[Ecrit] comments on LoST

Here are my comments on the latest version of LoST from SVN 
(http://www.tschofenig.priv.at/svn/draft-ietf-ecrit-lost/draft-ietf-ecrit-lost-04.txt).

I have several high level comments.

Firstly, the specification is somewhat confused about whether it is 
specifying a data object (like a presence document), in which case the 
semantics of the fields are critical, or whether it is specifying a 
protocol, in which case state machines, transactions, timers, failures, 
element behaviors, and so on, are relevant. I believe LoST is the latter 
not the former, yet the spec is mostly written as if it was the former 
and not the latter.

Secondly, I think the binding to http and https is not well specified, 
and many important details (minimum baseline mandatory requirements, 
timer considerations, usage of security techniques, pipelining, etc.) 
are not discussed at all.

Thirdly, I have some concerns over the requirement for servers to 
support both geodesic-2d and civic for all queries. IN particular, I 
fear that it will be common for boundary objects to exist in only one 
form or the other, and I don't see how conversion can easily be done 
between the two.

More specific comments below:

> This document describes an XML-based protocol for mapping service
>    identifiers and geodetic or civic location information to service
>    contact URIs.  In particular, it can be used to determine the
>    location-appropriate PSAP for emergency services.

expand PSAP acronym

> This document describes a protocol for mapping a service identifier
>    [10] and location information compatible with PIDF-LO [7], namely
>    revised civic location information [11] and GML [13]) 

missing open paren

> While the initial focus is on providing mapping
>    functions for emergency services, it is likely that the protocol is
>    applicable to any service URN. 

the first sentence mentions service identifiers but doesn't actually say 
service URN. Suggest that you add in the first sentence:

"..for mapping a service identifier (in the form of a service URN [10]).."

> Example service URL schemes include sip [14], xmpp
>    [15], and tel [16]. 

I'm gonna be a nit-picker and point out that these are actually URI and 
not URL. That error occurs in many places in the document.

>  For example, in the United States,
>    the "2-1-1" and "3-1-1" service numbers follow a similar location-to-
>    service behavior as emergency services.

might be good to mention what these are

> This document names this protocol "LoST", for Location-to-Service
>    Translation.  LoST Satisfies the requirements [18] for mapping

satisfies

THe last paragraph in the introduction repeats most of which is said 
already above. I'll note it does so more clearly than the rest of the 
intro. I suggest moving it up towards the front of the introduction.

Also, the introduction is missing an important point that is obvious for 
us in this field but probably non-obvious for newbies. I'd suggesting 
adding the following text in the intro:

"Numerous techniques have been specified for the discovery of servers 
for a particular service, including NAPTR records, SVRLOC and similar 
protocols. However, there are an important class of services where the 
specific service instance that is to be connected to depends on the 
identity of the service and the location of the entity that needs to 
reach it. An example of this is emergency telecommunications services, 
where the service instance is a Public Safety Answering Point (PSAP) 
that has jurisdiction over the location of the user making the call. 
Here, the desired PSAP isn't necessarily the one that is topologically 
or even line-of-sight closest to the caller; rather, it is the one that 
serves the callers location based on geopolitical boundaries. For this 
reason, the selected service instance is a function of location and the 
desired service."

Section 3 isn't really an overview of operation at all. It mainly 
addresses the question of WHEN a user invokes LoST. I was expecting 
first an architecture picture that shows a client, a server, and some 
backend stuff (other servers). LosT is show as between client and 
server. The section would talk about clients issuing requests and 
servers answering them. It would mention HTTP and indicate what is 
contained in a request, whats in an answer. Mention caching and the use 
of regions as a technique to avoid repeated queries on the server. It 
would mention the primary primitives provided by lost.

> 4.  LoST servers and Their Resolution

LoST Servers and their Resolution

I wonder if there should be a separate port number for LoST. See RFC 3205.

> A receiver can replace a mapping with another one having
>    the same 'source' and 'sourceId' and a higher version number.

You have not used the term receiver before. Client you mean?

>  The 'version' attribute is a positive integer that is incremented for
>    each change in the mapping.  The XML data type does not specify an
>    upper bound for this attribute and thus, the value MUST NOT wrap
>    around.  Thus, a higher version number refers to a more recent
>    mapping.  A mapping maintains its sourceId value as long as it
>    remains logically the same, e.g., represents the same service
>    boundary or replaces an earlier service boundary.

Do these have to increase by 1 for each update, or just increase? SHould 
be clear.

> The contents of this attribute is a
>    timezoned XML type dateTime, in canonical representation.  See

contents are

>  The 'expires' attribute is REQUIRED to be included in the <mapping>
>    element.

Is there a way to use LoST without caching? To specify that this result 
is valid only for the purposes of satisfying this one query? Or to say 
that the results never expire?

> On occasion, a server may be forced to return an expired mapping if
>    it cannot reach the authoritative server or the server fails to
>    return a usable answer.  Clients and servers MAY cache the mapping so
>    that they have at least some information available.  Caching servers
>    that have such stale information SHOULD re-attempt the query each
>    time a client requests a mapping.

A meta-issue here, is whether the LoST protocol is meant to just be a 
client-server protocol, or whether we are specifying rules for the 
entire system. This SHOULD here is a rule for a server to follow when 
contacting other servers and thus would not be present in a 
client-server protocol spec.

As another issue, this section (section 5) is a mix of behaviors that 
define rules around construction of objects and for behaviors of 
servers. WHich is it?

>  Zero or more <displayName> elements describe the service with a
>    string that is suitable for display to human users, each annotated
>    with the 'xml:lang' attribute that contains a language tag to aid in
>    the rendering of text.

Presumably the presence of more than one is to allow responses to convey 
multiple languages. Might want to state that.

> The <service> element is optional but may also be required if the
>    mapping is to be digitally signed.

seems like a normative statement is needed here - The <service> element 
MUST be present if the mapping is to be digitally signed.

>  A response MAY indicate the region for which the service URL returned
>    would be the same as in the actual query, the so-called _service
>    region_. 

I don't understand this definition. I thought it would be something 
like: The service region is a set of locations, such that if a client 
generates a new query with the same service URN and a location within 
the set, the server would return the same service URI in its response.

> The service region is described by value
>    in one or more <serviceBoundary> elements, each formatted according
>    to a different location profile, identified by the 'profile' atribute
>    (see Section 11).

and:

>  A response MAY contain more than one <serviceBoundary> element with
>    profile 'civic'.

appear to contradict each other. Which is it?

> The identifier is a random token with at least 128 bits of entropy
>    and can be assumed to be globally unique.  It uniquely references a
>    particular boundary.  If the boundary changes, a new identifier MUST
>    be chosen.  Because of these properties, a client receiving a mapping
>    response can simply check if it already has a copy of the boundary
>    with that identifier.  If so, it can skip checking with the server
>    whether the boundary has been updated.  Since service boundaries are
>    likely to remain unchanged for extended periods of time, possibly
>    exceeding the normal lifetime of the service URL, this approach
>    avoids unnecessarily refreshing the boundary information just because
>    the the remainder of the mapping has become invalid.

Any guidelines about when a server is supposed to send a service 
boundary reference as opposed to the actual service boundary in a response?

> The Service Number Element
> 
>    The service number is returned in the optional <serviceNumber>
>    element.  It contains a string of digits, * and # that a user on a
>    device with a 12-key dial pad could use to reach that particular
> 
> 
> 
> Hardie, et al.           Expires August 13, 2007               [Page 11]
> 
> Internet-Draft                    LoST                     February 2007
> 
> 
>    service.

This is not true.

So if I'm in an enterprise which requires '9' for an outside line, 
wouldn't I have to dial 9 first before this sequence? I think these 
service numbers represent numbers that are part of the local *numbering 
plan*, and are accessed based on the *dial plan* configured into the device.

> 7.3.3.  Recursion
> 
>    LoST <findService> and <listServicesByLocation> queries can be
>    recursive, as indicated by the 'recursive' attribute.  A value of

You haven't mentioned the listServicesByLocation query yet.

> The example in Figure 6 demonstrates address
>    validation, omitting the standard response elements.

but figure 6 is a request, not a response. So how can it omit response 
elements? Maybe you mean figure 7?

> true.  Each element contains a list of tokens separated by white
>    space, enumerating the civic location lables used in child elements

labels

>  Note that the same address can yield different responses if parts of
>    the civic address contradict each other.  For example, if the postal
>    code does not match the city, local server policy determines whether
>    the postal code or the city is considered valid.  The mapping
>    naturally corresponds to the valid elements.

I think you need a bit more guidance on how to construct the validation 
responses. In particular, I think that you would want to indicate that 
the most specific address component that is in conflict is the one 
listed as in error. For example, if a street address is 65 Main St. and 
there is no number 65 on Main St., you would indicate that "65" is in 
error, not Main St.

>  <?xml version="1.0" encoding="UTF-8"?>
>    <listServices
>      xmlns="urn:ietf:params:xml:ns:lost1">
>      <service>urn:service:sos</service>
>    </listServices>
> 
>                 Figure 12: Example of <ListServices> query

The text in section 9 doesnt mention that the query can contain a 
service. Presumably this is a request for the server to indicate which 
services it supports beneath this root? And that, if absent, its a 
request for all services?

There is an assumption that the server knows all of the services it 
supports. What about a LoST server that front ends a large number of 
back-end servers, forwarding requests to a particular back-end server 
based on location? THis front end server doesn't really know what 
services it supports.

>  define the manner in which location information is transmitted.  It
>    possible to standardize other profiles in the future.  The two
>    baseline profiles are:

It is

>  4.  The declaration of whether geodetic-2d or civic is to be used as
>        the baseline profile.  It is necessary to explicitly declare the
>        baseline profile as future profiles may be combinations of
>        geodetic and civic location information.

This doesn't make sense to me; I thought this spec defined both 
geodetic-2d and civic as baseline mandatory-to-implement.

> Requests and responses containing <location> or <serviceBoundary>
>    elements MUST contain location information in exactly one of the two
>    baseline profiles, in addition to zero or more additional profiles.
>    The ordering of location information indicates a preference on the
>    part of the sender.

THis seems odd. Why can't you include location in both of the location 
profiles if you have it? It might allow the server to figure out which 
is more accurate and use that one.

>  1.  A client MUST be capable of understanding the response for the
>        baseline profiles it used in the request.

The word 'profiles' (plural) makes me think you can in fact have 
multiple baseline profiles in the request, though the words above forbid it.

>   4.  Servers MUST implement the geodetic-2d and civic profiles.

What does this mean? Does it mean that it must be able to process 
requests with <location> objects in either format? Does it mean it needs 
to be able to represent a boundary in either of the two formats? Thats 
actually a tall order; I would tend to think that boundaries in 
particular would typically exist in only one format and that conversion 
is not going to be easy or possible in many cases.

>  6.  If a server receives a request that only contains location
>        information using profiles it does not understand, the server
>        responds with a <locationProfileError> (Section 12.1).

based on your rules this should never happen.

>  7.  The <serviceBoundary> element MUST use the same location profile
>        that was used to retrieve the answer and indicates which profile
>        has been used with the 'profile' attribute.

'used to retrieve the answer' - what does that mean? What if the server 
converts the input format internally prior to looking up the answer in a 
backend store?

Also these rules do not place any requirements on clients. Do they need 
to support both geodesic-2d and civic? Should be clear either way.

>  These rules enable the use of location profiles not yet specified,
>    while ensuring baseline interoperability.  Take, for example, this
>    scenario.  Client X has had its firmware upgraded to support the
>    uber-complex-3D location profile.  Client X sends location

You are talking about figures 16 and 17 though you don't reference them.

>  Servers use this profile by placing a GML [13] <Polygon> element
>    within the <serviceBoundary> element.  This is defined by the
>    'polygon' pattern in the LoST schema (see Section 14).

Well, servers 'use this profile' by processing <location> requests and 
constructing serviceBoundary objects in responses. I think you mean to 
say that <location> objects are constructed using <position> and 
serviceBoundary elemenets by <Polygon> elements.

Same comment on 11.3.

> A LoST server can respond indicating that the querier should redirect
>    the query to another server, using the <redirect> element.  The
>    element includes a 'target' attribute indicating the LoST application
>    unique string (see Section 4) that the client SHOULD be contacting
>    next, as well as the 'source' attribute indicating the server that
>    generated the redirect response and a 'message' attribute explaining
>    the reason for the redirect response. 

Is there support for multiple languages at once here, as is the case 
with warnings and errors?

> 13.  LoST Transport

You might want to include some discussion on timers. LoST layers a 
transaction protocol ontop of HTTP. How long should a client wait for a 
response?

Do LoST servers need to support pipelining? Do they have to provide both 
http and https support? Do clients need to support both?

What about authentication? Can digest be used? What about mutual TLS?

I think this section is a bit underspecified.

> 16.5.  LoST Location Profile Registry
> 
>    This document seeks to create a registry of location profile names
>    for the LoST protocol.  Profile names are XML tokens.  This registry
>    will operate in accordance with RFC 2434 [2], Standards Action.

I'd suggest you actually include the table that IANA is supposed to 
create. I think you want it to look like this:

LoST Location Profiles

Profile Name             Specification
--------------------------------------
geodetic-2d              RFCXXXX
civic                    RFCXXXX

> Generally, authentication and authorization is not required for
>    mapping queries.  If it is, authentication mechanism of the
>    underlying transport mechanism, such as HTTP basic and digest
>    authentication, MAY be used.  (Basic authentication SHOULD only be
>    used in combination with TLS.)

I this this last SHOULD has to be a MUST.

> 17.  Security Considerations

Text in the body of the specification discusses body signatures, but 
there is no treatment on how this is done.

> In protocols that support
>    content type indication, LoST uses the media type application/
>    lost+xml.

What does this mean? That when used with HTTP, LoST objects use this 
content-type?

Thanks,
JOnathan R.

-- 
Jonathan D. Rosenberg, Ph.D.                   600 Lanidex Plaza
Cisco Fellow                                   Parsippany, NJ 07054-2711
Cisco Systems
jdrosen@cisco.com                              FAX:   (973) 952-5050
http://www.jdrosen.net                         PHONE: (973) 952-5000
http://www.cisco.com

_______________________________________________
Ecrit mailing list
Ecrit@ietf.org
https://www1.ietf.org/mailman/listinfo/ecrit