Rich Presence and Privacy

1
Rich Presence and Privacy

• Henning Schulzrinne
• (with Xiaotao Wu and Ron Shacham)
• Columbia University
• SIP 2005 (Paris)
• January 26, 2005

2
Overview

• Context-aware communications
• Presence data model
• Rich presence in SIP
• Privacy ? user control of information
  dissemination
• Creating context-based services
• Service creation in end systems
• Service and session mobility

3
Basic presence

• Role of presence
• initially can I send an instant message and
  expect a response?
• now should I use voice or IM? is my call going
  to interrupt a meeting?
• Yahoo, MSN, Skype presence services
• on-line off-line
• useful in modem days but many people are
  (technically) on-line 24x7
• thus, need to provide more context
• simple status (not at my desk)
• entered manually ? rarely correct
• does not provide enough context for directing
  interactive communications

4
Context-aware communication

• context the interrelated conditions in which
  something exists or occurs
• anything known about the participants in the
  (potential) communication relationship
• both at caller and callee

time CPL
capabilities caller preferences
location location-based call routing location events
activity/availability presence
sensor data (mood, bio) privacy issues similar to location data
5
Presence and event notification

• Presence special case of event notification
• user Alice is available for communication
• Human users
• multiple contacts per presentity
• device (cell, PDA, phone, )
• service (audio)
• activities, current and planned
• surroundings (noise, privacy, vehicle, )
• contact information
• composing (typing, recording audio/video IM, )

• Events in multimedia systems
• REFER (call transfer)
• message waiting indication
• conference floor control
• conference membership
• push-to-talk
• system configuration
• General events
• emergency alert (reverse 911)
• industrial sensors (boiler pressure too high)
• business events (more than 20 people waiting for
  service)

6
IETF efforts

• SIP, SIPPING and SIMPLE working groups
• but also XCON (conferencing)
• Define SIP methods PUBLISH, SUBSCRIBE, NOTIFY
• GEOPRIV
• geospatial privacy
• location determination via DHCP
• information delivery via SIP, HTTP,
• privacy policies
• SIMPLE
• architecture for events and rich presence
• configuration (XCAP)
• session-oriented IM (? page mode)
• filtering, rate limiting and authorization

7
Presence data model
calendar
cell
manual
person (presentity) (views)
alice_at_example.com audio, video, text
r42_at_example.com video
services
devices
8
Presence data architecture
presence sources
PUBLISH
raw presence document
privacy filtering
create view (compose)
depends on watcher
XCAP
XCAP
select best source resolve contradictions
composition policy
privacy policy
(not defined yet)
draft-ietf-simple-presence-data-model
9
Presence data architecture
candidate presence document
raw presence document
post-processing composition (merging)
watcher filter
SUBSCRIBE
remove data not of interest
difference to previous notification
final presence document
watcher
NOTIFY
10
Composition
program complex conditions and transformations
complexity
rule-based most recent source quality
union of tuples
capability
11
Future work sources

• Composition may need to resolve conflicts
• calendar says meeting, but user is driving
• Composition relies on source information
• information gathering sensor, manual, calendar
• relative trustworthiness (sensor vs. manual)
• how recently updated?
• does place and time make activity likely?
• Will likely add source information to presence
  data
• already started for geo data

12
GEOPRIV and SIMPLE architectures
rule maker
DHCP
XCAP (rules)
target
location server
location recipient
notification interface
publication interface
GEOPRIV
SUBSCRIBE
presentity
presence agent
watcher
SIP presence
PUBLISH
NOTIFY
caller
callee
SIP call
INVITE
INVITE
13
RPID rich presence

• Provide watchers with better information about
  the what, where, how of presentities
• facilitate appropriate communications
• wait until end of meeting
• use text messaging instead of phone call
• make quick call before flight takes off
• designed to be derivable from calendar
  information
• or provided by sensors in the environment
• allow filtering by sphere the parts of our
  life
• dont show recreation details to colleagues

14
The role of presence for call routing
PUBLISH

• Two modes
• watcher uses presence information to select
  suitable contacts
• advisory caller may not adhere to suggestions
  and still call when youre in a meeting
• user call routing policy informed by presence
• likely less flexible machine intelligence
• if activities indicate meeting, route to tuple
  indicating assistant
• try most-recently-active contact first (seq.
  forking)

PA
NOTIFY
translate RPID
LESS
CPL
INVITE
15
RPID rich presence
ltpersongt lttuplegt ltdevicegt
ltactivitiesgt
ltclassgt
ltmoodgt
ltplace-isgt
ltplace-typegt
ltprivacygt
ltrelationshipgt
ltservice-classgt
ltspheregt
ltstatus-icongt
lttime-offsetgt
ltuser-inputgt
16
Rich presence describing presentity

• class label elements for grouping and selection
• i-belong-to AOR contact in tuple belongs to
• proposed element
• status-icon
• icon URL with hint for watcher user interface

17
Rich presence describing service

• relationship
• a communication service offered by
• a family member
• associate (colleague)
• assistant
• supervisor
• service-class type of service offered
• electronic
• delivery (courier)
• postal
• in-person

18
Rich presence describing state

• mood of presentity
• afraid, amazed, angry, annoyed, anxious, ashamed,
  bored, brave, calm, cold, confused, contented,
  cranky, curious, depressed, disappointed,
  disgusted, distracted, embarrassed, excited,
  flirtatious, frustrated, grumpy, guilty, happy,
  hot, humbled, humiliated, hungry, hurt,
  impressed, in_awe, in_love, indignant,
  interested, invincible, jealous, lonely, mean,
  moody, nervous, neutral, offended, playful,
  proud, relieved, remorseful, restless, sad,
  sarcastic, serious, shocked, shy, sick, sleepy,
  stressed, surprised, thirsty, worried
• likely derived from
• game state
• manual input
• lie detector fMRI (later)

19
Rich presence describing activities

• sphere
• current state and role
• free text
• e.g., work, home, soccer club, PTA
• activities what is the person doing
• away, appointment, busy, holiday, in-transit,
  meal, meeting, on-the-phone, performance,
  permanent-absence, sleeping, steering, travel,
  vacation

20
Rich presence describing place and surroundings

• place-type type of surroundings
• aircraft, airport, bus, car, home, hotel,
  industrial, library, mall, office, outdoors,
  public, public-transport, restaurant, school,
  ship, station, street, theater, train, truck
• place-is communication properties
• video bright, dark
• audio noisy, quiet
• privacy communication that is private
• audio, video, text
• time-offset minutes from UTC
• for avoiding middle-of-the-night calls

21
Rich presence describing userdevice
interactions

• How long has the user not provided input to the
  device?
• e.g., microphone input, keyboard, mouse

activity
idle
active
idle-threshold
22
CIPID Contact Information

• More long-term identification of contacts
• Elements
• card contact Information
• home page
• icon to represent user
• map pointer to map for user
• sound presentity is available

23
Rich presence time information

• Presence is currently about here and now
• but often only have (recent) past e.g.,
  calendar
• or future
• will be traveling in two hours
• will be back shortly
• allows watcher to plan communication

RPID
from
until
time
timed-status
timed-status
now
24
Privacy

• All presence data, particularly location, is
  highly sensitive
• Basic location object (PIDF-LO) describes
• distribution (binary)
• retention duration
• Policy rules for more detailed access control
• who can subscribe to my presence
• who can see what when

lttuple id"sg89ae"gt ltstatusgt ltgpgeoprivgt
ltgplocation-infogt ltgmllocationgt
ltgmlPoint gmlid"point1 srsName"ep
sg4326"gt ltgmlcoordinatesgt374630N
1222510W lt/gmlcoordinatesgt
lt/gmlPointgt lt/gmllocationgt
lt/gplocation-infogt ltgpusage-rulesgt
ltgpretransmission-allowedgtno lt/gpretransmissi
on-allowedgt ltgpretention-expirygt2003-06-2
3T045729Z lt/gpretention-expirygt
lt/gpusage-rulesgt lt/gpgeoprivgt lt/statusgt
lttimestampgt2003-06-22T205729Zlt/timestampgt lt/tupl
egt
25
Privacy policy relationships
common policy
geopriv-specific
presence-specific
future
RPID
CIPID
26
Privacy rules

• Conditions
• identity, sphere
• time of day
• current location
• identity as lturigt or ltdomaingt ltexceptgt
• Actions
• watcher confirmation
• Transformations
• include information
• reduced accuracy

• User gets maximum of permissions across all
  matching rules
• privacy-safe composition removal of a rule can
  only reduce privileges
• Extendable to new presence data
• rich presence
• biological sensors
• mood sensors

27
Example rules document
ltrule id1gt
ltidentitygtltidgtuser_at_example.comlt/idgtlt/identitygt
ltconditionsgt
ltsub-handlinggtallowlt/sub-handlinggt
ltactionsgt
ltprovide-servicesgt ltservice-uri-schemegtsiplt/ser
vice-uri-schemegt ltservice-uri-schemegtmailtolt/se
rvice-uri-schemegt lt/provide-servicesgt ltprovide-per
songttruelt/provide-persongt ltprovide-activitiesgttrue
lt/provide-activitiesgt ltprovide-user-inputgtbarelt/pr
ovide-user-inputgt
ltrulesetgt
lttransformationsgt
28
Creating and manipulating rules

• Uploaded in whole or part via XCAP
• XML not user-visible
• Web or application UI, similar to mail filtering
• Can also be location-dependent
• if at home, colleagues dont get presence
  information
• Possibly implementation-defined privacy levels

29
Program location-based services
30
Conclusion

• Rich presence ? human-centered information about
  presentities
• Rich presence ? more appropriate communication
  substitute for voice IM communications
• Privacy through simple rule sets