WDIFF

draft-winterbottom-geopriv-held-identity-extensions-06.txt --> draft-winterbottom-geopriv-held-identity-extensions-07.txt

view Side-By-Side changes

Geopriv J. Winterbottom
Internet-Draft M. Thomson
Intended status: Standards Track Andrew Corporation
Expires: January 15, May 7, 2009 H. Tschofenig
Nokia Siemens Networks
July 14,
R. Barnes
BBN Technologies
November 3, 2008

HELD Identity Extensions
draft-winterbottom-geopriv-held-identity-extensions-06.txt
draft-winterbottom-geopriv-held-identity-extensions-07

Status of this Memo

By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.

Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."

The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.

The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.

This Internet-Draft will expire on January 15, May 7, 2009.

Winterbottom, et al. Expires January 15, May 7, 2009 [Page 1]

Internet-Draft HELD-ID-EXT July HELD Identity November 2008

Abstract

When a Location Information Server receives a request for location
information (using the locationRequest message), described in the
base HTTP Enabled Location Delivery (HELD) specification, it uses the
source IP address of arriving message as a pointer to the location
determination process. This is appropriate sufficient in many environments.
However, when environments where an entity acting
Target's location can be determined based on behalf of its IP address.

Two additional use cases are addresses by this document. In the Target would like to
request location information then
first, the source IP address of in the request will lead to wrong results. In other cases the IP address is not the only
identifier that serves as for the Target. In the second, an input to entity other than the location
determination procedure.
Target requests the Target's location.

This document extends the HELD protocol to allow the location request
message to carry additional identifiers assisting the location
determination process. It defines a set of URIs for Target
identifiers and an XML containment schema. This extension is used in
conjunction with HELD to provide Target identification, and set of
criteria of when to use this extensions are provided. Examples and
usage in HELD message syntax are also shown.

Winterbottom, et al. Expires January 15, May 7, 2009 [Page 2]

Internet-Draft HELD-ID-EXT July HELD Identity November 2008

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
3. Criteria for using on behalf of location requests . . . . . . 6
4. Identity Extension Details . . . . . . . . . . . . . . . . . . 7
4.1. 6
3.1. URI Definitions . . . . . . . . . . . . . . . . . . . . . 7
4.1.1. Ethernet 6
3.1.1. MAC Address URI . . . . . . . . . . . . . . . . . . . 7
4.1.2. 6
3.1.2. IP Address URIs . . . . . . . . . . . . . . . . . . . 7
4.2. 6
3.2. Schema . . . . . . . . . . . . . . . . . . . . . . . . . . 8 7
4. Privacy Considerations . . . . . . . . . . . . . . . . . . . . 10
5. Security Considerations . . . . . . . . . . . . . . . . . . . 11 12
5.1. Device-provided identity extensions Location Configuration Protocol Requests . . . . . . . . . 12
5.2. Third Party Requests . . . 11
5.2. On behalf of requests . . . . . . . . . . . . . . . . 12
5.3. Distinguishing LCP Requests from Third Party Requests . . 11 13
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 14
6.1. URN Sub-Namespace Registration for
urn:ietf:params:xml:ns:geopriv:held:id . . . . . . . . . . 12 14
6.2. XML Schema Registration . . . . . . . . . . . . . . . . . 12 14
6.3. Identifier 'type' Attribute values . . . . . . . . . . . . 13 15
6.4. URI Type Attribute Values . . . . . . . . . . . . . . . . 13 15
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 15 17
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 16 18
8.1. Normative references . . . . . . . . . . . . . . . . . . . 16 18
8.2. Informative references . . . . . . . . . . . . . . . . . . 16 18
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 18 20
Intellectual Property and Copyright Statements . . . . . . . . . . 19 21

Winterbottom, et al. Expires January 15, May 7, 2009 [Page 3]

Internet-Draft HELD-ID-EXT July HELD Identity November 2008

1. Introduction

Location Configuration Protocols, such as HELD
[I-D.ietf-geopriv-http-location-delivery], need to identify

Protocols for requesting and providing location information require a Target
in order to determine its location. The base HELD specification only
provides Target identity through
way for the IP address of requestor to specify the requesting
Target, while [I-D.ietf-geopriv-l7-lcp-ps] provides examples of where
this may location that should be insufficient. This memo defines a set of URIs and
returned. In a
containment schema that allows location configuration protocol (LCP), the entity requesting location
information to indicate a
being requested is the requestor's location. This fact can make the
problem of identifying the Target simpler for LCPs, since IP
datagrams that carry the request already carry an identifier beyond for the
Target, namely the source IP address of the an incoming request.

In addition to
Existing LCPs, such as HELD [I-D.ietf-geopriv-http-location-delivery]
and DHCP ([RFC3825], [RFC4776]) rely on the source IP address, and
possibly lower-layer identifiers to identify a Target.

Aside from the datagrams that form a request, a location information
server (LIS) does not necessarily have access to information that
could further identify the Target providing of the request. In some
circumstances, as shown in [I-D.ietf-geopriv-l7-lcp-ps], additional
identification information about itself can be included in order a request to aid location determination, identify a trusted node can use
Target.

This document extends the
techniques described in this memo HELD protocol to request support the inclusion of
additional identifiers for the Target in HELD location information
about requests. The
identifiers are defined as URIs that include a specific Target, on behalf range of different
types of (OBO) identification information. Finally, an XML schema is
defined that Target. Use cases
for this functionality are described in [I-D.ietf-geopriv-l7-lcp-ps]
and [I-D.ietf-ecrit-phonebcp] and focus on environments where provides a call-
server or proxy resides structure for including these identifiers in
HELD requests.

An important characteristic of this addition to the same administrative domain as HELD protocol is
that is also expands the LIS,
and potential scope of HELD beyond that of an
LCP. The scope of an LCP is limited to the interaction between a
Target has either failed, or and a LIS. That is, an LCP is unable, limited to provide location the Target
retrieving information when it is required about their own location. With this addition,
third party location recipients (LRs) are able to do so. This memo provides make requests that
include identifiers to retrieve location information about a
particular Target.

The usage of HELD for purposes beyond the Target-LIS interaction
obviously introduces a new set of criteria that can be applied by operators considering privacy concerns. In an OBO-based LCP, the
requester is implicitly authorized to access the request location deployment.
information, because it is their own location. In contrast, when a
third party LR requests a Target's location, the LR MUST be
explicitly authorized. Establishing appropriate authorization and
other related privacy concerns are discussed in Section 4.

Winterbottom, et al. Expires January 15, May 7, 2009 [Page 4]

Internet-Draft HELD-ID-EXT July HELD Identity November 2008

2. Terminology

This document reuses the term Target, as defined in [RFC3693].

This document uses the term Location Information Server, LIS as
described in [I-D.ietf-geopriv-l7-lcp-ps].

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].

Winterbottom, et al. Expires January 15, May 7, 2009 [Page 5]

Internet-Draft HELD-ID-EXT July HELD Identity November 2008

3. Criteria for using on behalf of location requests

The general model for acquiring location in the Internet places the
onus on the end-point to acquire its location prior to invoking a
service that needs this information in order to operate correctly.
There is general acceptance from a range of organizations and
operators that this approach cannot ensure the operation of essential
services in the short to medium term with current terminal and
network deployments. Network operators do not, for the most part,
control or own user-terminal equipment, which means that they are not
in a position to ensure essential services will work correctly for
legacy devices connected to the network and this presents a dilema
that requires a standarized technical solution. The accepted
approach is to have a trusted node be able to request location on-
behalf-of of the end-point to facilitate the correct operation of
services deemed essential by the local jurisdiction. Examples of
essential services include, but are not limited to ambulance, law
enforcement, and fire services.

To support an on-behalf-of location request mechanism there is a need
for a strong trust relationship between the access and service
provider entities. This relationship should exist soley for the
purposes of providing services considered essential by the
jurisdiction. The essential service may be provided inside the local
access network, placing the access network and service provider in
same administrative domain. Alternatively, the essential service is
provided by a jurisdictional authority that has the right to request
the location information for a Target in an access network operating
in its legal boundaries.

In addition to a strong trust relationship the access and service
providers need to agree on a Target identifier. This identifier must
have the properties of allowing the essential service to identify the
LIS in the serving access network, and allowing the LIS to identify
the end-device in the access network.

Winterbottom, et al. Expires January 15, 2009 [Page 6]

Internet-Draft HELD-ID-EXT July 2008

4. Identity Extension Details

This section defines the details Identity Extension Details

This section defines the details of the schema extension for HELD to
support the inclusion of a Target identity in the form of a URI or
typed-token. A set of URI definitions that can be used to specify
these identities is also provided.

4.1.

3.1. URI Definitions

The URIs defined in this section are designed to identify a Target;
they do not identify measurements or sighting data associated with a
Target, such as the switch and port information to which the Target
is attached. This information may, for example, be acquired using
DHCP relay information [RFC3046] or LLDP [LLDP]. Device measurements
and sighting data are described in
[I-D.thomson-geopriv-held-measurements]. The identity provided may
be transitory, such as an IP address that is leased from a DHCP
server pool.

The URIs in the following sub-sections are defined using ABNF
(augmented Backus-Naur form) described in [RFC2234].

4.1.1. Ethernet

3.1.1. MAC Address URI

This is

A MAC URI represents the Ethernet hardware media access control address of the device, and is defined Device,
as per defined in the IEEE 802 series of specifications. The ABNF for
this URI type is defined as:

mac-uri = "mac:" 2*2HEXDIG 5*5macdig
macdig = "-" 2*2HEXDIG

This type of URI is, for example,

MAC URIs can be used in the same manner as is suggested by the
undefined "mac:" URIs used in examples in RFC 4479 [RFC4479]. An
example of its use is provided in Figure 5.

4.1.2. 3.

3.1.2. IP Address URIs

This section provides the ABNF for IP version 4 and IP version 6
URIs. One application of this URI scheme is described in
[I-D.ietf-geopriv-l7-lcp-ps], where an outbound SIP proxy needs to
make location requests to a LIS on behalf of a Target because, for
some reason, the necessary information was not provided by the
Target.

Winterbottom, et al. Expires January 15, 2009 [Page 7]

Internet-Draft HELD-ID-EXT July 2008

ip-uri = "ip:" ipv4 / ipv6
ipv4 = "IPv4+" IPv4-Address
IPv4-Address = 1*3DIGIT "." 1*3DIGIT "." 1*3DIGIT "." 1*3DIGIT IPv4address ; from RFC 3986
ipv6 = "IPv6+" hexpart [ ":" IPv4-Address ]
hexpart = hexseq / hexseq "::" [ hexseq ] / "::" [ hexseq ]
hexseq = hex4 *( ":" hex4)
hex4 = 1*4HEXDIG IPv6address ; from RFC 3986

Winterbottom, et al. Expires May 7, 2009 [Page 6]

Internet-Draft HELD Identity November 2008

The definitions for "IPv4address" and "IPv6address" are taken from
[RFC3986].

An example of a location request including a URI in this form to
identify the Target device is shown in Figure 3. 1.

<locationRequest
xmlns="urn:ietf:params:xml:ns:geopriv:held" responseTime="8"> responseTime="8000">
<locationType>geodetic</locationType>
<deviceIdentity xmlns="urn:ietf:params:xml:ns:geopriv:held:id">
<uri>ip:IPv4+192.0.2.5</uri>
</deviceIdentity>
</locationRequest>

Figure 3: 1: HELD Location Request Using an IP Address

Note that the URI types are not case sensitive and the iP:ipv4+
192.0.2.5 is still a valid URI.

4.2.

3.2. Schema

This section defines a schema that is used to provide Target
identifiers in a HELD location request.

Winterbottom, et al. Expires January 15, May 7, 2009 [Page 8] 7]

Internet-Draft HELD-ID-EXT July HELD Identity November 2008

<?xml version="1.0"?>
<xs:schema
targetNamespace="urn:ietf:params:xml:ns:geopriv:held:id"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:heldDI="urn:ietf:params:xml:ns:geopriv:held:id"
xmlns:xml="http://www.w3.org/XML/1998/namespace"
elementFormDefault="qualified" attributeFormDefault="unqualified">

<xs:complexType name="typedURI">
<xs:simpleContent>
<xs:extension base="xs:anyURI">
<xs:attribute name="type" type="xs:token"
use="optional"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>

<xs:complexType name="typedToken">
<xs:simpleContent>
<xs:extension base="xs:token">
<xs:attribute name="type" type="xs:token"
use="required"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>

<xs:complexType name="idParameters">
<xs:sequence>
<xs:element name="uri" type="heldDI:typedURI"
minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="identifier" type="heldDI:typedToken"
minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>

<xs:element name="deviceIdentity" type="heldDI:idParameters"/>

</xs:schema>

Figure 4: 2: Schema

Winterbottom, et al. Expires January 15, May 7, 2009 [Page 9] 8]

Internet-Draft HELD-ID-EXT July HELD Identity November 2008

The schema provided in Figure 4 2 allows a URI and/or token to be
provided so that a Target can identify itself by more than just its
IP address. The URI can also include an optional "type" attribute so
that URIs that might otherwise look the same can be distinguished
based on their usage.

For example <uri type="gruu">sip:callee@example.com</uri> or <uri
type="aor">sip:callee@example.com</uri>

An IANA registry is established for defining uri token types, and
this defined in Section 6.4.

When the <identifier> element is used the "type" attribute is
mandatory as it tells the LIS or receiving entity how to interpret
the identifier. An IANA registry is established for the central
repository for recognized identifier types. The set of initial types
is provided in Section 6.3.

A HELD location request sent by a device using the schema shown in
Figure 4 2 to provide its identity as a MAC URI would look similar to
Figure 5. 3.

<locationRequest xmlns="urn:ietf:params:xml:ns:geopriv:held"
responseTime="8">
responseTime="8000">
<locationType>geodetic</locationType>
<deviceIdentity xmlns="urn:ietf:params:xml:ns:geopriv:held:id">
<uri>mac:01-ab-34-ef-69-0c</uri>
</deviceIdentity>
</locationRequest>

Figure 5: 3: HELD Location Request URI example

Similarly a Target identifying itself using its DHCP client
identifier (DHCP option 61 in [RFC2132]) in a location request to a
LIS would send something similar to Figure 6. 4.

<locationRequest xmlns="urn:ietf:params:xml:ns:geopriv:held"
responseTime="8">
responseTime="8000">
<locationType>geodetic</locationType>
<deviceIdentity xmlns="urn:ietf:params:xml:ns:geopriv:held:id">
<identifier type="dhcpClientId">035552764</identifier>
</deviceIdentity>
</locationRequest>

Figure 6: 4: HELD Location Request Identifier example

Winterbottom, et al. Expires January 15, May 7, 2009 [Page 10] 9]

Internet-Draft HELD-ID-EXT July HELD Identity November 2008

5. Security

4. Privacy Considerations

5.1. Device-provided identity extensions

Identity extensions proivded by the Target device are commonly
provided to assist the LIS in

A location determination. Where configuration protocol has a very simple privacy model.
Because the LIS requester is going to use this information also the Target, it MUST can be verifiable by assumed that
providing that requester with location information is allowed. Such
a policy makes the LIS, simple assumption that as the choice to perform this verification or not subject of the
location information, the Target is left also permitted access to that
information. In effect, an LCP server (that is, the
operator of LIS) follows a
single rule policy that states that the service. A MAC address provided by Target is the only authorized
Location Recipient.

Note: HELD explicitly takes the position that the Target is a target device,
for example, can be verified by performing Device
and not a DHCP lease-query based
described person. For the purpose of the discussion in [RFC4388]. Identity this
section, the two are considered one and the same.

When the identity extensions such as tel uris defined above are used by the Target to
augment an LCP query, this default "LCP policy" remains the relevant
policy, and
hostnames can be validated using network services such as enum the security and
ldap.

Information privacy considerations of the base HELD
protocol [I-D.ietf-geopriv-http-location-delivery] apply. The only
augmentation required is that cannot be verified, or if the LCP policy is found to be false MUST be
ignroed by applied, the LIS.

5.2. On behalf of requests

The on behalf
LIS MUST authenticate that the requested identity is in fact that of mechanism allows
the requestor, and MUST deny access network provider to
specify rules for location acqusition for essential local services. if this
authentication fails.

The requirement to implement and comply with these rules will often
be outside LCP policy does not allow requests made by third parties. If a
LIS permits requests from third parties using identity extensions, it
assumes the control rule of a Location Server (LS). HELD becomes a more
general location request protocol--a "using protocol" by the access provider with legislation
mandating adherence. In such circumstances connectivity
definitions in [RFC3693]--and the privacy considerations for using
protocols apply. As a Location Server, the LIS MUST explicitly
authorize requests according to the
access network policies that are provided by
Rule Makers, including the Target. This includes authentication of
requesters where required by the authorization policies.

An organization that provides a LIS that allows third party requests
SHOULD provide a means for a Rule Maker to specify authorization
policies before allowing third party requests for that Target's
location. Until an end-device authorization policy is established, the LIS MUST
reject requests by third parties.

For a network operator, authorization might be a manual process, an implicit acceptance
explicit part of these
usage rules. Providers the terms of access networks service for the network, or an
automated system that divulge location in accepts formal authorization policies (see
[RFC4745], [RFC4825]). This document does not mandate any particular
mechanism for establishing an on behalf authorization policy.

When the LIS is operated by the Target's access network, the
relationship between the Target and the LIS can be transient.

Winterbottom, et al. Expires May 7, 2009 [Page 10]

Internet-Draft HELD Identity November 2008

However, the process of manner should provide an indication establishing network access usually results
in a form of this agreement between the Target and the network provider.
This process offers a natural vehicle for establishing location
privacy policies.

Winterbottom, et al. Expires May 7, 2009 [Page 11]

Internet-Draft HELD Identity November 2008

5. Security Considerations

The security considerations in it
terms
[I-D.ietf-geopriv-http-location-delivery] describe the use of TLS for
server authentication, confidentiality and conditions allowing allowing protection from
modification. These protections apply to both LCP requests and the
requests made by third parties.

5.1. Location Configuration Protocol Requests

Requests made by a Device (or Target) in the user context of device a location
configuration protocol are covered by the option same set of connecting or not. Where protections
offered by HELD. All the security considerations for HELD apply.

Identity information provided by the Device is private data that
might be sensitive. The Device provides this information in the
expectation that it assists the LIS in providing the Device a
service. The LIS MUST NOT use identity information for any other
purpose other than serving the request that includes that
information.

Falsification of identification information could be used by
malicious Devices to gain access to location information for others,
or to acquire false location information. For location
configuration, the LIS MUST ensure that claimed identity information
belongs to the requester before relying upon it. If this
verification cannot be performed, the LIS MUST treat the request as
if it were a third party request.

Note: This might seem to negate much of the advantage provided by
the inclusion of identity parameters for the LCP case. However,
checking that the identity information is correct is generally
more feasible than acquiring the information in the first place.

For example, a MAC address provided by a target device can be
verified by performing a DHCP lease-query ([RFC4388]). Identity
extensions such as tel: URIs and hostnames can be validated using
network services such as the DNS, ENUM, LDAP and SIP registrars.

5.2. Third Party Requests

Requests from third parties have the same requirements for server
authentication, confidentiality and protection from modification as
LCP requests. However, because the third party needs to be
authorized, the requester MUST be authenticated by the LIS. The LIS
MUST NOT provide location information to unauthorized requesters.

A LIS that allows requests from third parties MUST support TLS client

Winterbottom, et al. Expires May 7, 2009 [Page 12]

Internet-Draft HELD Identity November 2008

authentication.

More detail on the privacy implications of third party requests are
covered in Section 4.

5.3. Distinguishing LCP Requests from Third Party Requests

There is a risk that a LIS that supports both LCP requests as well as
requests from third parties could leak information. To successfully
exploit this leak, a third party could convince the server that its
request is an LCP request and that the identity information it
provides indeed belongs to it. This could mean that the third party
is exempted from the mandatory authorization process.

A LIS that only provides LCP access to Targets is subject to the network may use on behalf of
location acqusition for non-essential services, same
attack. If a Target can provide false identification information
that is accepted by the user of LIS, it can effectively act as an end-
device MUST have authorized
third party.

This is limited by the option ability of restricting the divulging of location LIS to essential services only. How this restriction occurs is outside detect falsified
identity information. Implementations need to take care to verify
identity information as described in Section 5.1.

For all requests, the scope of this specification.

The LIS MUST not accept on behalf of location requests from, or
divulge location information to, any third-party ensure that it cannot
authenticate or authorize. In most cases on behalf of requests
should be restricted the requester is
authorized to essential services legislated by receive location information for the local
juridiction. specified Target
before providing that information.

Winterbottom, et al. Expires January 15, May 7, 2009 [Page 11] 13]

Internet-Draft HELD-ID-EXT July HELD Identity November 2008

6. IANA Considerations

This document registers an XML namespace and schema with IANA in
accordance with guidelines in [RFC3688]. It also creates a new
registry for device identity types, and stipulates how new types are
to be added.

6.1. URN Sub-Namespace Registration for
urn:ietf:params:xml:ns:geopriv:held:id

This section registers a new XML namespace,
"urn:ietf:params:xml:ns:geopriv:held:id", as per the guidelines in
[RFC3688].

URI: urn:ietf:params:xml:ns:geopriv:held:id

Registrant Contact: IETF, GEOPRIV working group,
(geopriv@ietf.org), James Winterbottom
(james.winterbottom@andrew.com).

XML:

BEGIN
<?xml version="1.0"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>HELD Device Identity Extensions</title>
</head>
<body>
<h1>Namespace for HELD Device Identity Extensions</h1>
<h2>urn:ietf:params:xml:ns:geopriv:held:id</h2>
[[NOTE TO IANA/RFC-EDITOR: Please update RFC URL and replace XXXX
with the RFC number for this specification.]]
<p>See <a href="[[RFC URL]]">RFCXXXX</a>.</p>
</body>
</html>
END

6.2. XML Schema Registration

This section registers an XML schema as per the guidelines in
[RFC3688].

Winterbottom, et al. Expires January 15, May 7, 2009 [Page 12] 14]

Internet-Draft HELD-ID-EXT July HELD Identity November 2008

URI: urn:ietf:params:xml:schema:geopriv:held:id

Registrant Contact: IETF, GEOPRIV working group, (geopriv@ietf.org),
James Winterbottom (james.winterbottom@andrew.com).

Schema: The XML for this schema can be found as the entirety of
Figure 4 2 of this document.

6.3. Identifier 'type' Attribute values

This document requests that the IANA create a new registry for
identifier 'type' attribute values. These are text strings that
clarify how the value identifies the Device. Referring to [RFC2434]
this registry operates under the "Expert Review" rule.

The following identifier types are registered as part of this memo:

o 'dhcpClientId'

dhcpClientId: The DHCP client identifier as defined by DHCP option
61 in [RFC2132]

o 'msisdn'

msisdn: The Mobile Station International Subscriber Dial Number.
This is an E.164 number made up of 6 to 15 digits

o 'imsi'

imsi: The International Mobile Subscriber identifier. A unique
identifier for GSM or UMTS mobile terminal made up of 6 to 15
digits that identify the country code, the network code and
device.

o 'imei'

imei: The International Mobile Equipment identifier. This is an
electronic serial number for a mobile device and is consists of up
to 15 digits

o 'min'

min: Mobile Identification Number. A unique equipment identifier
assigned to CDMA handsets.

o 'mdn'

mdn: Mobile Dial Number. An E.164 number made up of 6 to 15 digits.

o 'hostname'

hostname: The hostname or FQDN of the device.

o 'directoryNumber'

directoryNumber: The directory number of the device.

6.4. URI Type Attribute Values

This document requests that the IANA create a new registry for uri
'type' attribute values. These are text strings that clarify what a
URI actually identifies, and MUSt include the URI scheme to which the
type applies. Referring to [RFC2434] this registry operates under
the "Expert Review" rule.

Winterbottom, et al. Expires January 15, May 7, 2009 [Page 13] 15]

Internet-Draft HELD-ID-EXT July HELD Identity November 2008

the "Expert Review" rule.

The following identifier types are registered as part of this memo:

o 'aor'

aor: The SIP address of record as defined [RFC3261]. Applies to
'sip:', 'sips:', 'pres:'

o 'gruu'

gruu: The Globally Routable User Agent URI (GRUU) as defined in
[I-D.ietf-sip-gruu]. Applies to 'sip:', 'sips:'

Winterbottom, et al. Expires January 15, May 7, 2009 [Page 14] 16]

Internet-Draft HELD-ID-EXT July HELD Identity November 2008

7. Acknowledgements

The authors wish to thank the NENA VoIP location working group for
their assistance in the definition of the schema used in this
document. Special thanks go to Barbara Stark, Guy Caron, Nadine
Abbott, Jerome Grenier and Martin Dawson. Thanks also to Bob Sherry
for requesting that URI-types be supported which led to the typedURI
form. Thanks to Adam Muhlbauer and Eddy Corbett for providing
further corrections.

Winterbottom, et al. Expires January 15, May 7, 2009 [Page 15] 17]

Internet-Draft HELD-ID-EXT July HELD Identity November 2008

8. References

8.1. Normative references

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
January 2004.

[I-D.ietf-geopriv-http-location-delivery]
Barnes, M., Winterbottom, J., Thomson, M., and B. Stark,
"HTTP Enabled Location Delivery (HELD)",
draft-ietf-geopriv-http-location-delivery-08
draft-ietf-geopriv-http-location-delivery-10 (work in
progress), July October 2008.

[I-D.ietf-geopriv-l7-lcp-ps]
Tschofenig, H. and H. Schulzrinne, "GEOPRIV Layer 7
Location Configuration Protocol; Problem Statement and
Requirements", draft-ietf-geopriv-l7-lcp-ps-08 (work in
progress), June 2008.

[RFC2234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", RFC 2234, November 1997.

[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
A., Peterson, J., Sparks, R., Handley, M., and E.
Schooler, "SIP: Session Initiation Protocol", RFC 3261,
June 2002.

[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, January 2005.

[I-D.ietf-sip-gruu]
Rosenberg, J., "Obtaining and Using Globally Routable User
Agent (UA) URIs (GRUU) in the Session Initiation Protocol
(SIP)", draft-ietf-sip-gruu-15 (work in progress),
October 2007.

8.2. Informative references

[RFC3693] Cuellar, J., Morris, J., Mulligan, D., Peterson, J., and
J. Polk, "Geopriv Requirements", RFC 3693, February 2004.

[RFC2132] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor
Extensions", RFC 2132, March 1997.

Winterbottom, et al. Expires May 7, 2009 [Page 18]

Internet-Draft HELD Identity November 2008

[I-D.ietf-ecrit-phonebcp]
Rosen, B. and J. Polk, "Best Current Practice for
Communications Services in support of Emergency Calling",
draft-ietf-ecrit-phonebcp-05 (work in progress),

Winterbottom, et al. Expires January 15, 2009 [Page 16]

Internet-Draft HELD-ID-EXT July 2008
July 2008.

[I-D.thomson-geopriv-held-measurements]
Thomson, M. and J. Winterbottom, "Using Device-provided
Location-Related Measurements in HELD",
draft-thomson-geopriv-held-measurements-02 Location Configuration
Protocols", draft-thomson-geopriv-held-measurements-03
(work in progress), May October 2008.

[RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 2434,
October 1998.

[LLDP] IEEE, "802.1AB, IEEE Standard for Local and Metropolitan
area networks, Station and Media Access Control
Connectivity Discovery", June 2005.

[RFC3046] Patrick, M., "DHCP Relay Agent Information Option",
RFC 3046, January 2001.

[RFC3966] Schulzrinne, H., "The tel URI for Telephone Numbers",
RFC 3966, December 2004.

[RFC4479] Rosenberg, J., "A Data Model for Presence", RFC 4479,
July 2006.

[RFC4388] Woundy, R. and K. Kinnear, "Dynamic Host Configuration
Protocol (DHCP) Leasequery", RFC 4388, February 2006.

[RFC3825] Polk, J., Schnizlein, J., and M. Linsner, "Dynamic Host
Configuration Protocol Option for Coordinate-based
Location Configuration Information", RFC 3825, July 2004.

[RFC4825] Rosenberg, J., "The Extensible Markup Language (XML)
Configuration Access Protocol (XCAP)", RFC 4825, May 2007.

[RFC4745] Schulzrinne, H., Tschofenig, H., Morris, J., Cuellar, J.,
Polk, J., and J. Rosenberg, "Common Policy: A Document
Format for Expressing Privacy Preferences", RFC 4745,
February 2007.

[RFC4776] Schulzrinne, H., "Dynamic Host Configuration Protocol
(DHCPv4 and DHCPv6) Option for Civic Addresses
Configuration Information", RFC 4776, November 2006.

Winterbottom, et al. Expires January 15, May 7, 2009 [Page 17] 19]

Internet-Draft HELD-ID-EXT July HELD Identity November 2008

Authors' Addresses

James Winterbottom
Andrew Corporation
PO Box U40
University of Wollongong, NSW 2500
AU

Email: james.winterbottom@andrew.com

Martin Thomson
Andrew Corporation
PO Box U40
University of Wollongong, NSW 2500
AU

Email: martin.thomson@andrew.com

Hannes Tschofenig
Nokia Siemens Networks
Linnoitustie 6
Espoo 02600
Finland

Phone: +358 (50) 4871445
Email: Hannes.Tschofenig@gmx.net
URI: http://www.tschofenig.priv.at

Richard Barnes
BBN Technologies
9861 Broken Land Pkwy, Suite 400
Columbia, MD 21046
USA

Phone: +1 410 290 6169
Email: rbarnes@bbn.com

Winterbottom, et al. Expires January 15, May 7, 2009 [Page 18] 20]

Internet-Draft HELD-ID-EXT July HELD Identity November 2008

Full Copyright Statement

This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.

This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Intellectual Property

The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.

Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.

The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.

Acknowledgment

Funding for the RFC Editor function is provided by the IETF
Administrative Support Activity (IASA).

Winterbottom, et al. Expires January 15, May 7, 2009 [Page 19] 21]

----