 |
 |
A number of web applications, both client and server-side, could benefit if it could be easily determined if a user is on or off campus with respect to accessing resources that use IP-address based authentication. For instance, a web site could show/hide a button asking the user to "log in," or a proxied/non-proxied URL could be displayed depending on whether the user is connecting from within/outside an authorized IP range. This would reduce or eliminate the need for special proxy setups/unnecessary proxy use and could improve the user experience. This is probably a problem for which many ad-hoc solutions exist on campuses as well as solutions integrated into vendor-provided systems. It would be nice, and beneficial to in particular LibX, but also presumably other software that is facing this problem, to have a reusable service implementation/response format that is easily deployable and requires only minimum effort for setup and maintenance. Maintenance should be as simple as maintaining a file with the IP-ranges in a directory, like many libraries already do for their communication with database vendors or publishers. My question is what existing ideas/standards/software exists for this purpose, if any, or what ideas/approaches others could share. I would like to point at a small piece of software I'm sharing, which is a PhP-based isoncampus service [1], a demo is available here [2]. If anyone has a similar need and is interested in working together on a solution, this could be a seed around which to start. Besides the easily deployable PhP implementation, more efficient bindings/implementations for other languages and/or server/cloud environment could be created (AppEngine comes to mind.) - Godmar [1] https://github.com/godmar/isoncampus [2] http://libx.lib.vt.edu/services/isoncampus/isoncampus.php ps: as a side-note, OCLC's OpenURL registry used to include IP-ranges as they were known to OCLC; this was at some point removed due to privacy concerns. I do note, however, that in general the ownership of IP-ranges is public information, as are CIDR ranges, both of which are easily accessible via web services provided by arin.net or by the regional registries. Though mapping from an IP address to its owner is not the same as listing IP ranges associated with an organization (many include multiple discontiguous CIDR ranges), I note that some of this information is also public via the BGP-advertised IP-prefixes for an institution's (main-) AS. In any event, no one would be forced to run this service if they have privacy concerns.