Enabling Location-Based Applications. Chatschik Bisdikian, Jim Christensen, John Davis II, Maria R. Ebling,. Guemey Hunt, William Jerome, Hui Lei, St6phane ...
Enabling Location-Based Applications Chatschik Bisdikian, Jim Christensen, John Davis II, Maria R. Ebling, Guemey Hunt, William Jerome, Hui Lei, St6phane Maes, Daby Sow IBM ThomasJ. Watson ResearchCenter, Hawthorne,NY 10532 {bisdik, ibmjim, davisjs, ebling, gdhh, wfj, hlei, smaes, sowdaby}@us.ibm.com personalization, with which resource discovery queries are automatically refined according to individual users' requirements and preferences. Fourth, because pervasive computing devices are optimized for weight, size, battery life and function, they have very constrained user interfaces for data access. Innovative access models are therefore needed to improve user comfort.
ABSTRACT We identify a number of factors that may hinder the commercial success of location-based applications: the concern of privacy, the need to consider context beyond location, the presence of voluminous resources, and the constrained interfaces available on mobile devices. We describe an end-to-end system architecture with integrated support to address these issues. In particular, the architeeture includes a Secure Context Service that provides broad context information to applications and allows people to flexibly control the release of their private information, an Intelligent Service Discovery Service that allows for personalized selection of physical and virtual services, and a multi-modal interaction mechanism that enables users to exploit multiple synchronized access channels to interact with an application and to switch among channels at any time. Our goals are to improve user experience, to reduce user distraction and to facilitate awareness of the physical world.
We have been conducting research to cope with these challenges at the infrastrnetural level. The motivation for providing infrastrnctural support is to alleviate the need for applications to handle such issues in an ad hoc manner and to simplify application development. Our work focuses on: a Secure Context Service (SCS), which provides integrated support for context and location awareness and allows people to flexibly control the release of their private information; an Intelligent Service Discovery Service (ISDS), that allows for customized selection of physical and virtual services; multi-modal (MM) interaction technologies, which enable a user to use multiple synchronized access channels to interact with an application and to switch among channels at any time; and the integration of the above in a single system. At a higher level, our work is guided by the goal of reducing user distraction to a minimum. After all, user attention is one of the most precious resources in computing.
1. I N T R O D U C T I O N Numerous location-tracking technologies are available today. They range from Global Positioning Systems (GPS) to the cell-oforigin in cellular communications to wireless LAN access points to base station triangulation. Combined with the massive adoption of pervasive computing devices, they enable an important class of mobile commerce applications, such as location-sensitive billing and queries, targeted advertisement, and retail store navigation.
The rest of this document is organized as follows. We first discuss a location-based application scenario that our work aims to enable. Next, we propose an end-to-end system architecture for deploying location-based applications. We then describe in slightly more detail three innovative elements in the architecture: SCS, ISDS, and MM.
There are a number of challenges associated with the deployment of location-based applications in the market. First, location monitoring is considered intrusive by many people and raises myriad privacy concerns. People are justifiably concerned with the security of any information collected about them and the potential misuse of such information. Second, location infommtion by itself may not be sufficient. A broader notion of context needs to be considered. Context awareness (i.e., knowledge of the environment in which computation occurs), provides substantial added value by enablin8 the delivery of desired content not only to the right place, but also at the right time and in the most appropriate manner. Further, it allows applications to infer user intention and to take proactive actions. Third, location-based applications, by their very nature, rely on discovering and exploiting useful resources. There is a need for
2. AN A P P L I C A T I O N S C E N A R I O Using a hypothetical application system called Watson, the following scenario offers n glimpse of the types of enhanced loc~on-based applications we aim to enable.
Jennifer needs to make two customer visits today. As she drives to the first customer's site, she receives driving ¢8reclions from Watson through the speakers in the car. When Watson learns of a major accident on the normal route, it promp@ informs her of the accident and offers her an alternative route that will avoid the expected delays. After she arrives at the customer's site, Watson continues to give her the c~rections to the meeting room, via her cell phone. During the meeting, a contract is discussed and Jennifer wants to get the opinion of Joe, her legal counsel. Hence, Jennifer asks Watson to print a copy of the contract for Joe. Watson automatically selects the nearest printer to Joe that gs not busy or down and prints the contract for hint It does so without revealing Joe's exact location to Jennifer. A notification informs Joe of exactly which printer to seek out the printout.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post o11 servers or to redistribute to lists, requires prior specific permission and/or a tee. WMC 01 Rome Italy Copyright ACM 2001 1-58113-376-6/01/07...$5.00
38
After the meeting, Jennifer has time for a very short lunch. Watsonfinds her a nearby delt with no waiting time. As Jennifer is walking to the dell, Watson learns that her next scheduled visit has been postponed by 2 hours. Watson uses Jennifer's cell phone to inform her of this change. She browses her new schedule on her phone c~splay and requests by voice to cancel a conflicting meeting. Given the additional time and Jennifer's food preferences, Watson ask~Jennifer whether she would like to go to a nearby Creole restaurant instead which serves highly touted gumbo. To help Jennifer make a decision, Watson shows the menu of the restaurant on the public terminal in front of which Jennifer happens to stand
,:
After lunch, Jennifer is on her way to meet with the second customer. Since her gas tank is almost empty, Watson suggests that she make a stop at a gas station en route; the suggested gas station offers an excellent price on her preferred gasoline grade. Jennifer thinks that Watson is really useful.
.... -
the Repository Service. Depending on their exact function, applications may also exploit Web services such as online yellow pages, geocoding, maps and mutes, and gazetteer. The functionality of individual edge-of-network services and base services are summarized below.
The above scenario embodies many key ideas of our research. It shows the importance of combining location information with other aspects of context. One example is that the driving directions are continuously optimized according to dynamic traffic conditions. Context information allows Watson to make proactive decisions. Jennifer has the opportunity to have lunch at the Creole restaurant because Watson is aware of her schedule change. The scenario also shows the value of customization in service discovery. Customization is achieved by considering factors such as user preferences, location, printer status, waiting time in restaurants, and gas prices. The value of a multi-modal access model is also dearly demonstrated. Watson allows Jennifer to view her changed schedule on the display of her phone and to cancel another meeting by voice. Finally, efforts for protecting privacy are evident in the scenario. By disseminating potentially sensitive schedule information to a personal cell phone and public knowledge, such as the restaurant menu, to a shared terminal, Watson balances between privacy and usability. Further, a subject (Joe) may allow personal information (Joe's location) to be released to a trusted application (Watson), but not to the user (Jennifer) running the application. Such a scheme is useful when the user in not interested in the location or context as such, but the resources that are associated with the location or context.
•
•
•
Wireless Gateway: provision of secure connectivity between a private intrenet and external wireless networks such as GSM, CDMA and TDMA; protocol conversion. Multi-Modal Access: combining and synchronizing different devices and/or modalities and provide transaetional persistence across devices and modalities. Authentication: enabling single, device-independent user sign-on.
•
Subscriber and Device Management: subscriber enrollment; device registration; distribution and update of software and data to devices.
•
Load Balancing: distributing load to multiple servers for improved performance, availability and scalability.
•
Secure Context Service: collecting and supplying user context while protecting people's privacy.
•
Intelligent Service Discovery Service: customized resource discovery based on user preferences and context.
•
Repository Service: centralized data store.
Of the above functionalities, our research focuses on the SCS, ISDS, and MM technologies and their integration into an end-toend system architecture. The other functionalities are already provided by some off-the-shelf produets.
3. SYSTEM ARCHITECTURE In this section, we discuss a high-level system architecture for creating end-to-end location-based applications. Figure 1 gives a functional overview of the architecture. The service components in Figure 1 fall into one of three categories: edge-of-network services, base services, and web services. The first two groups of services are in the same administrative domain (intranet) as the location-based applications being deployed, whereas Web services are hosted on the Intemet. Edge-of-network services form an interface between various access technologies and the network where location-based solutions are implemented. They enable secure and adaptive access from heterogeneous pervasive computing devices. They provide the functionality of wireless and wireline connectivity, multi-modal access, authentication, subscriber and device management, as well as load balancing. Base services provide the underlying framework on which location-based applications are built. They include the Secure Context Service, the Intelligent Service Discovery Service, and
3.1 Secure Context Service A context service simplifies the development of context-aware applications by placing the context functionality in the infrastructure. Applications can interact with the context service to obtain required information without worrying about the details of context management. Furthermore, the costs associated with introducing new context sources can be amortized across many applications. We call our system the Secure Context Service because one of our major design goals is to protect the privacy of context subjects. The overall SCS arehiteeture is shown in Figure 2. It consists of a mediator, a configurable set of context drivers, and a collection of utility components. In addition, there are two programming interfaces: the SCS API and the Context Driver Interface. The SCS API allows applications to submit requests. The Context
39
Secure
chosen RBAC because studies [2] have shown that RBAC reduces the cost of administering security policies. RBAC separates the associations between users and roles (groups) from the associations between roles and privileges. Since the number of roles is typically much smaller than the number of users, RBAC reduces the number of associations that must be managed in most cases and hence the administrative cost. In addition, because subject-based policies align closely with existing business practices and can be expressed naturally in terms of roles, RBAC makes the specification of security policies less error-prone.
I
3.2 Intelligent Service Discovery Service ~,~ .......... I ~:!~1
As the number of compute-enabled systems expand and as such systems become increasingly connected to one another, the quantity of available computational services will become difficult to manage. As users seareh for services, they will discover far more services than they will want or need. An analogous situation already occurs with search engines on the World Wide Web. ISDS addresses this situation by controlling the deluge of available services through personalization. It provides intelligent service discovery capubilities by automatically setting and parameterizing service queries so that only relevant query responses are presented. ISDS is built on top of SCS, whose service lookup context driver uses an array of existing service discovery protocols, such as JIlqI, SLP, UP&P, and UDDL
. . . . . . . . . . . . . . . . . . .
Driver Interface, used internally, allows the mediator to communicate with the various context drivers. Details of the architecture follow. The SCS uses a forms-based programming model: An application partially fills out a form, identifies the requested form fields, and optionally specifies the desired quality of information such as freshness and confidence; the SCS responds with the forms that match the application specification. The forms metaphor offers a number of advantages. It provides a uniform abstraction for heterogeneous context data and allows for flexibility in specifying the selection condition for the desired context. Further, new context sourees can be easily added by defining a new context form and writing a context driver that handles the form. Using this forms-based API, an application may request one of the following: a synchronous context query, a one-time event notification, or the continuous monitoring of context conditions.
The architecture of ISDS is shown in Figure 3. The ISDS engine drives a series of core functions, such as customizing services, authorizing service access, and enabling policy-based, composite services. ISDS utilizes SCS to exploit a wide variety of context information, including that obtained from the service lookup context driver as well as others. ISDS tailors service descriptions to be exposed to the client based on user preferences, past request patterns, and context information. Such customization allows for tailored service responses that meet the requirements of both end users and service providers. ISDS also authorizes the release of service information. For example, a service description may only be known to the service owner, and hence ISDS would not expose this service description to other clients. Further, ISDS allows new services to be composed from existing services. For efficiency reasons, the ISDS server has access to a service cache where it keeps track of recently accessed services.
Regardless of the type of the application requests, they all arrive at the mediator. The mediator dispatches the requests to the appropriate context drivers, through the uniform Context Driver Interface. Each context driver handles one type of context information and encapsulates the details of interaction with the context sources. A context driver may pull information from context sources, either periodically or on demand. Alternatively, it may simply allow the context source to asynchronously push updated information. Figure 2 shows four context drivers; one each for location, service lookup, calendar and instant messaging online status.
SOG
Context drivers can make use of four utility components: a context cache, a connection manager, an event engine, and a privacy engine. The context cache retains recently accessed context information in main memory for performance reasons. The connection manager maintains persistent connections with various context sources to minimize the costs of constantly reestablishing connections with the same source, it is meant to be used by pulbbased context drivers. The event engine matches context events with registered application interests. The privacy engine authorizes access to context information based on policies defined by iadivideal information owners.
¸I
Our l~ivacy protect/on mechimism is based upon Role Based Access Control ~ ) [11]. We a.~mme a otesed system: that the identity of all context users is Imowa to the system. We have
There ate several issues important to c~asider in providing a solution for personal/zafion. The first isme &mis with the process
40
OUI Interaction
of creating and updating a user profile. This profile must characterize how a user wants to interact with available services and leverage available context. An example design tradeoff related to user profiles is whether a user profile should be updated explicitly by the user or automatically based upon the user's history of actions. A second issue considers exactly how ISDS leverages a user's profile. If ISDS were to employ a reactive approach to user profiles, it might simply use the profile to assist the user in specifying parameters to queries. Altematively, ISDS might employ a proactive approach by submitting queries on the user's behalf.
Multi-modal Interaction
GUIDoMBrO~' I
Speech Interaction
[ V~NOOMBmW~"
3.3 Multi-Modal Access We use the term channel to denote a particular renderer, device, or a particular modality. Multi-channel applications arc applications designed for ubiquitous access through different channels, one channel at a time and with no particular attention paid to synchronization across different channels. Multi-modal applications are multi-channel applications, where multiple channels are simultaneously available and synchronized. It allows the user to choose the interaction mode that suits the task and circumstance. Moreover, it enables the use of several devices in combination to take advantages of the unique capabilities of each device.
Figure 4. MM Architecture
4. CONCLUSIONS Location-based applications promise enhanced end-user experience and new commercial opportunities. Our work seeks to advance the state of the art in a number of ways. First, it provides standardized support to applications so that they can exploit the diverse context information beyond location, while respecting the privacy of context subjects. Second, it allows useful resources to be discovered without overly involving users in specifying selection parameters and without overwhelming them with voluminous results. Third, it enables a user to use different devices in a synchronized manner to interact with an application.
The multi-modal definition postulates a Model/View/Controller (MVC) view of the world, where a single information source, the Model, is viewed via different views and manipulated via different controllers [5]. The implementation of this paradigm is illustrated in Figure 4. The two views correspond to the GUI and voice modalities. The controllers denote the mechanisms used by the user to interact with the system. A given interaction can be carried out by voice only, by GUI only, or as a combination of both. The model of the interaction is independent of the rendering channel or modality and is effectively a repository of the current dialog state and possibly the dialog history for conversational applications. Such a single modality-independent representation, from which all views are generated, provides the underpinnings for coordinating the various views.
By offering user comfort and an improved experience, our work can accelerate the growth of wireless services and applications. By reducing human attention and enabling personalized aca:ess, our work can enhance user productivity in substantial ways. By promoting awareness of the physical world, our work takes an important step forward towards the vision of pervasive computing.
5. ACKNOWLEDGMENTS We would like to thank the following colleagues who have been instrumental in helping us put this paper together: Alan Cole, Sastry Duff, Mahmoud Naghshineh, John Turek, and Marisa Viveros.
Figure 4 also illustrates how existing channel-specific and DOMcompliant browsers can be directly extended to multi-modal browsers, without requiring any change of the former. Each browser is associated with a wrapper that interfaces to the DOM interface and filters interaction events according to the desired granularity of synchronization. The Multi-Modal (MM) shell contains the MVC model. R receives the notification of DOM events and produces (remote) DOM events to update each view. Events are systematically timestamped so that events from different views may be ordered and disambiguated.
6. R E F E R E N C E S [1] Czerwinski, S.; Zhao, B.; Hodes T.; Joseph, A.; Katz, R. An Arohiteeture for a Seroure Service Discovery Service. In Fifth Annual International Conference on Mobile Computing and Networks (MobiCOM '99), Seattle, WA, August 1999. [2] Ferraiolo, D.F.; Gilbert, D.M.; Lynch, N. An Examination of Federal and Commercial Access Control Policy Needs. In NIST-NCSC National Computer Security Conference (Baltimore, MD, Sept. 1993), 107-116.
In a typical configuration for thin clients, the multi-modal shell and the voice browser are placed on the server, and the GUI browser is placed on the client. Further, a conversational engine is located on the server and an audio subsystem that supports speech I/O and encoding is located on the client. Such a configuration requires protocols to exchange the DOM events and to remotely control the DOM interface. In addition, it requires appropriate transport of voice I/O to the conversational engine and the possible remote control of the engine.
[3] Gellersen, H.-W.; Schmidt, A.; Beigl, M. Adding Some Smartness to Devices and Everyday Things. In the Proceedings of the Third IEEE Workshop on Mobile Computing Systems and Applications (Monterey, CA, Dec. 2000), ACM, 3-10.
41
Applications (Monterey,CA, December 2000), IEEE, 95106.
[4] Hull, R.; Neaves, P.; Bedford-Roberts, J. Towards Situated Computing. In the Proceedings of the 1st International Conference on Wearable Computing (1997), IEEE, 146-153.
[10] Salber, D; Dey, A. K.; Abowd, G. D. The Context Toolkit: Aiding the Development of Context-Enabled Applications. In Proceedings of CHI '99 (Pittsburgh, PA, May 1999), ACM, 434-441.
[5] Maes, S. H.; Raman, T.V. Multi-modal Interactions in the Age of Information Appliances. In ICME'2000, New York, July 2000.
[11] Sundhu, R.S.; Coyne, E.J.; Feinstein, H.L.; Yonman, C.E. Role-based Access Control Models. IEEE Computer, Vol. 29, No. 2, Feb. 1996, 38-47.
[6] Maes, S. H. A IX)M-based MVC Multi-modal e-Business. To appear in ICME'2001, Tokyo, 2001. [7] Maniatis, P.; Roussopoulos, M.; Swierk, E.; Lai, K.; Appenzoller, G.; Zhao, X. and Baker, M. The Mobile People Architecture. ACM Mobile Computing and Communications Review (MC2R), July 1999.
[12] Wang, H. J.; Raman, B.; Chuah, C.; Biswas, R.; Oummadi, R.; Hohlt, B.; Hong, X.; Kiciman, E.; Mac, Z.; Shih, J. S.; Subramanian, L.; Zhao, B. Y.; Joseph, A. D.; Katz R. H. ICEBERG: An Intemet-core Network Architecture for Integrated Communications. IEEE Personal Communications, Vol. 7, No. 4, Aug. 2000, 10-19.
[8] Priyantha, N.; Chakrsborty, A; Balakrishnan, H. The Cricket Location-Support System. In Proceedings of the Sixth Annual International Conference on Mobile Computing and Networking (Boston, MA, August 2000), ACM, 32-43. [9] Raman, B.; Katz, P.; Joseph, A. Universal Inbox: Providing Extensible Personal Mobility and Service Mobility in an Integrated Communication Network. In Proceedings of the IEEE Workshop on Mobile Computing Systems and
42
