FIDIS
Future of Identity in the Information Society (No. 507512)
D2.3
[Final], Version: 2.0
File: fidis-wp2-del2.3.models.doc
Page 26
For transporting of raw biometric data and templates, standards such as XCBF (OASIS XML
Common Biometric Format) can be used. The International Committee for Information
Technology Standards, a predominantly US organisation, is attempting to derive standards for
interoperability (data exchange formats) for biometrics with M1
8
, but is only one of several
parallel organisations and initiatives (BioAPI, ISO SC37
9
, BioFoundry x9.84 and others ..)
deriving ‘standards’ for biometric information..
Finally, it is worth mentioning the representation of biometric information in JXDM (global
Justice mark-up language), which can be used in a crime investigation context.
3.4 Location
3.4.1 Description
The location refers to the geographical position of the person. This property can apply to the
instant position of a person (typically the place in which a person is present at a particular
moment and that can be given by e.g. Geo-location (GPS) coordinates, or even the
geographical mapping of an IP number), or a more permanent position of this person
(typically the living or working addresses of a person).
3.4.2 Examples of attributes
•
Address
o
Home
o
Work
o
Leisure
•
Geographical location (instantaneous)
o
GPS coordinate
o
IP location mapping
3.4.3 Application domains
The location of a person is used in a variety of application domains. For instance the instant
coordinate of a person represents a major element in mobility applications. Indeed, this
information can be exploited to offer services that are geographically close to the current
position of a person. GPS can also be used to reveal some of the behavioural characteristics of
a person (Mountain and Raper, 2000).
Security and personalisation, in particular in e-commerce applications, can also make use of
the geographical location of the person determined via IP address (albeit with not a very good
level of reliability, because the table of IP addresses is not updated in real-time, and a range of
IP address may be reallocated to users from a totally different region). In the first case, this
8
InterNational Committee for Information Technology Standards: M1
http://www.ncits.org/tc_home/m1.htm
9
ISO SC 37 "Biometrics" data interchanged format.
http://isotc.iso.org/livelink/livelink/fetch/2000/2122/327993/2262372/customview.html?func=ll&objId=2262372
FIDIS
Future of Identity in the Information Society (No. 507512)
D2.3
[Final], Version: 2.0
File: fidis-wp2-del2.3.models.doc
Page 27
information can help to identify some instances of fraud
10
, and as a consequence, a payment
with a credit card issued in a different country may not be accepted. In the second case, the
knowledge of the IP address can help to determine the nationality of the person, and therefore
result in an interaction that is aware of geographical characteristics (such as the language
used).
The permanent locations of a person (the addresses) represent an
attribute that is present in
many identity management applications since it represents one of the most important means
to reach the person in the off-line world (via the mail). For instance, the address of the person
will be used in an e-commerce application to deliver the physical goods that have been
purchased by the person.
3.4.4 Relevant standards
Addresses
We will not try to identify all the different specifications that define the address of a person
since these are numerous. However we can mention the services and specification for which
this information can be considered more important such as LDAP (directory services) or
vCard (the digital business card). In the domain of commerce, CIQ (OASIS Customer
Information Quality) together with xNAL (extensible Name and Address Language) provide a
relatively detailed way to represent a person’s address.
Geo-location
The applications and specifications that represent the geo-location of the person are rarer, and
often relate to mobility. However, surprisingly this information does not seem to be present in
the mobility standards that are used for mobile devices such as CC/PP (Composite
Capabilities / Preferences Profile) proposed by W3C and UAProf (User Agent Profile)
proposed by the WAP (Wireless Access Protocol) forum (See the Annexe for a description of
CC/PP and UAProf). These latest standards are mainly used to manage user preference
information that is typically used to customise the mobile device.
On the other hand, the Liberty Alliance developed a standard (ID-SIS-GL) that provides
support for geo-location information representation (it defines a specialised schema to
represent this information). This geo-location information includes the position of a principal,
speed and direction related information, and information related to the quality of the position
information.
10
A brochure from the company Quova, Inc. indicates that, “in 2004, LexisNexis studied over 100,000
transactions executed by a major US online retailer, all with US credit card numbers. The study found that 75
percent of the identified fraudulent orders with US billing addresses had been placed from overseas. 97.9% of all
transactions originating in Africa and 74.8% of all transactions originating in Asia (including Russia) were
fraud”.
http://www.quova.com/technology/E-RET_FraudWP.pdf