In current internet, end-users consider the network like a black-box that provides connectivity between two endpoints. The security properties, e.g. path guarantees, accountability, properties of connecting hosts, etc., of a communication must be enforced by the endpoints through e.g., encryption/authentication primitives.
An interesting case is when an endpoint does not trust the claims of the machine at the other end of the communication; this could include the location of the machine, among others. In these cases, the network operator could provide a proof that the untrusted endpoint, e.g., is actually located where it claims to be.
For simplicity and without loss of generality, assume that an online banking service is provided by endpoint B, and consider the case where a user located at endpoint C wishes to access the online banking service. Here, we consider the case where B allows connections only to endpoints located in a given country, e.g. due to legislations, liability, etc.
Whenever C is accessing the banking service, B would like to ensure that C is indeed located within a given country. In typical cases, the only way for C to provide a proof of location is to contact its network administrator and acquire such guarantee. While the network itself could in theory provide for such guarantees, this process is quite cumbersome in traditional networks, since it requires a manual intervention, and/or a number of mail exchanges in order to set up such guarantees in practice.