GEOPRIV WG                                                M. Barnes, Ed.
Internet-Draft                                                    Nortel
Intended status: Standards Track
Expires: December January 10, 2008

                                                            July 9, 2007

                                                            June 7, 2007

                 HTTP Enabled Location Delivery (HELD)

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at

   The list of Internet-Draft Shadow Directories can be accessed at

   This Internet-Draft will expire on December 9, 2007. January 10, 2008.

Copyright Notice

   Copyright (C) The IETF Trust (2007).


   A Layer 7 Location Configuration Protocol (L7 LCP) is described that
   is used for retrieving location information from a server within an
   access network.  The protocol includes options for retrieving
   location information either by-value or by-reference.  The protocol
   supports mobile and nomadic devices through Location URIs.  The
   protocol is an application-layer protocol that is independent of
   session-layer; an HTTP, web services binding is specified.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  4
   2.  Conventions  . . . . . . . . . . . . . . . . . . . . . . . . .  4
   3.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  4
   4.  Overview and Scope . . . . . . . . . . . . . . . . . . . . . .  6
   5.  Protocol Overview  . . . . . . . . . . . . . . . . . . . . . .  8
   6.  Protocol Description . . . . . . . . . . . . . . . . . . . . .  9
     6.1.  Protocol Binding . . . . . . . . . . . . . . . . . . . . .  9
     6.2.  Location Request . . . . . . . . . . . . . . . . . . . . .  9 10
     6.3.  Held  Location Response  . . . . . . . . . . . . . . . . . . . . . . 10
     6.4.  Indicating Errors  . . . . . . . . . . . . . . . . . . . . 10
   7.  Protocol Parameters  . . . . . . . . . . . . . . . . . . . . . 10 11
     7.1.  "responseTime" Parameter . . . . . . . . . . . . . . . . . 11
     7.2.  "locationType" Parameter . . . . . . . . . . . . . . . . . 11 12
       7.2.1.  "exact" Parameter Attribute  . . . . . . . . . . . . . . . . . . 12
     7.3.  "options" Parameter  . . . . . . . . . . . . . . . . . . . 13
     7.4.  "code" Parameter . . . . . . . . . . . . . . . . . . . . . 13
     7.4.  "message" Parameter  . . . . . . . . . . . . . . . . . . . 13
     7.5.  "locationURI" Parameter  . . . . . . . . . . . . . . . . . 14
       7.5.1.  "expires" Parameter  . . . . . . . . . . . . . . . . . 14
   8.  XML Schema . . . . . . . . . . . . . . . . . . . . . . . . . . 14
   9.  HTTP Binding . . . . . . . . . . . . . . . . . . . . . . . . . 18
     9.1.  HTTP Binding WSDL  . . . . . . . . . . . . . . . . . . . . 18 19
   10. Security Considerations  . . . . . . . . . . . . . . . . . . . 20
     10.1. Return Routability . . . . . . . . . . . . . . . . . . . . 20
     10.2. Transaction Layer Security . . . . . . . . . . . . . . . . 21
   11. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
     11.1. Simple HTTP Binding Example Messages . . . . . . . . . . . 21
     11.2. Simple Location Request Example  . . . . . . . . . . . . . 24
     11.3. Location Request Example with options  . . . . . . . . . . 25
     11.4. Location Request Example for Multiple Location Types . . . 27
     11.5. 25
     11.4. Sample LCS  WSDL Document  . . . . . . . . . . . . . . . . 29 26
   12. IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 29 27
     12.1. IANA Registry for HELD Result Codes  . . . . . . . . . . . 29
     12.2. IANA Registry for HELD Location Request Options  . . . . . 30
     12.3. URN Sub-Namespace Registration for
           urn:ietf:params:xml:ns:geopriv:held  . . . . . . . . . . . 30
     12.4. 27
     12.2. XML Schema Registration  . . . . . . . . . . . . . . . . . 31
     12.5. 27
     12.3. URN Sub-Namespace Registration for
           urn:ietf:params:xml:ns:geopriv:held:http . . . . . . . . . 31
     12.6. 27
     12.4. MIME Media Type Registration for 'application/held+xml'  . 32 28
   13. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 33 29
   14. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 33 29
   15. Changes since last Version . . . . . . . . . . . . . . . . . . 29
   16. References . . . . . . . . . . . . . . . . . . . . . . . . . . 33
     15.1. 30
     16.1. Normative References . . . . . . . . . . . . . . . . . . . 33
     15.2. 30
     16.2. Informative References . . . . . . . . . . . . . . . . . . 35 32
   Appendix A.  HELD Compliance to IETF LCP requirements  . . . . . . 35 32
     A.1.  L7-1: Identifier Choice  . . . . . . . . . . . . . . . . . 36 33
     A.2.  L7-2: Mobility Support . . . . . . . . . . . . . . . . . . 36 33
     A.3.  L7-3: Layer 7 and Layer 2/3 Provider Relationship  . . . . 36 33
     A.4.  L7-4: Layer 2 and Layer 3 Provider Relationship  . . . . . 37 34
     A.5.  L7-5: Legacy Device Considerations . . . . . . . . . . . . 37 34
     A.6.  L7-6: VPN Awareness  . . . . . . . . . . . . . . . . . . . 37 35
     A.7.  L7-7: Network Access Authentication  . . . . . . . . . . . 38 35
     A.8.  L7-8: Network Topology Unawareness . . . . . . . . . . . . 38 35
     A.9.  L7-9: Discovery Mechanism  . . . . . . . . . . . . . . . . 38 35
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 39 36
   Intellectual Property and Copyright Statements . . . . . . . . . . 40 37

1.  Introduction

   The location of a Device is information that is useful for a number
   of applications.  The L7 LCP problem statement and requirements
   document [11] provides some scenarios in which a Device might rely on
   its access network to provide the location information, such as such
   as fixed environments (e.g., DSL/Cable), mobile networks and wireless
   access networks.  This document describes a protocol that can be used
   to acquire Location Information (LI) from a service within an access
   network.  The service within an access network is assumed to be
   provided by a Location Configuration Server (LCS), as introduced in
   the L7 LCP problem statement and requirements document.

   This specification identifies two methods for acquiring LI.  Location
   may be retrieved from a Location Configuration Server (LCS) by-value,
   that is, the Device may acquire LI directly. a literal location object describing
   the location of the Device.  Alternatively, the Device may request
   that the LCS provide a location reference in the form of a location
   URI so that or set of location URIs, allowing the Device to distribute its LI can
   be distributed
   by-reference.  Both of these methods are compatible, and both can be
   provided concurrently from the same LCS so that application needs can
   be addressed individually.

   This specification defines an XML-based protocol that enables the
   retrieval of LI from a LCS by a Device.  This protocol can be bound
   to any session-layer protocol, particularly those capable of MIME
   transport; an HTTP binding is included as a minimum requirement.

2.  Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   document are to be interpreted as described in [1].

3.  Terminology

   This document uses the terms (and their acronym forms) Access
   Provider (AP), Location Information (LI), Location Object (LO),
   Device, Target, Location Server (LS), Location Generator (LG),
   Location Recipient (LR), Rule Maker (RM) and Rule Holder (RH) as
   defined in [7].  This document also includes definitions for the
   terms, Civic Location/Address, Geodetic Location, and Location
   Configuration Server, used within this document.  These definitions
   may differ slightly from those used in other GEOPRIV documents, but
   the concepts are the same.

   For convenience, abbreviated versions of RFC 3693 [7] definitions are
   included.  Notes are included following some of the definitions to
   clarify the context in which these terms are used in this document:

   Access Network Provider:  See Access Provider (AP).

   Access Provider (AP):  An organization that provides physical network
      connectivity to its customers or users, e.g., through digital
      subscriber lines, cable TV plants, Ethernet, leased lines or radio
      frequencies.  Examples of such organizations include
      telecommunication carriers, municipal utilities, larger
      enterprises with their own network infrastructure, and government
      organizations such as the military.
      Note: this definition differs from that in [7] by the use of the
      more generic 'organization' rather than 'domain' - the general
      concept is the same.  This term is used interchangeably with
      Access Network Provider in this document.

   Civic Location/Address:  A location expressed in a form that is
      defined by civic demarcations.  Civic addresses can be specialized
      for jurisdictional (general use) or postal (message delivery)
      purposes, or they can apply to either.

   Device:  The technical device whereby the location is tracked as a
      proxy for the location of a Target.

   Geodetic Location:  A location expressed in coordinate form.

   Location Configuration Server (LCS):  The entity within the Access
      Provider's network that provides location information to clients.
      This term is introduced in [11] and it provides refers to an entity capable of
      determining the location
      information that is generated and maintained by the LG and LS
      functional elements respectively.  The details of the interactions
      between an LG and LS end point and in particular how the LCS uses these to
      obtain providing that
      location information is outside via the scope of this document
      since it Location Configuration Protocol (LCP)
      to the requesting party.  The requesting party is very deployment specific. the end point
      itself or an authorized entity that acts on its behalf.

   Location Generator (LG):  The entity that initially determines or
      gathers the location of the Target and creates Location Objects
      describing that location.

   Location Information (LI):  The data that describes the location of a
      Device.  The term
      Device, either by-value or by-reference.  The term LI does not
      include the representation of this data.
      Note: this terms is not officially defined in [7], but rather is
      assumed from the general usage throughout that document and within
      the GEOPRIV WG.

   Location Object (LO):  An object conveying Location Information (and
      possibly privacy rules) to which Geopriv security mechanisms and
      privacy rules are to be applied.
      Note: this is a specific by-value representation of Location
      Information (LI).  In this document, LO refers to PIDF-LO [8].

   Location Server (LS):  The LS is an element that receives
      publications of Location Objects from Location Generators and may
      receive subscriptions from Location Recipients.  The LS applies
      the rules (which it learns from the Rule Holder) to LOs it
      receives from LGs, and then notifies LRs of resulting LOs as
      Note: This definition varies from that defined in [7] by defining
      the roles of the functional elements more explicitly.  In some
      specifications the Location Server is referred to as a Location
      Information Server or LIS.  In this context, the Location Server
      is distinct from what is alternatively referred to as a Registrar
      in other contexts.

   Location Recipient (LR):  The entity that receives Location
      Information (LI).

   Rule Holder (RH):  The entity that provides the rules associated with
      a particular target for the distribution of Location Information

   Rule Maker (RM):  The authority that creates rules governing access
      to location information for a target (typically, this it the
      Target themselves).

   Target:  A person or other entity whose location is communicated by a
      GEOPRIV Location Object (LO).

4.  Overview and Scope

   This document describes an interface between a Device and a Location
   Configuration Server (LCS).  The LCS is a service present within the
   same administrative domain as the Device (the access network).  An
   Access Provider (AP) operates the LCS service so that Devices (and
   Targets) can retrieve LI.  The LCS exists because not all Devices are
   capable of determining LI, and because, even if a device is able to
   determine its own LI, it may be more efficient with assistance.  This
   document does not specify how LI is derived.

   This document is based on the attribution of the LI to a device Device and
   not specifically a person (end user) or Target, based on the premise
   that location determination technologies are generally designed to
   locate a device and not a person.  It is expected that, for most
   applications, LI for the device can be used as an adequate substitute
   for the end user's LI.  Since revealing the location of the device
   almost invariably reveals some information about the location of the
   user of the device, the same level of privacy protection demanded by
   a user is required for the device.  This approach may require either
   some additional assurances about the link between device and target,
   or an acceptance of the limitation that unless the device requires
   active user authentication, there is no guarantee that any particular
   individual is using the device at that instant.

   This document identifies two methods for acquiring LI.  Location may
   be retrieved from a Location Configuration Server (LCS) by-value,
   that is, the device Device may acquire LI directly. a literal location in ther form of a
   PIDF-LO.  Alternatively, the Device may request that the LCS provide
   a location reference in the form of a location URI so that or set of location
   URIs, allowing the Device to distribute its LI can
   be distributed by-reference.
   Providing LI by-reference implies that a server is able to provide
   the device Device with a public, globally-
   addressable globally-addressable URI.

   The following diagram shows the logical configuration of some of the
   functional elements identified in [7] and the LCS defined in [11] and
   where this protocol applies, with the Rule Maker and Target
   represented by the role of the Device.

                     | Access Network Provider                     |
                     |                                             |
                     |   +--------------------------------------+  |
                     |   | Location Configuration Server        |  |
                     |   |                                      |  |
                     |   |                                      |  |
                     |   |                                      |  |
                     |   |                                      |  |
                     |   +------|---------------------'---------+  |
                                |                     '
                                |                     '
                               HELD                  APP
                                |                     '
     Rule Maker   - _     +-----------+         +-----------+
           o          - - | Device    |         | Location  |
          <U\             |           | - - - - | Recipient |
          / \       _ - - |           |   APP   |           |
         Target - -       +-----------+         +-----------+
                        Figure 1: Significant Roles

   The interface between the Location Recipient (LR) and the Device
   and/or LCS is application specific, as indicated by the APP
   annotation in the diagram and it is outside the scope of the
   document.  An example of an APP interface between a device and LR can
   be found in the SIP Location Conveyance document [24].

5.  Protocol Overview

   The HELD protocol facilitates retrieval of LI either by-value, as a
   PIDF-LO document, or by-reference, as a Location URI.  The policy
   that describes to whom, and how, LI is granted is outside the scope
   of this document and and maybe MAY be specified in separate specifications as
   required.  The Device must first discover the URI for the LCS for
   sending the HELD protocol requests as identified by the requirement
   in the L7 LCP problem statement and requirements [11].  The discovery
   methods are specified in [15].

   Where a Device requires LI directly, it can request that the LCS
   create a PIDF-LO document.  This approach fits well with a
   configuration whereby the device directly makes use of the provided
   PIDF-LO document.  With this approach, the LCS needs to uniquely
   identify the Device within the access network.  The source IP address
   of the request message is sufficient in most cases.  Once the Device
   is identified, the LCS uses network domain-specific information to
   determine the location of the Device.

   The details on the information that may be included in the PIDF-LO
   MUST follow the subset of those rules relating to the construction of
   the "location-info" element in [10].  The PIDF-LO generated by the
   LCS in this case MUST follow the rules in [10].  In addition, the
   default values for <retransmission allowed> <retransmission-allowed> and <retention expires> <retention-expiry> as
   specified in [8] MUST be applied.  A default value of "no" SHALL be
   used for the <retransmission-allowed> element.  A default value of 24
   hours SHALL be used for <retention-expires> <retention-expiry> value of any generated
   PIDF-LO documents.  An LCS MAY provide a shorter value for
   <retention-expiry> but MUST NOT provide a value longer than 24 hours.

   Requesting location directly does not always address the requirements
   of an application.  A Device can request a location URI instead of
   literal location.  A Location URI is a URI [23] of any scheme, which
   a Location Recipient (LR) can use to retrieve LI.  A location URI
   provided by an LCS can be assumed to be globally-addressable; that
   is, anyone in possession of the URI can access the LCS.  This does
   not in any way suggest that the LCS is bound to reveal the location
   associated with the location URI.  This issue is deemed out of scope
   for this document.  The merits and drawbacks of using a Location URI
   approach are discussed in [16].

6.  Protocol Description

   As discussed in Section 5, this protocol provides for the retrieval
   of a Location or a Location URI from an LCS.  Three messages are
   defined to support the location retrieval: locationRequest,
   locationResponse and error.  Messages are defined as XML documents.

   The Location Request (locationRequest) message is described in
   Section 6.2.  A Location Request from a Device indicates whether a
   Location (and the specific type of location) and/or a Location URI
   should be returned.  The LCS replies with a response (heldResponse),
   (locationResponse), including a PIDF-LO document and/or one or more
   Location URIs in case of success, or an error message in case of an

   A MIME type "application/held+xml" is registered in Section 12.6 12.4 to
   distinguish HELD messages from other XML document bodies.  This
   specification follows the recommendations and conventions described
   in [20], including the naming convention of the type ('+xml' suffix)
   and the usage of the 'charset' parameter.

   Section 7 contains a more thorough description of the protocol
   parameters, valid values, and how each should be handled.  Section 8
   contains a more specific definition of the structure of these
   messages in the form of an XML Schema [12].

6.1.  Protocol Binding

   The HELD protocol is an application-layer protocol that is defined
   independently of any lower layers.  This means that any protocol can
   be used to transport this protocol providing that it can provide a
   few basic features:
   o  The protocol must have acknowledged delivery.
   o  The protocol must be able to correlate a response with a request.
   o  The protocol must provide authentication, privacy and protection
      against modification.
   Candidate protocols that could be used to address these purposes
   include: TCP [17], TLS [2], SASL [18], HTTP [3], SIP [22], BEEP [21]
   and SOAP [25] [26].  This document includes a binding that uses a
   combination of HTTP, TLS and TCP in Section 9.

6.2.  Location Request

   A location request is sent from the Device to the LCS when it
   requires LI.  This request MUST include the type of location being
   requested such as civic location, location URI, etc.  The type of LI
   that a Device requests is determined by the type of LI that is
   included in the "locationType" element.

   The location request is made by sending a document formed of a
   "locationRequest" element.  The LCS uses the source IP address of the
   location request message as the primary source of identity for the
   requesting device or target.  It is anticipated that other Device
   identities MAY be provided through schema extensions.  The successful
   response to a location request is a document formed of a "heldResponse"
   "locationResponse" element, unless the request fails, in which case
   the LCS SHOULD provide an error indication document.

6.3.  Held  Location Response

   The response to a Location request MUST contain either a PIDF-LO
   and/or Location URI(s), depending upon the requested "locationType".
   The "heldResponse" "locationResponse" element MUST include a "code" attribute with a
   value of 200. "success".  A set of predefined error codes are included in
   Section 7.4. 7.3.  The response is in error if there is a value other than
   "success", since those MUST be sent using the error message
   Section 6.4.

   A Location URI MUST NOT contain any information that could be used to
   identify the Device or Target.  It is RECOMMENDED that a Location URI
   contain a public address for the LCS and an anonymous identifier,
   such as a random sequence of
   characters that the LCS can use to identify a particular context. local identifer or unlinked pseudonym.

6.4.  Indicating Errors

   In the event of an error, the LCS SHOULD respond to the Device with
   an error document.  The error response applies to all request types
   and SHOULD also be sent in response to any unrecognized request.

   An error indication document consists of an "error" element.  The
   "error" element MUST include a "code" attribute that indicates the
   type of error.  A set of predefined error codes are included in
   Section 7.4. 7.3.  A code of "success" MUST NOT be used in an "error"

   Error responses MAY also include a "message" attribute that can
   include additional information.  This information SHOULD be for
   diagnostic purposes only, and MAY be in any language.  The language
   of the message SHOULD be indicated with an "xml:lang" attribute.

7.  Protocol Parameters

   This section describes, in detail the parameters that are used for
   this protocol.  Table 1 lists the top-level components used within
   the protocol and where they are mandatory or optional for each of the


   | Parameter              |    Location    | HELD Response     Location    | Error |
   |                        |     Request    |     Response    |       |
   | responseTime           |        o       |                 |       |
   | (Section 7.1)          |                |                 |       |
   | locationType           |        m       |                 |       |
   | (Section 7.2)          |                |                 |       |
   | exact (Section 7.2.1)  |        o       |                 |       |
   | options (Section 7.3)   |        o        |               |       |
   | code (Section 7.4) 7.3)     |                |        m        |   m   |
   | message (Section 7.5) 7.4)  |                |        o        |   o   |
   | locationURI            |                |        o        |       |
   | (Section 7.6) 7.5)          |                |                 |       |
   | expires (Section 7.6.1)                |                |        m        |       |
   | (Section 7.5.1)        |                |                 |       |

                     Table 1: Message Parameter Usage

7.1.  "responseTime" Parameter

   The "responseTime" attribute indicates to the LCS how long the Device
   is prepared to wait for a response.  This attribute MAY be added to a
   Location request message.  The value of this attribute is indicative
   only, the LCS is under no obligation to strictly adhere to the time
   limit implied; any enforcement of the time limit is left to the
   requesting Device.

   This attribute is expressed with a decimal seconds value, which may
   include a decimal point.  It is RECOMMENDED that systems support
   millisecond precision for this parameter.

   The LCS MUST provide the most accurate LI that can be determined
   within the specified interval.  This parameter could be used as input
   when selecting the method of location determination, where multiple
   such methods exist.  If this parameter is absent, then the LCS MUST
   return the most precise LI it is capable of determining.

7.2.  "locationType" Parameter

   The "locationType" element is included in a location request.  It
   contains a list of LI types that are requested by the Device.  The
   following list describes the possible values:
   any:  The LCS SHOULD attempt to provide LI in all forms available to
      it.  This value MUST be assumed as the default if no
      "locationType" is specified.  The LCS SHOULD return location
      information in a form that is suited for routing and responding to
      an emergency call in its jurisdiction.  The LCS MAY alternatively
      or additionally return a location URI.
   geodetic:  The LCS SHOULD return a geodetic location for the Target.
   civic:  The LCS SHOULD return a civic address for the Target.  Any
      type of civic address may be returned.  The LCS SHOULD ignore this
      value if a request for jurisdictional or postal civic address has
      been made and can be satisfied.
   jurisdictionalCivic:  The LCS SHOULD return a jurisdictional civic
      address for the Target.
   postalCivic:  The LCS SHOULD return a postal civic address for the
   locationURI:  The LCS SHOULD return a location URI for the Target.

   The LCS SHOULD return the requested location type or types.  The LCS
   MAY provide additional location types, or it MAY provide alternative
   types if the request cannot be satisfied for a requested location
   type.  If the "exact" attribute is present and set to "true" in a
   location request, then a successful LCS response MUST provide the
   requested location type only, with no additional location
   information.  The "exact" attribute has no effect when this element
   is set to "any".

   The "SHOULD"-strength requirement on this parameter is included to
   allow for soft-failover.  This enables a fixed client configuration
   that prefers a specific location type without causing location
   requests to fail when that location type is unavailable.  Unless the
   "exact" attribute is set, the LCS MUST provide LI in any available
   form if it is unable to comply with the request.

   For example, a notebook computer could be configured to retrieve
   civic addresses, which is usually available from typical home or work
   situations.  However, when using a wireless modem, the LCS might be
   unable to provide a civic address.

7.2.1.  "exact" Parameter Attribute

   When the "exact" attribute is set to "true", it indicates to the LCS
   that the contents of the "locationType" parameter MUST be strictly
   followed.  The default value of "false" allows the LCS the option of
   returning something beyond what is specified, such as a location URI
   when only a civic location was requested.

   A value of "true" indicates that the LCS MUST provide a location of
   the requested type or types or MUST provide an error.  The LCS MUST
   provide the requested types only and these types SHOULD be specified
   in the same order as they were requested.  The LCS SHOULD handle an
   exact request that includes a "locationType" element set to "any" as
   if the "exact" attribute were set to "false".

7.3.  "options" Parameter

   The "options" attribute provides for extensibility, allowing for the
   definition of future optional extensions to the location request
   message without the need to create a new namespace.  If multiple
   options are used, they MUST be separated by a semicolon (;), such as
   "optionOne=1;optionTwo=2; Option3=3".  Options MUST be registered
   with IANA per Section 12.2.

7.4.  "code" Parameter

   All responses MUST contain a response code.  The "code" attribute
   applies to the "error" and "heldResponse" "locationResponse" messages.

   The following response codes follow a three decimal form similar to
   that  All errors
   are application-level errors, and MUST only be provided in
   successfully processed transport-level responses.  For example where
   HTTP [3] and SIP [22]: is used as the transport, HELD error messages MUST be
   accompanied by a 200 (Success): OK HTTP response.

   HELD error responses may be one of the following tokens:
   success:  This code indicates that the request was successful.  This
      code MUST not be used for an error response.
   400 (Request Error):
   requestError:  This code indicates that the request was badly formed
      in some fashion.
   401 (XML Error):
   xmlError:  This code indicates that the XML content of the request
      was either badly formed or invalid.
   402 (Authentication Error):  This code indicates that the request
      either did not contain authentication information, or the
      authentication provided was not accepted.
   500 (General LCS Error):
   generalLcsError:  This code indicates that an unspecified error
      occurred at the LCS.
   501 (Location Unknown):
   locationUnknown:  This code indicates that the LCS could not
      determine the location of the Device.
   502 (Unsupported Message):
   unsupportedMessage:  This code indicates that the request was not
      supported or understood by the LCS.
   503 (Timeout):
   timeout:  This code indicates that the LCS could not satisfy the
      request within the time specified in the "responseTime" parameter.
   504 (Cannot Provide LI Type):
   cannotProvideLiType:  This code indicates that the LCS was unable to
      provide LI of the type or types requested.  This code is used when
      the "exact" attribute on the "locationType" parameter is set to
   Additional response codes within the x00 to x79 range MUST be
   specified in published RFCs; the range from x80 to x99 is reserved
   for private usage.


7.4.  "message" Parameter

   The "heldResponse" "locationResponse" and "error" messages MAY include a "message"
   attribute to convey some additional, human-readable information about
   the result of the request.  This message MAY be included in any
   language, which SHOULD be indicated by the "xml:lang", attribute.
   The default language is assumed to be English.


7.5.  "locationURI" Parameter

   The "locationURI" element includes a single Location URI.  Each
   Location URI that is allocated by the LCS is unique to the device
   that is requesting it.

   A "heldResponse" "locationResponse" message MAY contain any number of "locationURI"
   elements.  It is RECOMMENDED that the LCS allocate a Location URI for
   each scheme that it supports and that each scheme is present only
   once.  URI schemes and their secure variants such as http and https
   should be regarded as two separate schemes.


7.5.1.  "expires" Parameter

   The "expires" attribute indicates the time at which the Location URI
   provided by the LCS will expire.  This attribute is included in the
   "locationResponse" message only.

   Responses to Locations requests for Location URIs MUST include the
   expiry time of the Location URI.

8.  XML Schema

   This section gives the XML Schema Definition [12] of the
   "application/held+xml" format.  This is presented as a formal
   definition of the "application/held+xml" format.  Note that the XML
   Schema definition is not intended to be used with on-the-fly
   validation of the presence XML document.

   <?xml version="1.0"?>

       <xs:documentation source="">
   <!-- [[NOTE TO RFC-EDITOR: Please replace above URL with URL of
          published RFC and remove this note.]] -->
         This document defines HELD messages.


     <xs:import namespace=""
     <xs:import namespace="urn:ietf:params:xml:ns:pidf:geopriv10"
     <xs:import namespace="urn:ietf:params:xml:ns:common-policy"
     <xs:import namespace=""

     <!-- Context Information Return Location -->
     <xs:complexType name="returnContextType"> name="returnLocationType">
         <xs:restriction base="xs:anyType">
             <xs:element name="locationURI" type="xs:anyURI"
           <xs:attribute name="expires" type="xs:dateTime"

     <!-- Duration Type -->
     <xs:simpleType name="durationType">
           <xs:restriction base="xs:decimal">
             <xs:minInclusive value="0.0"/>

     <!-- Location Type -->
     <xs:simpleType name="locationTypeBase">
           <xs:restriction base="xs:token">
             <xs:enumeration value="any"/>
               <xs:restriction base="xs:token">
                 <xs:enumeration value="civic"/>
                 <xs:enumeration value="geodetic"/>
                 <xs:enumeration value="postalCivic"/>
                 <xs:enumeration value="jurisdictionalCivic"/>
                 <xs:enumeration value="locationURI"/>

      <xs:complexType name="locationTypeType">
         <xs:extension base="held:locationTypeBase">
           <xs:attribute name="exact" type="xs:boolean"
                         use="optional" default="false"/>

     <!-- Response code -->
     <xs:simpleType name="codeType">
       <xs:restriction base="xs:nonNegativeInteger">
         <xs:pattern value="[0-5][0-9][0-9]"/> base="xs:token">
              <xs:enumeration value="success"/>
              <xs:enumeration value="requestError"/>
              <xs:enumeration value="xmlError"/>
              <xs:enumeration value="generalLcsError"/>
              <xs:enumeration value="locationUnknown"/>
              <xs:enumeration value="unsupportedMessage"/>
              <xs:enumeration value="timeout"/>
              <xs:enumeration value="cannotProvideLiType"/>

     <!-- Message Definitions -->
     <xs:complexType name="baseRequestType">
         <xs:restriction base="xs:anyType">
           <xs:attribute name="responseTime" type="held:durationType"
     <xs:complexType name="baseResponseType">
         <xs:restriction base="xs:anyType">
           <xs:attribute name="code" type="held:codeType"
           <xs:attribute name="message" type="xs:token"
           <xs:attribute ref="xml:lang" use="optional"/>

     <xs:element name="error" type="held:baseResponseType"/>

   <!-- Context Location Response -->
     <xs:complexType name="contextResponseType"> name="locationResponseType">
         <xs:extension base="held:baseResponseType">
             <xs:element name="locationUriSet"
             <xs:any namespace="##other" processContents="lax"
                     minOccurs="0" maxOccurs="unbounded"/>

     <xs:element name="heldResponse"
                 type="held:contextResponseType"/> name="locationResponse"

   <!-- Location Request -->
       locationRequest message requests a location
       and/or a location URI.  locationType being requested
       is specified as an element.  A locationURI is explicitly
       requested by setting the locationURI attribute to true.

     <xs:complexType name="locationRequestType">
         <xs:extension base="held:baseRequestType">
               <xs:element name="locationType"
               <xs:any namespace="##other" processContents="lax"
                     minOccurs="0" maxOccurs="unbounded"/>
           <xs:attribute name="options" type="xs:token"

     <xs:element name="locationRequest"


9.  HTTP Binding

   This section defines an HTTP [3] binding for this protocol, which all
   conforming implementations MUST support.  This binding takes the form
   of a Web Service (WS) that can be described by the Web Services
   Description Language (WSDL) document in Section 9.1.

   The request is carried in this binding as the body of an HTTP POST
   request.  The MIME type of both request and response bodies should be

   The LCS populates the HTTP headers so that they are consistent with
   the contents of the message.  In particular, the "expires" and cache
   control headers are used to control the caching of any PIDF-LO
   document or Location URIs.  The HTTP status code SHOULD have the same
   first digit as any "heldResponse" "locationResponse" or "error" body included, and
   it SHOULD indicate a 2xx series response when a PIDF-LO document or
   Location URI is included.

   This binding also includes a default behaviour, which is triggered by
   a GET request, or a POST with no request body.  If either of these
   queries are received, the LCS MUST attempt to provide either a
   PIDF-LO document or a Location URI, as if the request was a location

   This binding MUST use TLS as described in [4].  TLS provides message
   integrity and privacy between Device and LCS.  The LCS MUST use the
   server authentication method described in [4]; the Device MUST fail a
   request if server authentication fails, except in the event of an

9.1.  HTTP Binding WSDL

   The following WSDL 2.0 [27] document describes the HTTP binding for
   this protocol.  Actual service instances MUST provide a "service"
   with at least one "endpoint" that implements the "heldHTTP" binding.
   A service description document MAY include this schema directly or by
   using the "import" or "include" directives.

      <?xml version="1.0"?>

          This document describes the basic HELD sighting web service.
          Please refer to RFCXXXX for details.
      [[NOTE TO RFC-EDITOR: Please replace XXXX with the RFC number
        for this specification and remove this note.]]

          <xsd:schema xmlns:xsd="">
            <xsd:import namespace="urn:ietf:params:xml:ns:geopriv:held"
            <xsd:import namespace="urn:ietf:params:xml:ns:pidf"/>

        <wsdl:interface name="held">

          <wsdl:operation name="locationRequest" method="POST">
            <wsdl:input message="held:locationRequest"/>
            <wsdl:output message="held:heldResponse"/> message="held:locationResponse"/>
            <wsdl:fault message="held:error"/>

              name="getLocation" method="GET"
            <wsdl:output message="held:heldResponse"/> message="held:locationResponse"/>
            <wsdl:fault message="held:error"/>

       <!-- Note that the by default the HTTP binding uses:

       <wsdl:binding name="heldHTTP" whttp:defaultMethod="POST">
         <wsdl:operation ref="heldhttp:locationRequest"/>
         <wsdl:operation ref="heldhttp:getLocation" whttp:method="GET"/>


10.  Security Considerations

   The threat model for this protocol assumes that the LCS exists within
   the same administrative domain as the Device.  The LCS requires
   access to network information so that it can determine Location.
   Therefore, the LCS can use network information to protect against a
   number of the possible attacks.

   Specific requirements and security considerations for location
   acquisition protocols are provided in [11] including that the LCP
   MUST NOT assume prior network access authentication, which is
   addressed in Section 10.2

   An in-depth discussion of the security considerations applicable to
   the use of Location URIs and by-reference provision of LI is included
   in [16].

10.1.  Return Routability

   It is RECOMMENDED that Location Configuration Servers use return
   routability rather than requiring Device authentication.  Device
   authentication SHOULD NOT be required due to the administrative
   challenge of issuing and managing of client credentials, particularly
   when networks allow visiting users to attach devices.  However, the
   LCS MAY require any form of authentication as long as these factors
   are considered.

   Addressing information used in a request to the LCS is used to
   determine the identity of the Device, and to address a response.
   This ensures that a Device can only request its own LI.

   A temporary spoofing of IP address could mean that a device could
   request a Location URI that would result in another Device's
   location.  One or more of the follow approaches are RECOMMENDED to
   limit this exposure:
   o  Location URIs SHOULD have a limited lifetime, as reflected by the
      value for the expires element (Section 7.6.1). 7.5.1).
   o  The network SHOULD have mechanisms that protect against IP address
   o  The LCS SHOULD ensure that requests can only originate from within
      its administrative domain.
   o  The LCS and network SHOULD be configured so that the LCS is made
      aware of Device movement within the network and addressing
      changes.  If the LCS detects a change in the network, then all
      location URIs MUST be invalidated.

   The above measures are dependent on network configuration and SHOULD
   be considered with circumstances in mind.  For instance, in a fixed
   internet access, providers may be able to restrict the allocation of
   IP addresses to a single physical line, ensuring that spoofing is not
   possible; in such an environment, other measures may not be

10.2.  Transaction Layer Security

   All bindings for this protocol MUST ensure that messages are
   adequately protected against eavesdropping and modification.
   Bindings MUST also provide a means of authenticating the LCS.

   It is RECOMMENDED that all bindings also use TLS [2].

   For the HTTP binding, TLS MUST be used.  TLS provides protection
   against eavesdropping and modification.  The server authentication
   methods described in HTTP on TLS [4] MUST be used.

11.  Examples

11.1.  Simple HTTP Binding Example Messages

   The examples in this section show a complete HTTP message that
   includes the HELD request or response document.

   This example shows the most basic request for a LO.  This uses the
   GET feature described by the HTTP binding.  This example assumes that
   the LCS service exists at the URL "".

         GET /location HTTP/1.1
         Accept: application/pidf+xml,application/held+xml,
         Accept-Charset: UTF-8,*

   The GET request is exactly identical to a minimal POST request that
   includes an empty "locationRequest" element.

         POST /location HTTP/1.1
         Accept: application/pidf+xml,application/held+xml, application/held+xml,
         Accept-Charset: UTF-8,*
         Content-Type: application/held+xml
         Content-Length: 87

         <?xml version="1.0"?>
         <locationRequest xmlns="urn:ietf:params:xml:ns:geopriv:held"/>
   The successful response to either of these requests is a PIDF-LO
   document.  The following response shows a minimal PIDF-LO response.

         HTTP/1.x 200 OK
         Server: Example LCS
         Date: Tue, 10 Jan 2006 03:42:29 GMT
         Expires: Tue, 10 Jan 2006 03:42:29 GMT
         Cache-control: private
         Content-Type: application/pidf+xml application/held+xml
         Content-Length: 594

         <?xml version="1.0"?>
         <locationResponse xmlns="urn:ietf:params:xml:ns:geopriv:held"
         <presence xmlns="urn:ietf:params:xml:ns:pidf"
           <tuple id="3b650sf789nd">
            <geopriv xmlns="urn:ietf:params:xml:ns:pidf:geopriv10">
                <Point xmlns=""
                  <pos>-34.407 150.88001</pos>
   The error response to either of these requests is an error document.
   The following response shows an example error response.

         HTTP/1.x 500 Server Error 200 OK
         Server: Example LCS
         Expires: Tue, 10 Jan 2006 03:49:20 GMT
         Cache-control: private
         Content-Type: application/held+xml
         Content-Length: 135

         <?xml version="1.0"?>
         <error xmlns="urn:ietf:params:xml:ns:geopriv:held" code="501"
                message="Unable to determine location"/>

   Note:  To focus on important portions of messages, all examples
      following this note do not show HTTP headers or the XML prologue.
      In addition, sections of XML not relevant to the example are
      replaced with comments.

11.2.  Simple Location Request Example

   The location request shown below doesn't specify any location types
   or response time.

   <locationRequest xmlns="urn:ietf:params:xml:ns:geopriv:held"/>

   The response to this location request is a list of Location URIs.


      <locationResponse xmlns="urn:ietf:params:xml:ns:geopriv:held"
                             code="success" message="OK">
        <locationUriSet expires="2006-01-01T13:00:00">

   An error response to this location request is shown below:

         <error xmlns="urn:ietf:params:xml:ns:geopriv:held" code="450"
                    message="Location not available"/>

11.3.  Location Request Example with options

   The location request shown below specifies a response time and an
   option, but doesn't specify any location type.

         <locationRequest xmlns="urn:ietf:params:xml:ns:geopriv:held"
   The corresponding HELD response shown below includes a PIDF-LO.

    <heldResponse xmlns="urn:ietf:params:xml:ns:geopriv:held"
                              code="200" message="OK">
     <presence xmlns="urn:ietf:params:xml:ns:pidf:geopriv10"
      <tuple id="lisLocation">
              <gml:pos>-34.407242 150.882518</gml:pos>
              <gs:radius uom="urn:ogc:def:uom:EPSG::9001">30
           <ca:STS>Northfield Avenue</ca:STS>
           <ca:LMK>University of Wollongong</ca:LMK>
           <ca:NAM>Andrew Corporation</ca:NAM>
   A corresponding HELD response with Location URIs.

      <heldResponse xmlns="urn:ietf:params:xml:ns:geopriv:held"
                                code="200" message="OK">
        <locationUriSet expires="2006-01-01T13:00:00">

11.4.  Location Request Example for Multiple Location Types

   The following Location Request message includes a request for
   geodetic, jurisdictional civic and any Location URIs.

         <locationRequest xmlns="urn:ietf:params:xml:ns:geopriv:held">
          <locationType exact="true">

   The corresponding HELD Location Response message includes the requested
   location information, including two location URIs.


       <locationResponse xmlns="urn:ietf:params:xml:ns:geopriv:held"
                                 code="success" message="OK">
         <locationUriSet expires="2006-01-01T13:00:00">
         <presence xmlns="urn:ietf:params:xml:ns:pidf:geopriv10"
         <tuple id="lisLocation">
              <gml:pos>-34.407242 150.882518</gml:pos>
              <gs:radius uom="urn:ogc:def:uom:EPSG::9001">30
              <ca:STS>Northfield Avenue</ca:STS>
              <ca:LMK>University of Wollongong</ca:LMK>
              <ca:NAM>Andrew Corporation</ca:NAM>


11.4.  Sample LCS  WSDL Document

   The following WSDL document demonstrates how a WSDL document can be
   created for a specific service, in this case, a service at the URI

   <?xml version="1.0"?>


     <wsdl:service name="sample-held-svc" interface="heldhttp:held">
       <wsdl:endpoint name="sample-held-ep"


12.  IANA Considerations

   According to the guidelines in [6], this document calls for an IANA
   registry for result codes and a registry for options in the

   This document also registers an XML namespace and schema and the
   "application/held+xml" MIME type.

12.1.  IANA Registry  URN Sub-Namespace Registration for HELD Result Codes

   IANA will establish and maintain

   This section registers a registry of HELD result codes.
   Additional values are registered based on new XML namespace,
   "urn:ietf:params:xml:ns:geopriv:held", as per the "specification
   required" option in [6].

   Specifications MUST specify the following information when
   registering new values in this registry:
   Code Value:  A three-digit value from 000 to 679.  The last 20 codes
      in each block of 100 (from x80 to x99) are reserved for private or
      experimental use and cannot be registered.
   Short Message:  A brief message that describes the general reason for
      the code.

   Publication:  A reference to any relevant publication or
   Description and Usage:  A longer description of the code and the
      circumstances where it applies.  This description does not need to
      be exhaustive.

   The values in Section 7.4 are pre-registered in this registry.

12.2.  IANA Registry for HELD Location Request Options

   IANA will establish and maintain a registry of HELD Location Request
   options to allow for extensibility of the request.  Values are
   registered based on the "specification required" option in [6].

   Specifications MUST specify the following information when
   registering new values in this registry:
   Option:  Name of the option.
   Short Message:  A brief message that describes the general reason for
      the option and valid values and ranges.
   Publication:  A reference to any relevant publication or
   Description and Usage:  A longer description of the option and the
      circumstances where it applies.  This description does not need to
      be exhaustive.

12.3.  URN Sub-Namespace Registration for

   This section registers a new XML namespace,
   "urn:ietf:params:xml:ns:geopriv:held", as per the guidelines guidelines in [6].
      URI: urn:ietf:params:xml:ns:geopriv:held
      Registrant Contact: IETF, GEOPRIV working group,
      (, Mary Barnes (

           <?xml version="1.0"?>
           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
           <html xmlns="" xml:lang="en">
               <title>HELD Messages</title>
               <h1>Namespace for HELD Messages</h1>
   [[NOTE TO IANA/RFC-EDITOR: Please update RFC URL and replace XXXX
       with the RFC number for this specification.]]
               <p>See <a href="[[RFC URL]]">RFCXXXX</a>.</p>


12.2.  XML Schema Registration

   This section registers an XML schema as per the guidelines in [6].
   URI:  urn:ietf:params:xml:schema:geopriv:held
   Registrant Contact:  IETF, GEOPRIV working group, (,
      Mary Barnes (
   Schema:  The XML for this schema can be found as the entirety of
      Section 8 of this document.


12.3.  URN Sub-Namespace Registration for

   This section registers a new XML namespace,
   "urn:ietf:params:xml:ns:geopriv:held:http", as per the guidelines in

      URI: urn:ietf:params:xml:ns:geopriv:held:http
      Registrant Contact: IETF, GEOPRIV working group,
      (, Mary Barnes (

           <?xml version="1.0"?>
           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
           <html xmlns="" xml:lang="en">
               <title>HELD HTTP Binding WS</title>
               <h1>Namespace for HELD HTTP Binding WS</h1>
   [[NOTE TO IANA/RFC-EDITOR: Please update RFC URL and replace XXXX
       with the RFC number for this specification.]]
               <p>See <a href="[[RFC URL]]">RFCXXXX</a>.</p>


12.4.  MIME Media Type Registration for 'application/held+xml'

   This section registers the "application/held+xml" MIME type.
   Subject:  Registration of MIME media type application/held+xml
   MIME media type name:  application
   MIME subtype name:  held+xml
   Required parameters:  (none)
   Optional parameters:  charset
      Indicates the character encoding of enclosed XML.  Default is
   Encoding considerations:  Uses XML, which can employ 8-bit
      characters, depending on the character encoding used.  See RFC
      3023 [20], section 3.2.
   Security considerations:  This content type is designed to carry
      protocol data related to the location of an entity, which could
      include information that is considered private.  Appropriate
      precautions should be taken to limit disclosure of this
   Interoperability considerations:  This content type provides a basis
      for a protocol
   Published specification:  RFC XXXX [[NOTE TO IANA/RFC-EDITOR: Please
      replace XXXX with the RFC number for this specification.]]
   Applications which use this media type:  Location information
      providers and consumers.
   Additional Information:  Magic Number(s): (none)
      File extension(s): .xml
      Macintosh File Type Code(s): (none)
   Person & email address to contact for further information:  Mary
      Barnes <>
   Intended usage:  LIMITED USE
   Author/Change controller:  This specification is TBD
   Other information:  This media type is a specialization of
      application/xml [20], and many of the considerations described
      there also apply to application/held+xml.

13.  Contributors

   James Winterbottom, Martin Thomson and Barbara Stark are the authors
   of the original document, from which this WG document was derived.
   Their contact information is included in the Author's address
   section.  James Winterbottom also contributed to the WG document.

14.  Acknowledgements

   The author/contributors would like to thank the following people for
   their constructive input to this document (in alphabetical order):
   Nadine Abbott, Eric Arolick, Guy Caron, Martin Dawson, Jerome
   Grenier, Neil Justusson, Tat Lam, Patti McCalmont, Perry Prozeniuk,
   John Schnizlein, Henning Schulzrinne, Ed Shrum, and Hannes

15.  Changes since last Version

   NOTE TO THE RFC-Editor: Please remove this section prior to
   publication as an RFC.

   Changes from WG 00 to 01:

   1) heldResponse renamed to locationResponse.

   2) Changed namespace references for the PIDF-LO geoShape in the
   schema to match the agreed GML PIDF-LO Geometry Shape Application

   3) Removed "options" element - leaving optionality/extensibility to
   XML mechanisms.

   4) Changed error codes to be enumerations and not redefinitions of
   HTTP response codes.

   5) Updated schema/examples for the above and removed some remnants of
   the context element.

   6) Clarified the definition of "Location Information (LI)" to include
   a reference to the location (to match the XML schema and provide
   consistency of usage throughout the document).  Added an additional
   statement in section 7.2 (locationType) to clarify that LCS MAY also
   return a Location URI.

   7) Modifed the definition of "Location Configuration Server (LCS)" to
   be consistent with the current definiton in the requirements

   8) Updated Location Response (section 6.3) to remove reference to
   context and discuss the used of a local identifier or unlinked
   pseudonym in providing privacy/security.

   9) Clarified that the source IP address in the request is used as the
   identifier for the target/device for the HELD protocol as defined in
   this document.

   10) Miscellaneous editorial clarifications.

16.  References


16.1.  Normative References

   [1]   Bradner, S., "Key words for use in RFCs to Indicate Requirement
         Levels", BCP 14, RFC 2119, March 1997.

   [2]   Dierks, T. and C. Allen, "The TLS Protocol Version 1.0",
         RFC 2246, January 1999.

   [3]   Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L.,
         Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol --
         HTTP/1.1", RFC 2616, June 1999.

   [4]   Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.

   [5]   Eastlake, D., Reagle, J., and D. Solo, "(Extensible Markup
         Language) XML-Signature Syntax and Processing", RFC 3275,
         March 2002.

   [6]   Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
         January 2004.

   [7]   Cuellar, J., Morris, J., Mulligan, D., Peterson, J., and J.
         Polk, "Geopriv Requirements", RFC 3693, February 2004.

   [8]   Peterson, J., "A Presence-based GEOPRIV Location Object
         Format", RFC 4119, December 2005.

   [9]   Thomson, M. and J. Winterbottom, "Revised Civic Location Format
         for PIDF-LO", draft-ietf-geopriv-revised-civic-lo-05 (work in
         progress), February 2007.

   [10]  Tschofenig, H., "GEOPRIV PIDF-LO Usage Clarification,
         Considerations and Recommendations",
         draft-ietf-geopriv-pdif-lo-profile-08 (work in progress),
         July 2007.

   [11]  Tschofenig, H. and H. Schulzrinne, "GEOPRIV Layer 7 Location
         Configuration Protocol; Problem Statement and  Requirements",
         draft-ietf-geopriv-l7-lcp-ps-02 (work in progress), April 2007.

   [12]  Thompson, H., Maloney, M., Mendelsohn, N., Maloney, M., and D. Beech, "XML
         Schema Part 1: Structures Second Edition", World Wide Web
         Consortium Recommendation REC-xmlschema-1-20041028,
         October 2004,

   [13]  Malhotra, A. and P. Biron, "XML Schema Part 2: Datatypes Second
         Edition", World Wide Web Consortium Recommendation REC-
         xmlschema-2-20041028, October 2004,

   [14]  Cox, S., Daisey, P., Lake, R., Portele, C., and A. Whiteside,
         "Geographic information - Geography Markup Language (GML)",
         OpenGIS 03-105r1, April 2004,

   [15]  Thomson, M. and J. Winterbottom, "Discovering the Local
         Location Information Server (LIS)",
         draft-thomson-geopriv-lis-discovery-00 (work in progress),
         February 2007.

   [16]  Marshall, R., "Requirements for a Location-by-Reference
         Mechanism used in Location  Configuration and Conveyance",
         draft-marshall-geopriv-lbyr-requirements-01 (work in progress),
         March 2007.


16.2.  Informative References

   [17]  Postel, J., "Transmission Control Protocol", STD 7, RFC 793,
         September 1981.

   [18]  Myers, J., "Simple Authentication and Security Layer (SASL)",
         RFC 2222, October 1997.

   [19]  Day, M., Rosenberg, J., and H. Sugano, "A Model for Presence
         and Instant Messaging", RFC 2778, February 2000.

   [20]  Murata, M., St. Laurent, S., and D. Kohn, "XML Media Types",
         RFC 3023, January 2001.

   [21]  Rose, M., "The Blocks Extensible Exchange Protocol Core",
         RFC 3080, March 2001.

   [22]  Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
         Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
         Session Initiation Protocol", RFC 3261, June 2002.

   [23]  Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
         Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986,
         January 2005.

   [24]  Polk, J. and B. Rosen, "Session Initiation Protocol Location
         Conveyance", draft-ietf-sip-location-conveyance-07 (work in
         progress), February 2007.

   [25]  Mendelsohn, N.,  Gudgin, M., Mendelsohn, N., Nielsen, H., Moreau, J., and M.
         Hadley, "SOAP Version 1.2 Part 1: Messaging Framework", World
         Wide Web Consortium FirstEdition REC-soap12-part1-20030624,
         June 2003,

   [26]  Nielsen, H.,  Mendelsohn, N., Gudgin, M., Nielsen, H., Hadley, M., Gudgin, M., and J.
         Moreau, "SOAP Version 1.2 Part 2: Adjuncts", World Wide Web
         Consortium FirstEdition REC-soap12-part2-20030624, June 2003,

   [27]  Chinnici, R., Moreau, J., Ryman, A., and S. Weerawarana, "Web
         Services Description Language (WSDL) Version 2.0 Part 1: Core
         Language", W3C CR CR-wsdl20-20060106, January 2006.

Appendix A.  HELD Compliance to IETF LCP requirements

   This appendix describes HELD's compliance to the requirements
   specified in the [11].

A.1.  L7-1: Identifier Choice

   "The LIS MUST be presented with a unique identifier of its own
   addressing realm associated in some way with the physical location of
   the end host."


   The identifier used may be

   HELD uses the source IP address of the location request packet
   and/or additional client identifier values relevant to message as the scope
   primary source of identity for the access requesting device or target.  This
   identity can be used with other contextual network provided within information to
   provide a physical location for the request.  Mapping Target for many network
   deployments.  There may be network deployments where an IP address into lower-level attachment data
   alone is access network dependent
   and insufficient to identify a Target in a network.  However,
   any necessary identity extensions for these networks is beyond the responsibility the LIS.
   scope of this document.

A.2.  L7-2: Mobility Support

   "The GEOPRIV Layer 7 Location Configuration Protocol MUST support a
   broad range of mobility from devices that can only move between
   reboots, to devices that can change attachment points with the impact
   that their IP address is changed, to devices that do not change their
   IP address while roaming, to devices that continuously move by being
   attached to the same network attachment point."


   Mobility support is inherently a characteristic of the access network
   technology and HELD is designed to be access network agnostic.
   Consequently HELD complies with this requirement.  In addition HELD
   provides specific support for mobile environments by providing an
   optional responseTime attribute in location request messages.
   Wireless networks often have several different mechanisms at their
   disposal for position determination (e.g.  Assisted GPS versus
   location based on serving base station identity), each providing
   different degrees of accuracy and taking different amounts of time to
   yield a result.  The responseTime parameter provides the LIS with a
   criterion which it can use to select a location determination

A.3.  L7-3: Layer 7 and Layer 2/3 Provider Relationship

   "The design of the GEOPRIV Layer 7 Location Configuration Protocol
   MUST NOT assume a business or trust relationship between the provider
   of application layer (e.g., SIP, XMPP, H.323) provider and the access
   network provider operating the LIS."


   HELD describes a location acquisition protocol and has no
   dependencies on how location is used once it has been acquired.
   Location acquisition using HELD is subject to the restrictions
   described in Section 10.

A.4.  L7-4: Layer 2 and Layer 3 Provider Relationship

   "The design of the GEOPRIV Layer 7 Location Configuration Protocol
   MUST assume that there is a trust and business relationship between
   the L2 and the L3 provider.  The L3 provider operates the LIS and
   needs to obtain location information from the L2 provider since this
   one is closest to the end host.  If the L2 and L3 provider for the
   same host are different entities, they cooperate for the purposes
   needed to determine end system locations."


   HELD was specifically designed with this model in mind and readily
   allows itself to chaining requests between operators without a change
   in protocol being required.  HELD is a webservices protocol it can be
   bound to transports other than HTTP, such as BEEP.  Using a transport
   like BEEP for HELD offers the option of high request throughput over
   a dedicated connection between an L3 provider and an L2 provider
   without incurring the serial restriction imposed by HTTP.  This is
   less easy to do with protocols that do not decouple themselves from
   the transport.

A.5.  L7-5: Legacy Device Considerations

   "The design of the GEOPRIV Layer 7 Location Configuration Protocol
   MUST consider legacy residential NAT devices and NTEs in an DSL
   environment that cannot be upgraded to support additional protocols,
   for example to pass additional information through DHCP."


   HELD is an application protocol and operates on top of IP.  A HELD
   request from a host behind a residential NAT will traverse the NAT
   acquiring the external address of the home router.  The location
   provided to the host therefore will be the address of the home router
   in this circumstance.  No changes are required to the home router in
   order to support this function, HELD was designed specifically to
   address this deployment scenario.

A.6.  L7-6: VPN Awareness

   "The design of the GEOPRIV Layer 7 Location Configuration Protocol
   MUST assume that at least one end of a VPN is aware of the VPN
   functionality.  In an enterprise scenario, the enterprise side will
   provide the LIS used by the client and can thereby detect whether the
   LIS request was initiated through a VPN tunnel."


   HELD does not preclude a LIS on the far end of a VPN tunnel being
   aware that the client request is occurring over that tunnel.  It also
   does not preclude a client device from accessing a LIS serving the
   local physical network and subsequently using the location
   information with an application that is accessed over a VPN tunnel.

A.7.  L7-7: Network Access Authentication

   "The design of the GEOPRIV Layer 7 Location Configuration Protocol
   MUST NOT assume prior network access authentication."


   HELD makes no assumptions about prior network access authentication.
   HELD strongly recommends the use of TLS with server-side certificates
   for communication between the end-point and the LIS.  There is no
   requirement for the end-point to authenticate with the LIS.

A.8.  L7-8: Network Topology Unawareness

   "The design of the GEOPRIV Layer 7 Location Configuration Protocol
   MUST NOT assume end systems being aware of the access network
   topology.  End systems are, however, able to determine their public
   IP address(es) via mechanisms such as STUN or NSIS NATFW NSLP."


   HELD makes no assumption about the network topology.  HELD doesn't
   require that the device know its external IP address, except where
   that is required for discovery of the LCS.

A.9.  L7-9: Discovery Mechanism

   "The L7 LCP MUST define a single mandatory to implement discovery

   HELD uses the discovery mechanism in [15].

Authors' Addresses

   Mary Barnes (editor)
   2201 Lakeside Blvd
   Richardson, TX


   James Winterbottom
   PO Box U40
   Wollongong University Campus, NSW  2500

   Phone: +61 2 4221 2938

   Martin Thomson
   PO Box U40
   Wollongong University Campus, NSW  2500

   Phone: +61 2 4221 2915

   Barbara Stark
   Room 7A41
   725 W Peachtree St.
   Atlanta, GA  30308


Full Copyright Statement

   Copyright (C) The IETF Trust (2007).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an

Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at


   Funding for the RFC Editor function is provided by the IETF
   Administrative Support Activity (IASA).