provides measurement data MUST be authorized to
provide the specific measurement for the identified device. A third- provide the specific measurement for the identified device. A third-
skipping to change at page 29, line 11 skipping to change at page 30, line 48
Use of location-related measurement data has privacy considerations Use of location-related measurement data has privacy considerations
that are discussed in Section 6. that are discussed in Section 6.
7.1. Threat Model 7.1. Threat Model
The threat model for location-related measurement data concentrates The threat model for location-related measurement data concentrates
on the Device providing falsified, stolen or incorrect measurement on the Device providing falsified, stolen or incorrect measurement
data. data.
A Device that provides location location-related measurement data A Device that provides location-related measurement data might use
might use data to: data to:
o acquire the location of another Device, without authorization; o acquire the location of another Device, without authorization;
o extract information about network topology; or o extract information about network topology; or
o coerce the LIS into providing falsified location information based o coerce the LIS into providing falsified location information based
on the measurement data. on the measurement data.
Location-related measurement data describes the physical environment Location-related measurement data describes the physical environment
or network attachment of a Device. A third party adversary in the or network attachment of a Device. A third party adversary in the
proximity of the Device might be able to alter the physical proximity of the Device might be able to alter the physical
environment such that the Device provides measurement data that is environment such that the Device provides measurement data that is
controlled by the third party. This might be used to indirectly controlled by the third party. This might be used to indirectly
skipping to change at page 30, line 28 skipping to change at page 32, line 16
know the location of the target in order to determine what know the location of the target in order to determine what
measurements to use. This attack is meaningless for types of measurements to use. This attack is meaningless for types of
measurement data that require that the attacker first know the measurement data that require that the attacker first know the
location of the target before measurement data can be acquired or location of the target before measurement data can be acquired or
fabricated. GNSS measurements (Section 5.5) share this trait with fabricated. GNSS measurements (Section 5.5) share this trait with
many wireless location determination methods. many wireless location determination methods.
7.1.2. Extracting Network Topology Data 7.1.2. Extracting Network Topology Data
Allowing requests with measurements might be used to collect Allowing requests with measurements might be used to collect
information about a network topology. This is possible if requests information about network topology.
containing measurements are permitted.
Network topology can be considered sensitive information by a network Network topology can be considered sensitive information by a network
operator for commercial or security reasons. While it is impossible operator for commercial or security reasons. While it is impossible
to completely prevent a Device from acquiring some knowledge of to completely prevent a Device from acquiring some knowledge of
network topology if a location service is provided, a network network topology if a location service is provided, a network
operator might desire to limit how much of this information is made operator might desire to limit how much of this information is made
available. available.
Mapping a network topology does not require that an attacker be able Mapping a network topology does not require that an attacker be able
to associate measurement data with a particular Device. If a to associate measurement data with a particular Device. If a
requester is able to try a number of measurements, it is possible to requester is able to try a number of measurements, it is possible to
acquire information about network topology. acquire information about network topology.
It is not even necessary that the measurements are valid; random It is not even necessary that the measurements are valid; random
guesses are sufficient, provided that there is no penalty or cost guesses are sufficient, provided that there is no penalty or cost
associated with attempting to use the measurements. associated with attempting to use the measurements.
7.1.3. Lying By Proxy 7.1.3. Exposing Network Topology Data
A Device could reveal information about a network to entities outside
of that network if it provides location measurement data to a LIS
that is outside of that network. With the exception of GNSS
measurements, the measurements in this document provide information
about an access network that could reveal topology information to an
unauthorized recipient.
A Device MUST NOT provide information about network topology without
a clear signal that the recipient is authorized. A LIS that is
discovered using DHCP as described in LIS discovery [RFC5986] can be
considered to be authorized to receive information about the access
network.
7.1.4. Lying By Proxy
Location information is a function of its inputs, which includes Location information is a function of its inputs, which includes
measurement data. Thus, falsified measurement data can be used to measurement data. Thus, falsified measurement data can be used to
alter the location information that is provided by a LIS. alter the location information that is provided by a LIS.
Some types of measurement data are relatively easy to falsify in a Some types of measurement data are relatively easy to falsify in a
way that the resulting location information to be selected with way that causes the resulting location information to be selected
little or no error. For instance, GNSS measurements are easy to use with little or no error. For instance, GNSS measurements are easy to
for this purpose because all the contextual information necessary to use for this purpose because all the contextual information necessary
calculate a position using measurements is broadcast by the to calculate a position using measurements is broadcast by the
satellites [HARPER]. satellites [HARPER].
An attacker that falsifies measurement data gains little if they are An attacker that falsifies measurement data gains little if they are
the only recipients of the result. The attacker knows that the the only recipients of the result. The attacker knows that the
location information is bad. The attacker only gains if the location information is bad. The attacker only gains if the
information can somehow be attributed to the LIS by another location information can somehow be attributed to the LIS by another location
recipient. recipient. By coercing the LIS into providing falsified location
information, any credibility that the LIS might have - that the
A recipient might evaluate the trustworthiness of the location attacker does not - is gained by the attacker.
information based on the credibility of its source. By coercing the
LIS into providing falsified location information, any credibility
that the LIS might have - that the attacker does not - is gained by
the attacker.
A third-party that is reliant on the integrity of the location A third-party that is reliant on the integrity of the location
information might base an evaluation of the credibility of the information might base an evaluation of the credibility of the
information on the source of the information. If that third party is information on the source of the information. If that third party is
able to attribute location information to the LIS, then an attacker able to attribute location information to the LIS, then an attacker
might gain. might gain.
Location information that is provided to the Device without any means Location information that is provided to the Device without any means
to identify the LIS as its source is not subject to this attack. The to identify the LIS as its source is not subject to this attack. The
Device is identified as the source of the data when it distributes Device is identified as the source of the data when it distributes
the location information to location recipients. the location information to location recipients.
An attacker gains if they are able to coerce the LIS into providing
location information based on falsified measurement data and that
information can be attributed to the LIS.
Location information is attributed to the LIS either through the use Location information is attributed to the LIS either through the use
of digital signatures or by having the location recipient directly of digital signatures or by having the location recipient directly
interact with the LIS. A LIS that digitally signs location interact with the LIS. A LIS that digitally signs location
information becomes identifiable as the source of the data. information becomes identifiable as the source of the data.
Similarly, the LIS is identified as a source of data if a location Similarly, the LIS is identified as a source of data if a location
recipient acquires information directly from a LIS using a location recipient acquires information directly from a LIS using a location
URI. URI.
7.1.4. Measurement Replay 7.1.5. Measurement Replay
The value of some measured properties do not change over time for a The value of some measured properties do not change over time for a
single location. This allows for simple replay attacks, where an single location. For properties of a network, time-invariance is
attacker acquires measurements that can later be used without being often directly as a result of the practicalities of operating the
detected as being invalid. network. Limiting the changes to a network ensures greater
consistency of service. A largely static network also greatly
simplifies the data management tasks involved with providing a
location service. However, time invariant properties allow for
simple replay attacks, where an attacker acquires measurements that
can later be used without being detected as being invalid.
Measurement data is frequently an observation of an time-invariant Measurement data is frequently an observation of an time-invariant
property of the environment at the subject location. For property of the environment at the subject location. For
measurements of this nature, nothing in the measurement itself is measurements of this nature, nothing in the measurement itself is
sufficient proof that the Device is present at the resulting sufficient proof that the Device is present at the resulting
location. Measurement data might have been previously acquired and location. Measurement data might have been previously acquired and
reused. reused.
For instance, the identity of a radio transmitter, if broadcast by For instance, the identity of a radio transmitter, if broadcast by
that transmitter, can be collected and stored. An attacker that that transmitter, can be collected and stored. An attacker that
wishes it known that they exist at a particular location, can claim wishes it known that they exist at a particular location, can claim
to observe this transmitter at any time. Nothing inherent in the to observe this transmitter at any time. Nothing inherent in the
claim reveals it to be false. claim reveals it to be false.
For properties of a network, time-invariance is often directly as a 7.1.6. Environment Spoofing
result of the practicalities of operating the network. Limiting the
changes to a network ensures greater consistency of service. A
largely static network also greatly simplifies the data management
tasks involved with providing a location service.
7.1.5. Environment Spoofing
Some types of measurement data can be altered or influenced by a Some types of measurement data can be altered or influenced by a
third party so that a Device. If it is possible for a third party to third party so that a Device unwittingly provides falsified data. If
alter the measured phenomenon, then any location information that is it is possible for a third party to alter the measured phenomenon,
derived from this data can be indirectly influenced. then any location information that is derived from this data can be
indirectly influenced.
Altering the environment in this fashion might not require Altering the environment in this fashion might not require
involvement with either Device or LIS. Measurement that is passive - involvement with either Device or LIS. Measurement that is passive -
where the Device observes a signal or other phenomenon without direct where the Device observes a signal or other phenomenon without direct
interaction - are most susceptible to alteration by third parties. interaction - are most susceptible to alteration by third parties.
Measurement of radio signal characteristics is especially vulnerable Measurement of radio signal characteristics is especially vulnerable
since an adversary need only be in the general vicinity of the Device since an adversary need only be in the general vicinity of the Device
and be able to transmit a signal. For instance, a GNSS spoofer is and be able to transmit a signal. For instance, a GNSS spoofer is
able to produce fake signals that claim to be transmitted by any able to produce fake signals that claim to be transmitted by any
skipping to change at page 33, line 14 skipping to change at page 35, line 21
and amplifying the raw signal; it is not necessary for the attacker and amplifying the raw signal; it is not necessary for the attacker
to be able to understand the signal content. to be able to understand the signal content.
Note: This particular "attack" is more often completely legitimate. Note: This particular "attack" is more often completely legitimate.
Radio repeaters are commonplace mechanism used to increase radio Radio repeaters are commonplace mechanism used to increase radio
coverage. coverage.
Attacks that rely on altering the observed environment of a Device Attacks that rely on altering the observed environment of a Device
require countermeasures that affect the measurement process. For require countermeasures that affect the measurement process. For
radio signals, countermeasures could include the use of authenticated radio signals, countermeasures could include the use of authenticated
signals, altered receiver design. In general, countermeasures are signals, or altered receiver design. In general, countermeasures are
highly specific to the individual measurement process. An exhaustive highly specific to the individual measurement process. An exhaustive
discussion of these issues is left to the relevant literature for discussion of these issues is left to the relevant literature for
each measurement technology. each measurement technology.
A Device that provides measurement data is assumed to be responsible A Device that provides measurement data is assumed to be responsible
for applying appropriate countermeasures against this type of attack. for applying appropriate countermeasures against this type of attack.
For a Device that is the ultimate recipient of location information Where a Device is the sole recipient of location information derived
derived from measurement data, a LIS might choose to provide location from measurement data, a LIS might choose to provide location
information without any validation. The responsibility for ensuring information without any validation. The responsibility for ensuring
the veracity of the measurement data lies with the Device. the veracity of the measurement data lies with the Device.
Measurement data that is susceptible to this sort of influence MUST Measurement data that is susceptible to this sort of influence SHOULD
be treated as though it were produced by an untrusted Device for be treated as though it were produced by an untrusted Device for
those cases where a location recipient might attribute the location those cases where a location recipient might attribute the location
information to the LIS. Such measurement data MUST be subjected to information to the LIS. GNSS measurements and radio signal strength
the same validation as for other types of attacks that rely on measurements can be affected relatively cheaply, though almost all
measurement falsification. other measurement types can be affected with varying costs to an
attacker, with the largest cost often being a requirement for
physical access. To the extent that it is feasible, measurement data
SHOULD be subjected to the same validation as for other types of
attacks that rely on measurement falsification.
Note: Altered measurement data might be provided by a Device that Note: Altered measurement data might be provided by a Device that
has no knowledge of the alteration. Thus, an otherwise trusted has no knowledge of the alteration. Thus, an otherwise trusted
Device might still be an unreliable source of measurement data. Device might still be an unreliable source of measurement data.
7.2. Mitigation 7.2. Mitigation
The following measures can be applied to limit or prevent attacks. The following measures can be applied to limit or prevent attacks.
The effectiveness of each depends on the type of measurement data and The effectiveness of each depends on the type of measurement data and
how that measurement data is acquired. how that measurement data is acquired.
Two general approaches are identified for dealing with untrusted Two general approaches are identified for dealing with untrusted
measurement data: measurement data:
1. Require independent validation of measurement data or the 1. Require independent validation of measurement data or the
location information that is produced. location information that is produced.
skipping to change at page 34, line 10 skipping to change at page 36, line 22
location information that is produced. location information that is produced.
2. Identify the types of sources that provided the measurement data 2. Identify the types of sources that provided the measurement data
that location information was derived from. that location information was derived from.
This section goes into more detail on the different forms of This section goes into more detail on the different forms of
validation in Section 7.2.1, Section 7.2.2, and Section 7.2.3. The validation in Section 7.2.1, Section 7.2.2, and Section 7.2.3. The
impact of attributing location information to sources is discussed in impact of attributing location information to sources is discussed in
more detail in Section 7.2.4. more detail in Section 7.2.4.
Any costs in validation are balanced against the degree of integrity
desired from the resulting location information.
7.2.1. Measurement Validation 7.2.1. Measurement Validation
Detecting that measurement data has been falsified is difficult in Detecting that measurement data has been falsified is difficult in
the absence of integrity mechanisms. the absence of integrity mechanisms.
Independent confirmation of the veracity of measurement data ensures Independent confirmation of the veracity of measurement data ensures
that the measurement is accurate and that it applies to the correct that the measurement is accurate and that it applies to the correct
Device. By gathering the same measurement data from a trusted and Device. When it's possible to gathering the same measurement data
independent source, the LIS is able to check that the measurement from a trusted and independent source without undue expense, the LIS
data is correct. can use the trusted data in place of what the untrusted Device has
sent. In cases where that is impractical, the untrusted data can
provide hints that allow corroboration of the data (see
Section 7.2.1.1).
Measurement information might contain no inherent indication that it Measurement information might contain no inherent indication that it
is falsified. On the contrary, it can be difficult to obtain is falsified. On the contrary, it can be difficult to obtain
information that would provide any degree of assurance that the information that would provide any degree of assurance that the
measurement device is physically at any particular location. measurement device is physically at any particular location.
Measurements that are difficult to verify require other forms of Measurements that are difficult to verify require other forms of
assurance before they can be used. assurance before they can be used.
7.2.1.1. Effectiveness 7.2.1.1. Effectiveness
skipping to change at page 34, line 44 skipping to change at page 37, line 14
Validation of measurement data can be significantly more effective Validation of measurement data can be significantly more effective
than independent acquisition of the same. For instance, a Device in than independent acquisition of the same. For instance, a Device in
a large Ethernet network could provide a measurement indicating its a large Ethernet network could provide a measurement indicating its
point of attachment using LLDP measurements. For a LIS, acquiring point of attachment using LLDP measurements. For a LIS, acquiring
the same measurement data might require a request to all switches in the same measurement data might require a request to all switches in
that network. With the measurement data, validation can target the that network. With the measurement data, validation can target the
identified switch with a specific query. identified switch with a specific query.
Validation is effective in identifying falsified measurement data Validation is effective in identifying falsified measurement data
(Section 7.1.3), including attacks involving replay of measurement (Section 7.1.4), including attacks involving replay of measurement
data (Section 7.1.4). Validation also limits the amount of network data (Section 7.1.5). Validation also limits the amount of network
topology information (Section 7.1.2) made available to Devices to topology information (Section 7.1.2) made available to Devices to
that portion of the network topology that they are directly attached. that portion of the network topology that they are directly attached.
Measurement validation has no effect if the underlying effect is Measurement validation has no effect if the underlying effect is
being spoofed (Section 7.1.5). being spoofed (Section 7.1.6).
7.2.1.2. Limitations (Unique Observer) 7.2.1.2. Limitations (Unique Observer)
A Device is often in a unique position to make a measurement. It A Device is often in a unique position to make a measurement. It
alone occupies the point in space-time that the location alone occupies the point in space-time that the location
determination process seeks to determine. The Device becomes a determination process seeks to determine. The Device becomes a
unique observer for a particular property. unique observer for a particular property.
The ability of the Device to become a unique observer makes the The ability of the Device to become a unique observer makes the
Device invaluable to the location determination process. As a unique Device invaluable to the location determination process. As a unique
skipping to change at page 36, line 50 skipping to change at page 39, line 20
radius uncertainty region. An untrusted location that describes a radius uncertainty region. An untrusted location that describes a
100 meter uncertainty within the larger region might be accepted as 100 meter uncertainty within the larger region might be accepted as
more accurate. An attacker might still falsify measurement data to more accurate. An attacker might still falsify measurement data to
select any location within the larger uncertainty region. While the select any location within the larger uncertainty region. While the
100 meter uncertainty that is reported seems more accurate, a 100 meter uncertainty that is reported seems more accurate, a
falsified location could be anywhere in the five kilometer region. falsified location could be anywhere in the five kilometer region.
Where measurement data might have been falsified, the actual Where measurement data might have been falsified, the actual
uncertainty is effectively much higher. Local policy might allow uncertainty is effectively much higher. Local policy might allow
differing degrees of trust to location information derived from differing degrees of trust to location information derived from
untrusted measurement data. This might not be a boolean operation untrusted measurement data. This might be a boolean operation with
with only two possible outcomes: untrusted location information might only two possible outcomes: untrusted location information might be
be used entirely or not at all, or it could be combined with trusted used entirely or not at all. Alternatively, untrusted location could
location information with the degree to which each contributes based be combined with trusted location information using different
on a value set in local policy. weightings, based on a value set in local policy.
7.2.3. Supporting Observations 7.2.3. Supporting Observations
Replay attacks using previously acquired measurement data are Replay attacks using previously acquired measurement data are
particularly hard to detect without independent validation. Rather particularly hard to detect without independent validation. Rather
than validate the measurement data directly, supplementary data might than validate the measurement data directly, supplementary data might
be used to validate measurements or the location information derived be used to validate measurements or the location information derived
from those measurements. from those measurements.
These supporting observations could be used to convey information These supporting observations could be used to convey information
skipping to change at page 38, line 4 skipping to change at page 40, line 23
independent validation of one or more properties. Applicability of independent validation of one or more properties. Applicability of
each method is similar. each method is similar.
Use of supporting observations can be used to limit or prevent all of Use of supporting observations can be used to limit or prevent all of
the attacks identified in this document. the attacks identified in this document.
7.2.3.2. Limitations 7.2.3.2. Limitations
The effectiveness of the validation method depends on the quality of The effectiveness of the validation method depends on the quality of
the supporting observation: how hard it is to obtain at a different the supporting observation: how hard it is to obtain at a different
time or place, how difficult it is to guess and what other costs time or place, how difficult it is to guess, and what other costs
might be involved in acquiring this data. might be involved in acquiring this data.
In the example of an observed radio signal, requesting a sample of In the example of an observed radio signal, requesting a sample of
the signal only provides an assurance that the Device is able to the signal only provides an assurance that the Device is able to
receive the signal transmitted by the measured radio transmitter. receive the signal transmitted by the measured radio transmitter.
This only provides some assurance that the Device is within range of This only provides some assurance that the Device is within range of
the transmitter. the transmitter.
As with location validation, a Device might still be able to provide As with location validation, a Device might still be able to provide
falsified measurements that could alter the value of the location falsified measurements that could alter the value of the location
information as long as the result is within this region. information as long as the result is within this region.
Requesting additional supporting observations can reduce the size of Requesting additional supporting observations can reduce the size of
the region over which location information can be altered by an the region over which location information can be altered by an
attacker, or increase trust in the result, but each additional has a attacker, or increase trust in the result, but each additional
cost. Supporting observations contribute little or nothing toward measurement imposes an acquisition cost. Supporting observations
the primary goal of determining the location of the Device. Any contribute little or nothing toward the primary goal of determining
costs in acquiring supporting observations are balanced against the the location of the Device.
degree of integrity desired of the resulting location information.
7.2.4. Attribution 7.2.4. Attribution
Lying by proxy (Section 7.1.3) relies on the location recipient being Lying by proxy (Section 7.1.4) relies on the location recipient being
able to attribute location information to a LIS. The effectiveness able to attribute location information to a LIS. The effectiveness
of this attack is negated if location information is explicitly of this attack is negated if location information is explicitly
attributed to a particular source. attributed to a particular source.
This requires an extension to the location object that explicitly This requires an extension to the location object that explicitly
identifies the source (or sources) of each item of location identifies the source (or sources) of each item of location
information. information.
Rather than relying on a process that seeks to ensure that location Rather than relying on a process that seeks to ensure that location
information is accurate, this approach instead provides a location information is accurate, this approach instead provides a location
recipient with the information necessary to reach their own recipient with the information necessary to reach their own
conclusion about the trustworthiness of the location information. conclusion about the trustworthiness of the location information.
Including an authenticated identity for all sources of measurement Including an authenticated identity for all sources of measurement
data is presents a number of technical and operational challenges. data presents a number of technical and operational challenges. It
It is possible that the LIS has a transient relationship with a is possible that the LIS has a transient relationship with a Device.
Device. A Device is not expected to share authentication information A Device is not expected to share authentication information with a
with a LIS. There is no assurance that Device identification is LIS. There is no assurance that Device identification is usable by a
usable by a potential location recipient. Privacy concerns might potential location recipient. Privacy concerns might also prevent
also prevent the sharing identification information, even if it were the sharing identification information, even if it were available and
available and usable. usable.
Identifying the type of measurement source allows a location Identifying the type of measurement source allows a location
recipient to make a decision about the trustworthiness of location recipient to make a decision about the trustworthiness of location
information without depending on having authenticated identity information without depending on having authenticated identity
information for each source. An element for this purpose is defined information for each source. An element for this purpose is defined
in Section 4.4. in Section 4.4.
When including location information that is based on measurement data When including location information that is based on measurement data
from sources that might be untrusted, a LIS SHOULD include from sources that might be untrusted, a LIS SHOULD include
alternative location information that is derived from trusted sources alternative location information that is derived from trusted sources
skipping to change at page 39, line 28 skipping to change at page 41, line 49
about trustworthiness based on the source of the data. about trustworthiness based on the source of the data.
A location recipient that does not understand the "source" element is A location recipient that does not understand the "source" element is
unable to make this distinction. When constructing a PIDF-LO unable to make this distinction. When constructing a PIDF-LO
document, trusted location information MUST be placed in the PIDF-LO document, trusted location information MUST be placed in the PIDF-LO
so that it is given higher priority to any untrusted location so that it is given higher priority to any untrusted location
information according to Rule #8 of [RFC5491]. information according to Rule #8 of [RFC5491].
Attribution of information does nothing to address attacks that alter Attribution of information does nothing to address attacks that alter
the observed parameters that are used in location determination the observed parameters that are used in location determination
(Section 7.1.5). (Section 7.1.6).
7.2.5. Stateful Correlation of Location Requests 7.2.5. Stateful Correlation of Location Requests
Stateful examination of requests can be used to prevent a Device from Stateful examination of requests can be used to prevent a Device from
attempting to map network topology using requests for location attempting to map network topology using requests for location
information (Section 7.1.2). information (Section 7.1.2).
Simply limiting the rate of requests from a single Device reduces the Simply limiting the rate of requests from a single Device reduces the
amount of data that a Device can acquire about network topology. amount of data that a Device can acquire about network topology. A
LIS could also make observations about the movements of a Device. A
Device that is attempting to gather topology information is likely to
be assigned a location that changes significantly between subsequent
requests, possibly violating physical laws (or lower limits that
might still be unlikely) with respect to speed and acceleration.
7.3. An Unauthorized or Compromised LIS
A compromised LIS, or a compromise in LIS discovery [RFC5986] could
lead to an unathorized entity obtaining measurement data. This
information could then be used or redistributed. A Device MUST
ensure that it authenticate a LIS, as described in Section 9 of
[RFC5985].
An entity that is able to acquire measurement data can, in addition
to using those measurements to learn the location of a Device, also
use that information for other purposes. This information can be
used to provide insight into network topology (Section 7.1.2).
Measurement data might also be exploited in other ways. For example,
revealing the type of 802.11 transceiver that a Device uses could
allow an attacker to use specific vulnerabilities to attack a Device.
Similarly, revealing information about network elements could enable
targeted attacks on that infrastructure.
8. Measurement Schemas 8. Measurement Schemas
The schema are broken up into their respective functions. There is a The schema are broken up into their respective functions. There is a
base container schema into which all measurements are placed, plus base container schema into which all measurements are placed, plus
definitions for a measurement request (Section 8.1). A PIDF-LO definitions for a measurement request (Section 8.1). A PIDF-LO
extension is defined in a separate schema (Section 8.2). There is a extension is defined in a separate schema (Section 8.2). There is a
basic types schema, that contains various base type definitions for basic types schema, that contains various base type definitions for
things such as the "rmsError" and "samples" attributes IPv4, IPv6 and things such as the "rmsError" and "samples" attributes IPv4, IPv6 and
MAC addresses (Section 8.3). Then each of the specific measurement MAC addresses (Section 8.3). Then each of the specific measurement
skipping to change at page 67, line 18 skipping to change at page 70, line 18
Registrant Contact: IETF, GEOPRIV working group, (geopriv@ietf.org), Registrant Contact: IETF, GEOPRIV working group, (geopriv@ietf.org),
Martin Thomson (martin.thomson@commscope.com). Martin Thomson (martin.thomson@commscope.com).
Schema: The XML for this schema can be found in Section 8.9 of this Schema: The XML for this schema can be found in Section 8.9 of this
document. document.
10. Acknowledgements 10. Acknowledgements
Thanks go to Simon Cox for his comments relating to terminology that Thanks go to Simon Cox for his comments relating to terminology that
have helped ensure that this document is aligns with ongoing work in have helped ensure that this document is aligned with ongoing work in
the Open Geospatial Consortium (OGC). Thanks to Neil Harper for his the Open Geospatial Consortium (OGC). Thanks to Neil Harper for his
review and comments on the GNSS sections of this document. Thanks to review and comments on the GNSS sections of this document. Thanks to
Noor-E-Gagan Singh, Gabor Bajko, Russell Priebe, and Khalid Al-Mufti Noor-E-Gagan Singh, Gabor Bajko, Russell Priebe, and Khalid Al-Mufti
for their significant input to and suggestions for improving the for their significant input to and suggestions for improving the
802.11 measurements. Thanks to Cullen Jennings for feedback and 802.11 measurements. Thanks to Cullen Jennings for feedback and
suggestions. Bernard Aboba provided review and feedback on a range suggestions. Bernard Aboba provided review and feedback on a range
of measurement data definitions. Mary Barnes and Geoff Thompson of measurement data definitions. Mary Barnes and Geoff Thompson
provided a review and corrections. David Waitzman and John Bressler provided a review and corrections. David Waitzman and John Bressler
both noted shortcomings with 802.11 measurements. Keith Drage, both noted shortcomings with 802.11 measurements. Keith Drage,
Darren Pawson provided expert LTE knowledge. Darren Pawson provided expert LTE knowledge.
skipping to change at page 67, line 49 skipping to change at page 70, line 49
ICD GPS-200, Apr 2000. ICD GPS-200, Apr 2000.
[Galileo.ICD] [Galileo.ICD]
GJU, "Galileo Open Service Signal In Space Interface GJU, "Galileo Open Service Signal In Space Interface
Control Document (SIS ICD)", May 2006. Control Document (SIS ICD)", May 2006.
[IANA.enterprise] [IANA.enterprise]
IANA, "Private Enterprise Numbers", 2011, IANA, "Private Enterprise Numbers", 2011,
<http://www.iana.org/assignments/enterprise-numbers>. <http://www.iana.org/assignments/enterprise-numbers>.
[IEEE.80211V]
IEEE, "Wireless LAN Medium Access Control (MAC) and
Physical Layer (PHY) specifications - IEEE 802.11 Wireless
Network Management (Draft)", P802.11v D12.0, June 2010.
[IEEE.80211] [IEEE.80211]
IEEE, "Wireless LAN Medium Access Control (MAC) and IEEE, "Wireless LAN Medium Access Control (MAC) and
Physical Layer (PHY) specifications - IEEE 802.11 Wireless Physical Layer (PHY) specifications", IEEE Std
Network Management", IEEE Std 802.11-2007, June 2007. 802.11-2012, March 2012.
[IEEE.8021AB] [IEEE.8021AB]
IEEE, "IEEE Standard for Local and Metropolitan area IEEE, "IEEE Standard for Local and Metropolitan area
networks, Station and Media Access Control Connectivity networks, Station and Media Access Control Connectivity
Discovery", IEEE Std 802.1AB-2009, September 2009. Discovery", IEEE Std 802.1AB-2009, September 2009.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3046] Patrick, M., "DHCP Relay Agent Information Option", RFC [RFC3046] Patrick, M., "DHCP Relay Agent Information Option", RFC
3046, January 2001. 3046, January 2001.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
and M. Carney, "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
10646", STD 63, RFC 3629, November 2003. 10646", STD 63, RFC 3629, November 2003.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66, RFC Resource Identifier (URI): Generic Syntax", STD 66, RFC
3986, January 2005. 3986, January 2005.
[RFC3993] Johnson, R., Palaniappan, T., and M. Stapp, "Subscriber-ID [RFC3993] Johnson, R., Palaniappan, T., and M. Stapp, "Subscriber-ID
Suboption for the Dynamic Host Configuration Protocol Suboption for the Dynamic Host Configuration Protocol
(DHCP) Relay Agent Option", RFC 3993, March 2005. (DHCP) Relay Agent Option", RFC 3993, March 2005.
skipping to change at page 69, line 10 skipping to change at page 72, line 5
[RFC4649] Volz, B., "Dynamic Host Configuration Protocol for IPv6 [RFC4649] Volz, B., "Dynamic Host Configuration Protocol for IPv6
(DHCPv6) Relay Agent Remote-ID Option", RFC 4649, August (DHCPv6) Relay Agent Remote-ID Option", RFC 4649, August
2006. 2006.
[RFC5491] Winterbottom, J., Thomson, M., and H. Tschofenig, "GEOPRIV [RFC5491] Winterbottom, J., Thomson, M., and H. Tschofenig, "GEOPRIV
Presence Information Data Format Location Object (PIDF-LO) Presence Information Data Format Location Object (PIDF-LO)
Usage Clarification, Considerations, and Recommendations", Usage Clarification, Considerations, and Recommendations",
RFC 5491, March 2009. RFC 5491, March 2009.
[RFC5952] Kawamura, S. and M. Kawashima, "A Recommendation for IPv6
Address Text Representation", RFC 5952, August 2010.
[RFC5985] Barnes, M., "HTTP-Enabled Location Delivery (HELD)", RFC [RFC5985] Barnes, M., "HTTP-Enabled Location Delivery (HELD)", RFC
5985, September 2010. 5985, September 2010.
[RFC5986] Thomson, M. and J. Winterbottom, "Discovering the Local
Location Information Server (LIS)", RFC 5986, September
2010.
[TIA-2000.5] [TIA-2000.5]
TIA/EIA, "Upper Layer (Layer 3) Signaling Standard for TIA/EIA, "Upper Layer (Layer 3) Signaling Standard for
cdma2000(R) Spread Spectrum Systems", TIA-2000.5-D, March cdma2000(R) Spread Spectrum Systems", TIA-2000.5-D, March
2004. 2004.
[TS.3GPP.23.003] [TS.3GPP.23.003]
3GPP, "Numbering, addressing and identification", 3GPP TS 3GPP, "Numbering, addressing and identification", 3GPP TS
23.003 9.4.0, September 2010. 23.003 9.4.0, September 2010.
11.2. Informative References 11.2. Informative References
skipping to change at page 70, line 23 skipping to change at page 73, line 23
J. Polk, "Geopriv Requirements", RFC 3693, February 2004. J. Polk, "Geopriv Requirements", RFC 3693, February 2004.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226, IANA Considerations Section in RFCs", BCP 26, RFC 5226,
May 2008. May 2008.
[RFC6155] Winterbottom, J., Thomson, M., Tschofenig, H., and R. [RFC6155] Winterbottom, J., Thomson, M., Tschofenig, H., and R.
Barnes, "Use of Device Identity in HTTP-Enabled Location Barnes, "Use of Device Identity in HTTP-Enabled Location
Delivery (HELD)", RFC 6155, March 2011. Delivery (HELD)", RFC 6155, March 2011.
[RFC6280] Barnes, R., Lepinski, M., Cooper, A., Morris, J.,
Tschofenig, H., and H. Schulzrinne, "An Architecture for
Location and Location Privacy in Internet Applications",
BCP 160, RFC 6280, July 2011.
Authors' Addresses Authors' Addresses
Martin Thomson Martin Thomson
Microsoft Microsoft
3210 Porter Drive 3210 Porter Drive
Palo Alto, CA 94304 Palo Alto, CA 94304
US US
Phone: +1 650-353-1925 Phone: +1 650-353-1925
Email: martin.thomson@skype.net Email: martin.thomson@skype.net
James Winterbottom James Winterbottom
Commscope Unaffiliated
Andrew Building (39)
University of Wollongong
Northfields Avenue
NSW 2522
AU AU
Phone: +61 2 4221 2938 Email: a.james.winterbottom@gmail.com
Email: james.winterbottom@commscope.com
 End of changes. 129 change blocks. 
344 lines changed or deleted 441 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/