3.0 Elements of a Nomadicity Model
This section presents the elements of a model of nomadicity that takes
into account
- the motivations for nomadicity
- some high-level requirements derived from those motivations, and
- various concepts that help organize our thinking about nomadicity.
Development of this model will help in understanding, discussing, and
responding to the issues posed by nomadicity.
3.1 Locations
Locations are defined relative to individuals. Everything in proximity,
everything that is co-located or nearby, is in the same location.
3.2 Location Coordinators
Location coordinators keep track of the individuals, devices, and
communications system capabilities at a given location as they change. They
implement the concept of proximity, allowing assumptions to be made about which
individuals are at a location and what capabilities are available to
them.
A location coordinator knows the characteristics and
"addresses" of all the devices at a location. It is responsible for
identifying the individuals and mobile devices that enter and leave the
location. In an office example, a location coordinator would know the phone
number of the office phone, the TCP/IP address of the personal computer in the
office, and the phone number of the fax machine around the corner. It would
know the physical relationship of the phone, fax machine, and personal
computer; and it would know the capabilities of the devices. And, if an
individual made it known that he was co-located with any of the devices, the
location coordinator would be able to infer that the other devices could be at
his disposal as well.
3.3 Destinations of Communications
At the "far end of the pipe" are destinations of communications.
Clearly, there is overlap between this and other elements of the model.
The most common example of a communications destination is another person, but
it could as easily be something standing in for a person, such as an answering
machine. A person getting messages from her own answering machine is asking her
stand-in to pass the message along. Other "stand-in" communications
destinations include the bank computer at the other end of the line from the
ATM, the voice response system at the power company, and the computerized
information service at the stockbroker.
It is possible for both the communications destination and origin to be
non-human. The automated system at the bank that validates a check for the
check authentication system computer is an example.
3.4 People Who Move
Because people are nomads, the NII must -- in delivering communications and
information services to individuals -- take into account that people move
both in space and through the various aspects of their lives.
3.5 Access Devices
The many access devices with which a user directly interacts are the things
that communicate. These devices are the portals between the user's
physical world and the electronic world of the NII. Telephones, fax machines,
computers, television sets, ATMs, and pagers are examples of things that
communicate.
Access devices can move. Some are designed to; some move only rarely. A pager
is designed to move; the office printer moves only when it is relocated.
Some access devices move with people, while some are only in occasional
proximity to them. The cellular phone will often move with the individual; the
office fax machine will only be near the person when he is in the office. No
device (even implanted heart monitors) can be guaranteed to be in one-to-one
correspondence with an individual.
Devices are either tethered --
that is, in a fixed location because of physical attachment to a communications
channel -- or untethered. In either case, a location must be defined for
the device if it is to be integrated into a context. Current networks provide
only inexact location information. A device like a large printer, which moves
infrequently, can have its location stored in a static database. But an active
cellular phone, without triangulation, can be located no more exactly than
within a cell capture area. Under any circumstances, the underlying systems of
the NII must be supplemented by mechanisms to associate physical location and
electronic location.
Untethered devices carried by individuals and associated with them can be an
effective way for associating individuals with places -- provided, of
course, that authentication appropriate to the context is supported. A smart
card that only responds to a challenge/response sequence when a particular
person has her right thumb on its sensor provides reasonable validation of a
person's location and identity.
3.6 Services
In our model, services are the individuals or things with which a person
communicates. One may exchange information with these services or get them to
act on one's behalf. When communication is with another person, the
"service" may be the individual and will be mediated -- that is,
facilitated and/or limited -- by the device(s) available to the individual.
In a broad sense, there are at least three types of services:
- those in support of the communications system (e.g., routing, link-level service):
- those that may serve both the communications system and end users (e.g., encryption, location brokerage): and
- those that serve only the end user (e.g., electronic banking).
3.7 The Communications System
Everything between the representatives of the communicating parties forms a
communications system, which provides connectivity between devices and
services. The NII will provide many different communications paths. Within it,
users will be able to choose among these alternatives based on their cost,
performance, coverage area, and other characteristics.
Nomadicity adds the dimension of dynamic movement within communications systems
and among systems available at a particular location if a user's needs
change. To facilitate that capability, the various systems will need mechanisms
for managing quality of service, communication of service capabilities, and
coordinated inter-enterprise interaction. At a higher level, the alternatives
will have to be communicated to the user in some manner so that he can choose
among them.
Under some circumstances, the definition of the communications system is
thought to be complicated because elements considered to be internal to the
system are made available to end users. Examples are the billing, directory,
configuration management, and maintenance subsystems which, although used
primarily by the communications system provider to keep the system running, can
be of value to its customers as well.
We believe the definition of communications systems can ignore this
distinction. If an internal system component is unavailable to the user, it is
still part of the communications system. If it is packaged so the user can get
at it through the system provider, it is a service as well. And, if the same
service is provided by someone other than the communications system provider,
it is a service but not part of the communications system at all.
3.8 Context
A context, as part of the model, is made up of at least one location, the
devices at the location(s), the individuals at the location(s), and the
activities those individuals wish to pursue. A person's integration with
the other elements of the context are characterized by psychological factors
(social expectations, setting, requirements for security, etc.) and physical
factors (level of interactivity, level of proximity, etc.). Nomadicity requires
that the user's dominant context be maintained as the user environment
changes.
3.9 Aliases
An alias is an abstraction of an electronic entity that represents the user in
the electronic world while managing communications with her in the real world.
Rudimentary present-day examples of aliases are the answering machine and the
electronic mail (e-mail) system. These stand in for the individual when he is
not available. As they have evolved, both these systems have started to
differentiate themselves, offering user configurability and additional
functions.
For example, the answering system may notify a pager of an
incoming call. This is a form of media translation and abstraction. The medium
through which the message is delivered is changed, and the message is
abstracted to its simplest form: notification that it occurred. In the case of
computer-controlled answering machine-modem-fax machine combinations, a person
can receive a message via e-mail and have it faxed to her current location. The
fax number is specified via a call to the answering machine.
Thus, while not well-integrated at this time, many of the elements of an alias
exist within current electronic environments: maintenance of status information
regarding the individual, acting as a contact point for the individual,
translation and abstraction of information for the individual, delivery of
information to the individual on demand, and support for the individual's
ability to control access.
Note that a person may have several aliases representing various aspects of his
life and interests. Similarly, an alias could be formed to represent the
aspects and interests of entities other than individuals. Groups, departments,
or temporary associations might be actualized with an alias.
4.0 Nomadicity and Traditional System Issues
This section covers those concerns that every computer system must
address and which nomadicity brings into sharp relief. This discussion ties the
motivations and high-level requirements associated with nomadicity to these
traditional concerns. It also addresses the relationship between traditional
system concerns and nomadicity's concerns for location and context.
4.1 Security
Security is broadly divided into authentication and privacy. Authentication
means certification that the parties in an exchange are whom they represent
themselves to be and that the message received is the same as the message sent.
Privacy means limiting information about an exchange to the intended parties.
Security requirements in computer systems are often met by a mix of
administrative controls, cryptography, and physical security measures. In
current systems, these mechanisms are usually organized into administrative
domains associated with organizations and constrained by geographic areas.
Universities on their campuses and businesses at particular sites are examples
of security domains.
People can access their systems from beyond their normal work locations,
generally through connections that terminate at the system they normally use
-- for example, by dialing in via a modem. In this situation, the remote
access device and communications path almost certainly fall outside the
security domain maintained by their organization. Consequently, one impact of
device and location independence on security systems is that secure
communications paths and devices cannot be assumed. While moving, intermediary
devices (e.g., cell sites) change. Thus, a second impact of nomadicity on
security is that motion independence must be taken into account.
The dynamic nature of communications paths and the lack of physical security
inherent in nomadicity affect the most basic security issues. How does one
ensure that a person is whom he says? How can one be sure previous
conversations have not been monitored and passwords compromised? How can one
guard against the unsecured parts of the communications systems being
compromised? When a person deals with multiple security domains, how do you
maintain security without making her personal management issues excruciatingly
complex?
This last case is illustrated by the multiple password problem,
an aspect of the requirement for a friendly interface. A person has voice mail
at work, an answering machine at home, a bank card, a telephone card, and an
office computer -- all of which have different personal identification
numbers (PINs) and passwords for access. Some of these devices have different
remote and local access protocols; often, a person cannot access his computer
away from the office in the same way he accesses it at his desk.
There are solutions to these individual issues, including smart cards,
end-to-end encryption, and voice prints. But these technologies are not widely
deployed or uniformly accepted. Neither are they static: New technologies
continue to emerge. The NII will have to adapt to these new technologies if
nomadicity security requirements are to be satisfied.
The new technology issue can also be viewed as another dimension of device
independence. Security systems must be flexible enough to accommodate not only
new technologies but simultaneous use of differing, current technologies.
Technological considerations are not the only aspects of nomadicity that
interact with security. Calling home to ask if anyone needs something from the
grocery store clearly requires a different level of security than transferring
money for the house payment. At work, the special project has different
security requirements than an expense report.
These are examples of the association of context and security. Further, when a
context contains individuals from different (and perhaps competing)
organizations, maintenance of the distributed context must take into account
the varying security requirements of the participants. If individuals form
virtual communities, those communities may become the basis of security
domains.
4.2 Distribution and Synchronization
User requirements for location, motion, and device independence affect
decisions regarding distribution and synchronization. If a person always wants
his phone book with him, how and how often does he reconcile that phone book
with backup copies or with a corporate phone book which may have updated
numbers? If the person wants to access phone numbers stored on a personal
digital assistant (PDA) while at his desk, how will the storage on the device
be integrated with the fax system in the desktop computer? If the person buys a
new PDA from a different manufacturer, how will the new device fit in? These
examples show how decisions regarding distribution and synchronization are
affected by user preference, dynamic environments, and technological change
when nomadicity becomes a design consideration. Traditional designs --
where most elements are under the developer's control -- will fail for
nomads.
If a person is at home balancing her checkbook and wants to look up a phone
number, should her phone book look in her private phone numbers first? If she
is at the office working on the XYZ account, should it first look up numbers
associated with that account? Moving between contexts could affect data access
decisions. When the person is in a distributed conference, should the system
first display information on the other participants and their organizations?
The interaction between distributed contexts and information access must be
addressed by any system supporting nomadicity. It is a small step to see that
virtual communities might provide an organizing principle for data and data
distribution decisions. With knowledge of the likely locations of context or
community members, costs might be minimized through relocation of data or
processing. If the participants are moving, the various impacts of moving
contexts will change distribution and resynchronization decisions.
Nomadic individuals are likely to draw on a variety of communications,
computation, and information systems simultaneously. This creates the potential
for parallel content in those systems. A common example is a phone number in a
written personal phone book, programmed into a phone book on a personal
computer, in memory on a cellular phone, and in a PDA. When the number changes,
how do they all get updated? Intersystem synchronization issues exacerbate
intrasystem issues such as temporary disconnection, update latency, failed
transactions, and cancellation of updates. Both inter- and intrasystem
synchronization requirements must be addressed.
4.3 Location
Nomadicity has uncoupled individuals from places. With that uncoupling, the
implicit binding of access capabilities to individuals has been broken.
"I'll send him a fax" now has new dimensions of uncertainty.
Where is he? How close is he to a fax machine?
What is its number? Does it need a special header for guests? Could a computer
just print the message near him? When has the individual left the location?
Device independence interacts with the increasing use of mobile devices to
complicate the notion of location even further. The variety and capability of
devices individuals carry are increasing. Mechanisms are needed to define a
location dynamically and to connect the user. As technology advances, the
ability to adapt to new technologies must be built into any such location
management system.
There are multiple communications paths into many locations (video cable,
computer networks, telephone lines, broadcast media, etc.). These paths may
terminate in a variety of devices (television sets, telephones, fax machines,
pagers, cellular phones, computers, building control systems, etc.). They may
also present varied and changing quality of service. As nomads and their
devices move in and out of locations, a significant challenge is the dynamic
coordination of communications channels and static devices with individuals.
Beyond the technical challenges posed above, there are personal and social
issues. The demand for friendly user interfaces motivates removing the burden
of managing all this complexity from the user. Resources must be allocated
fairly when multiple individuals are present.
These issues cannot be addressed from the perspective of a single industry. A
better cellular telephone interface will not by itself ease the burden of
receiving a fax while in an airplane. Mechanisms that bridge different systems
for the nomad are required. Such solutions must take into account that parallel
systems will always exist. No one will use all of them, but all of them will be
used by someone. The connections between systems must provide useful
coordination while having enough flexibility to allow variation and change.
4.4 Context
For the nomad, any place he hangs his hat is home, office, or entertainment
area. Any system that supports the nomad must help him maintain these various
contexts. Such support for context maintenance must include
- identification of the context on which the individual wants to focus,
- maintenance of the state of the activities and information associated with the context,
- knowledge of the preferences the individual has for interaction with the context,
- application of those preferences to the location from which the context is being accessed, and
- simultaneous management of multiple contexts.
Context identification can be either specified -- "I want to balance
my checkbook now" -- or implicit -- "I've just placed a
call to the Smith Industries' account manager." In any case, there
must be support for reestablishing the state of the context. This may be
complicated by the context's level of autonomy. Some contexts will be
active even when the nomad is not in contact with them. An ongoing electronic
meeting is an example. In that case, reestablishing the state of the context
might involve some means of summarizing the portion of the meeting that the
nomad was unable to attend.
For less autonomous contexts, e.g., periodic payment of a credit card bill, the
charges would be posted to the account throughout the month and the individual
would only examine them periodically. Reestablishing context in that case would
be relatively simple. Another consideration regarding context identification is
the fact that different people will choose to define more complex contexts. The
person who does her books at the end of the month will have a context of
checking, savings, bills, and credit cards all of which need to be organized in
such a way that she can see the state of her finances. Supporting automated
systems will therefore have to take into account varying levels of
specification, autonomy, complexity, and the interactions among them.
This
context scope is an example of individual preferences. People can be expected
to have preferences for every aspect of their interactions with computer and
communications systems. Those preferences will include the permissible
demotions they will allow in different locations. An example of a permissible
demotion is having an e-mail message read over the telephone. Graphic
information is lost, but the message is conveyed. A further demotion might be
having just the message's key words -- drawn from a list of filtering
key words, such as "call as soon as possible" -- read over the
phone. Other preferences might include what contexts could be established from
what locations and what level of security would be involved. Perhaps an
individual would only allow purchases of up to $50 to be authorized via phone,
but would allow up to $300 to be authorized from an ATM.
These are examples of applying preferences to the communications channels and
devices available at different locations. They illustrate the interaction
between context, preferences, and location.
Finally, individuals certainly will want to maintain some interaction with
several contexts simultaneously. The priority call that has to get through is
one example. Any person who keeps several things going at once will have a
requirement for maintaining multiple contexts.
While we expect that integrating the notion of context into traditional
computer, communications, and information systems is necessary to support
nomadicity in the NII, we also believe that integration will require
significant alteration in system design. NII developers that use context as an
organizing principle in their designs will probably have an advantage when
addressing nomadic needs.
4.5 Operating Environments
Although the issues discussed thus far have been couched in application-level
terms, support for them must lie at least in part in the operating systems and
networks on which the applications run.
One concern in this regard is application visibility. Some classes of
application may not need to be "aware" of the changing distributed
environments in which they operate. System-level adaptations can maintain
connectivity on the application's behalf. Early examples of this kind of
support are operating systems supporting process migration and the X Window
System. Process migration (ideally) is transparent to the application.
X allows users to decide where an application displays its output. In both
these examples, conservative applications do not need to be modified in order
to operate in dynamically changing environments. In other situations, the
applications must be aware of and support distribution and synchronization. The
phone book in the earlier example is one such application; most graphically
demanding applications (e.g., window systems, imaging applications, design,
etc.) are another.
Location services are just one example of
system-level activities affected by nomadicity. The division of labor in the
realm of security between computer system, communications network, and
applications is another. So, there could be end-to-end security where only the
devices carried by nomads were trusted. At the other extreme, internal
computing and communications systems could take responsibility for all
security.
The architectural boundaries within the NII are not yet fully defined. As the
builders of the NII work out new industry and organizational boundaries, their
activities will interact with technological considerations to establish the
NII's architecture. A central challenge is to establish architectural
boundaries that ensure interactivity between components of the emerging (and
continually changing) system, while not limiting participation in it. With
respect to nomadicity, architects and developers must additionally account for
its central concepts -- movement within physical space, social space, and
channels of communication -- when defining the new systems.
4.6 Applications
Arguably, operating environments (operating systems, network operating systems,
middle-ware, etc.) are moving to support the distributed system capabilities
which the NII requires. Applications software, however, is adapting more slowly
-- and, in some cases, only incrementally.
Many applications are
designed to take into account only minimal distribution issues. They depend on
reliable local capabilities and, if they take remote capabilities into account
at all, they characterize them as either being fully available or fully
unavailable. Issues of changing bandwidth, latency, or reliability are almost
never considered.
Nomadicity complicates software requirements even further. Today's nomad
may spread her computing and communications activities over many different
devices and access many remote services. The applications she draws on need to
adapt to her various environments. When she is working from a portable
computer, her applications must be sensitive to the requirement for alternative
communications paths and the computing capabilities of her machine. Thus, a
mechanism must be developed for applications to sense and adapt to changing
environments and user preferences.
Clearly, the distribution of function between applications and operating
environments is not yet defined. Just as there will undoubtedly be many
different capability sets within the NII's system components, some
applications will deal with nomadicity issues internally and others will draw
on services. The challenge in software is similar to the system component
challenge: ensuring interoperability without restricting the potential for
innovation.
We cannot hope, in this report, to explore all the systems issues associated
with nomadicity. But note that for each application-level requirement outlined
here, there is a set of system-level capabilities that underlies it.
5.0 Summary
Nomadicity -- the ability to move easily from place to place and
retain access to a rich set of information and communications services while
moving, at intermediate stops, and at the destination -- is a new paradigm
for information processing and communications. Its basic characteristics
include location independence, device independence, motion independence,
widespread access, and ease of use. In order to design systems that will meet
nomadicity requirements, we need to address these characteristics, as well as
privacy and security -- issues that are exacerbated in a nomadic
environment.
Developing a model of nomadicity will help in designing systems that meet the
requirements posed by nomadicity. Elements in this model include locations,
communications destinations, the nomadic user, access devices, services, the
communications system, and context. Another key model element is the location
coordinator -- an entity that keeps track of the individuals, devices, and
communications system capabilities at a given location as they change. Location
coordinators know the characteristics and "addresses" of all the
devices at a location and are responsible for identifying the individuals and
mobile devices that enter and leave the location. A final element is the alias,
which is the electronic entity that represents the user in the electronic world
while managing communications with him in the real world.
Simply stated, in this model, the location coordinators provide information to
a user's alias about where she is and what capabilities are at the
location. The alias then opens connections to her and establishes the desired
contexts as completely as possible using available resources. On the service
side, the alias is a reliable point of contact for services and other aliases.
Issues of security, quality of service, and location are minimized for services
with which the alias interacts. Knowing the user's capabilities,
preferences, and requirements, communications between the alias and the user
are better coordinated than if the exchanges were handled by each service
individually.
Potential and actual nomadic applications are plentiful, as illustrated by the
numerous examples cited in the appendix to this paper. Moreover, it is obvious
that virtually all of us are already heavily engaged in such applications. The
need for nomadicity in the NII is clear; it now remains for us to develop the
principles, concepts, technology, and infrastructure to support it.
Appendix: Examples of Nomadicity
There are many practical examples of nomadicity in the NII.[2] Several are presented in this section to
illustrate the opportunities available to business and government to enhance
the value of the NII by addressing nomadicity concerns.
i: The Portable Office
Both individuals and organizations are trying to squeeze the most out of
available resources. The portable office will let people coordinate their
business activities from anywhere. Today, the portable office represents both
the least and most successful of the application areas discussed in this
appendix. It is the most successful in that large numbers of people have
already created some kind of portable office for themselves. By 1996, for
example, laptop and notebook computers will account for one-quarter of all new
computers sold in the United States. [3] On
the other hand, the frustration faced by those who do establish portable
offices points up the lack of infrastructure in place to support them.
The portable office is not just the 9-to-5, work-for-pay environment, but any
place where a person assembles the tools necessary to carry out his work. For
example:
- Education -- Students as well as teachers maintain offices in a strict, although unconventional, sense. They travel between home and school, and work in both places. They are nomadic, and the NII must let students and teachers do their work regardless of location.
- Manufacturing -- The manufacturing process has many stages, including product planning, design, forecasting, production, delivery, and service. Increasingly, these activities are geographically disbursed and centrally coordinated. One disadvantage of this coordination, however, is the inevitable need for a certain amount of travel. Productivity would be enhanced if the information infrastructure that supports the process took people's mobility into account.
ii: Financial Trading
For the financial trader, time is of the essence, and information is the staff
of life. She may participate in transactions from anywhere -- whether on
the floor of the stock exchange or while traveling to and from customer sites.
The trader requires not only information such as client names, account
balances, and price quotes, but interactive communications for customer contact
and transaction initiation.
iii: Crisis Management
In a crisis people have to get on site fast, understand what's going on,
and take effective action quickly. That means rapid installation of equipment,
rapid access to information, and rapid prioritization and analysis. The
situation at the site can be critically affected by access to information and
communication with individuals at remote locations. By its very nature, a
crisis management team is nomadic. The infrastructure that supports it must
take that into account.
Several application areas where the NII must deal with the nomadic aspect of
crisis management are:
- The mobile clinic -- In emergencies such as train wrecks, earthquakes, or industrial accidents, mobile emergency rooms are deployed. If the NII supports remote consultation and analysis and automated patient records, these services will have to be available in these dynamically deployed environments.
- The firefighter -- While the fire truckes are on the road, the dispatcher is relaying information to them, telling them where the fire is, what material the building is made from, if injuries have been reported. Once on site, the firefighters discover new problems and need new information. How close is the gas line to the building? What is the layout of the 23rd floor? Coordinating the team involves keeping track of both human and physical resources. If the command center can't get at the floorplan stored in the city's computer, a significant value of the NII will not be realized.
iv: Personal Services
Personal services support an individual's activities outside the work
context. These are generally leisure and family or home maintenance activities.
The NII will make possible a broad range of innovative personal services.
Currently, personal services for most people are supported by various
communications media -- the television, telephone, and post office. The NII
must accommodate these delivery mechanisms, support new ones, and be able to
deliver content (movies, shopping, banking, person-to-person communications,
etc.) over combinations of them. The ability to switch messages between them
will become increasingly important.
Nomadicity has implications for all personal service applications. The NII will
have to support multimedia conversations when the participants are not only
separated, but on the move, as well as delivering an individual's favorite
television program when he is away on a trip.
These are not the only personal activities for which the NII will need to take
nomadicity into account. Consider computer application sharing, computer
conferencing, games, gambling, video messaging, voice messaging, e-mail,
paging, information-on-demand, video-on-demand, home shopping, and voice
communications.
People will want access to all of these services from different places, with
different delivery capabilities, and with different preferences.
v: Distributed Measurement
While we have here focused on individuals as nomads, the NII cannot ignore the
potential of devices as nomads. Distributed measurement involves the sensing,
collection, analysis, and dissemination of data originating in remote
locations. An NII that supports distributed measurement will allow small --
possibly portable, possibly mobile -- sensors to be integrated into the
fabric of everyday life. Collected data can be transmitted to processing sites.
At those sites, the data can be analyzed, stored, and acted upon either by
individuals or automatic programs. Given a supporting infrastructure, important
data can be collected with lower cost, higher integrity, greater longevity, and
greater value than if each data collection system had to have specially
designed communications mechanisms.
Ready examples of distributed measurement applications that would improve the
quality and efficiency of people's lives follow:
- Health care -- Distributed patient monitoring systems allow doctors to evaluate patients' conditions without costly office visits or hospitalization. Remote recording of vital signs enables a physician to monitor the progress of a recovering patient carefully, even though that patient has already left the hospital.
- Environmental monitoring -- Sensors floating in rivers, sending back information on water quality, flow rate, and location, would allow for dynamic tracking of changing conditions. The ability to deploy sensors rapidly to remote locations would allow for quick response in dangerous situations.
![[spacer]](/gif/spacer.gif){kind=small}
