 |
 |
I'm not sure if it is quite the same, but in the same area, there is some stuff being done around picking up Shibboleth attributes based on IP location: Shibboleth IdP User Agent Attribute Extension ============================================= This plugin captures the user agent IP address at authentication and then allows that information to trigger the association of certain attributes/values during attribute resolution time. https://github.com/ukf/ua-attribute-idp-ext/blob/master/README.txt Owen On Thu, Jun 14, 2012 at 3:46 PM, Godmar Back <[log in to unmask]> wrote: > A number of web applications, both client and server-side, could benefit if > it could be easily determined if a user is on or off campus with respect to > accessing resources that use IP-address based authentication. > > For instance, a web site could show/hide a button asking the user to "log > in," or a proxied/non-proxied URL could be displayed depending on whether > the user is connecting from within/outside an authorized IP range. This > would reduce or eliminate the need for special proxy setups/unnecessary > proxy use and could improve the user experience. > > This is probably a problem for which many ad-hoc solutions exist on > campuses as well as solutions integrated into vendor-provided systems. It > would be nice, and beneficial to in particular LibX, but also presumably > other software that is facing this problem, to have a reusable service > implementation/response format that is easily deployable and requires only > minimum effort for setup and maintenance. Maintenance should be as simple > as maintaining a file with the IP-ranges in a directory, like many > libraries already do for their communication with database vendors or > publishers. > > My question is what existing ideas/standards/software exists for this > purpose, if any, or what ideas/approaches others could share. > > I would like to point at a small piece of software I'm sharing, which is a > PhP-based isoncampus service [1], a demo is available here [2]. If anyone > has a similar need and is interested in working together on a solution, > this could be a seed around which to start. Besides the easily deployable > PhP implementation, more efficient bindings/implementations for other > languages and/or server/cloud environment could be created (AppEngine comes > to mind.) > > - Godmar > > [1] https://github.com/godmar/isoncampus > [2] http://libx.lib.vt.edu/services/isoncampus/isoncampus.php > > ps: as a side-note, OCLC's OpenURL registry used to include IP-ranges as > they were known to OCLC; this was at some point removed due to privacy > concerns. I do note, however, that in general the ownership of IP-ranges is > public information, as are CIDR ranges, both of which are easily accessible > via web services provided by arin.net or by the regional registries. > Though > mapping from an IP address to its owner is not the same as listing IP > ranges associated with an organization (many include multiple discontiguous > CIDR ranges), I note that some of this information is also public via the > BGP-advertised IP-prefixes for an institution's (main-) AS. In any event, > no one would be forced to run this service if they have privacy concerns. > -- Owen Stephens Owen Stephens Consulting Web: http://www.ostephens.com Email: [log in to unmask]