Re: [Geopriv] HELD using XCAP wrt Common Policy/Geolocation Policy

["Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>]

Hi James, 

Let me provide a longer description of the story. 

With the work on the DHCP LbyR you wanted to go for the access control
authorization model. I told you about the disadvantages before (but, as
usual, you did not seem to like my input).

The downside of that decision is that you need to provide a story for
the access control authorization model. The only possible story in DHCP
is to use a separate protocol mechanism. At the moment there is only one
mechanism available for usage with DHCP, namely XCAP & Common Policy
(and potentially Geolocation Policy). 

In HELD the group decided in favor of the possession authorization
model. HELD runs on top of HTTP and hence you can put a lot of other
stuff in there, if you want. However, with the possession model you
don't need to upload authorization policies. If you (later) still want
to additionally provide support for the access control model then you
could, as an option, piggyback a Common Policy document (which was in
one of the earliest HELD drafts --  a feature that got removed because
it was seen as too complex by the group back then) -- something you
cannot do with DHCP (obviously because of the size). 

So, the default model in HELD is the possession model and the access
control authorization model is just an add-on. In DHCP you decided that
the access control authorization model is the only suitable model (for
whatever reason). 

About the HELD context work: Doing the work on HELD we noticed that
additional functionality would be very useful, i.e. functionality that
goes beyond Common Policy and the Geolocation Policy (or is even not
directly related to the two, I would say). This work is documented in
the HELD context document. 

Hope my description helped and was able to clarify the topic. This is
not a HELD vs. DHCP issue, just as a remark.  

Finally, as you know: The geolocation policy document provides only
location-based authorization and transformations for location
information. The most important features one needs are for the purpose
discussed here is, however, authorization based on the **identity** of
the location recipient. This functionality is in Common Policy. So, I
believe that (if this stuff gets used at all) then it will be Common
Policy rather than Geolocation Policy. 

Ciao
Hannes

PS: Please note that I only review and help with the DHCP LbyR document
review because I want to be a good GEOPRIV WG citizen and not because my
employer has any interest in it. 


>At 02:27 AM 9/21/2009, Tschofenig, Hannes (NSN - FI/Espoo) wrote:
>>I could imagine that adding the ability to upload Common 
>>Policy/Geolocation Policy as an add-on to 
>>draft-winterbottom-geopriv-held-context-04.txt is a lot easier than 
>>using XCAP, particularly since I believe that 95% of the cases will 
>>only make usage of a fraction of Common Policy (and nothing from the 
>>geolocation policy document).
>
>I'm trying to figure out what is being said here in Hannes' 
>paragraph above.
>
>Is HELD really not needing Common Policy/Geolocation Policy 
>because it has another ID specifying some other mechanism?
>
>If so, why would this WG allow this?
>
>Common Policy is supposed to be "common" to everything, right?
>
>Geolocation Policy is supposed to be used by everything 
>Geopriv specific, right?
>
>It appears the net result of this - if true - is that DHCP has 
>to jump through hoops that HELD doesn't, even though HELD can.
>
>James
>
>
>>Ciao
>>Hannes
>
>