In association with heise online

« previous | next »
20 November 2008, 15:02

IETF developers call for privacy rules for the W3C's geodata API

At the Internet Engineering Task Force (IETF) meeting in Minneapolis, the standards organisation's developers warned about potential data protection weaknesses in a new standard developed by their sister organisation, the World Wide Web Consortium (W3C). A W3C working group plans to release the first complete draft proposal for a Geolocation Application Interface before the end of the week. The specification defines a programming interface which gives access to the geodata – geographical information – stored on a host.

Proposed areas of use are the determination of the user's position for orientation purposes, for up-to-date local information, or for the automatic inclusion of geodata in forms.

According to members of the IETF's Geopriv working group, users should not just have a yes/no option for disclosing their location data, but should also be able to restrict access – for example, by stipulating a time limit. Together with representatives of the US Center for Democracy and Technology, the Secretary of the Geopriv working group, Richard Barnes, advocated the integration of a stricter data protection model into the W3C standard. The Secretary especially pointed out the standards developed by Geopriv, particularly RFC 4119. He said that without the integration of privacy options in the W3C API, the IETF standard's data protection rules would effectively be disregarded.

The Secretary also criticised the method of determining locations based exclusively on latitude and longitude co-ordinates, which in his opinion often doesn't result in a precise location. The IETF also uses civic addresses and is working on incorporating the various international address formats. However, according to Mr Barnes, the question of incorporating civic addresses is the lesser problem.

The W3C working group has so far responded with a clear notice in the standard proposal: geolocation data can only be retrieved with the user's explicit approval. Many working group members object to stricter privacy rules in the API and warn that a solution like the one suggested by the Geopriv standard would be too complex. They said it would overburden the Geolocation API and would also contradict already existing applications. The topic is still being discussed.

(Monika Ermert)

(lghp)

Add your comment

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-738903

Also on The H:

  • Share this article
  • Twitter
  • Facebook
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit
The H Headlines

Price Insight Top 10 powered by Skinflint

  1. Samsung SSD 830 Series 128GB
  2. Samsung SSD 830 Series 256GB
  3. Samsung SSD 830 Series Desktop Upgrade Kit 256GB
  4. Intel Core i5-3570K
  5. Samsung Galaxy S3 i9300 16GB blau
  6. Crucial m4 SSD 128GB
  7. Diablo 3 (deutsch)
  8. Gigabyte GeForce GTX 670 OC
  9. Samsung Galaxy Nexus i9250 16GB silber
  10. Palit GeForce GTX 670

The H

The H open source

The H Security

The H Internet Toolkit