Internet Engineering Task Force (IETF) R. Barnes
Request for Comments: 6280 M. Lepinski
BCP: 160 BBN Technologies
Updates: 3693, 3694 A. Cooper
Category: Best Current Practice J. Morris
ISSN: 2070-1721 Center for Democracy & Technology
H. Tschofenig
Nokia Siemens Networks
H. Schulzrinne
Columbia University
July 2011
An Architecture for Location and Location Privacy
in Internet Applications
Abstract
Location-based services (such as navigation applications, emergency
services, and management of equipment in the field) need geographic
location information about Internet hosts, their users, and other
related entities. These applications need to securely gather and
transfer location information for location services, and at the same
time protect the privacy of the individuals involved. This document
describes an architecture for privacy-preserving location-based
services in the Internet, focusing on authorization, security, and
privacy requirements for the data formats and protocols used by these
services.
Status of This Memo
This memo documents an Internet Best Current Practice.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
BCPs is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc6280.
Barnes, et al. Best Current Practice [Page 1]
RFC 6280 Internet Location Architecture July 2011
Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Barnes, et al. Best Current Practice [Page 2]
RFC 6280 Internet Location Architecture July 2011
Table of Contents
1. Introduction ....................................................3
1.1. Binding Rules to Data ......................................4
1.2. Location-Specific Privacy Risks ............................5
1.3. Privacy Paradigms ..........................................6
2. Terminology Conventions .........................................7
3. Overview of the Architecture ....................................7
3.1. Basic Geopriv Scenario .....................................8
3.2. Roles and Data Formats ....................................10
4. The Location Life Cycle ........................................12
4.1. Positioning ...............................................13
4.1.1. Determination Mechanisms and Protocols .............14
4.1.2. Privacy Considerations for Positioning .............16
4.1.3. Security Considerations for Positioning ............16
4.2. Location Distribution .....................................17
4.2.1. Privacy Rules ......................................17
4.2.2. Location Configuration .............................19
4.2.3. Location References ................................20
4.2.4. Privacy Considerations for Distribution ............21
4.2.5. Security Considerations for Distribution ...........23
4.3. Location Use ..............................................24
4.3.1. Privacy Considerations for Use .....................25
4.3.2. Security Considerations for Use ....................25
5. Security Considerations ........................................25
datatracker.ietf.org