A number of web applications, both client and server-side, could benefit if
it could be easily determined if a user is on or off campus with respect to
accessing resources that use IP-address based authentication.
For instance, a web site could show/hide a button asking the user to "log
in," or a proxied/non-proxied URL could be displayed depending on whether
the user is connecting from within/outside an authorized IP range. This
would reduce or eliminate the need for special proxy setups/unnecessary
proxy use and could improve the user experience.
This is probably a problem for which many ad-hoc solutions exist on
campuses as well as solutions integrated into vendor-provided systems. It
would be nice, and beneficial to in particular LibX, but also presumably
other software that is facing this problem, to have a reusable service
implementation/response format that is easily deployable and requires only
minimum effort for setup and maintenance. Maintenance should be as simple
as maintaining a file with the IP-ranges in a directory, like many
libraries already do for their communication with database vendors or
publishers.
My question is what existing ideas/standards/software exists for this
purpose, if any, or what ideas/approaches others could share.
I would like to point at a small piece of software I'm sharing, which is a
PhP-based isoncampus service [1], a demo is available here [2]. If anyone
has a similar need and is interested in working together on a solution,
this could be a seed around which to start. Besides the easily deployable
PhP implementation, more efficient bindings/implementations for other
languages and/or server/cloud environment could be created (AppEngine comes
to mind.)
- Godmar
[1] https://github.com/godmar/isoncampus
[2] http://libx.lib.vt.edu/services/isoncampus/isoncampus.php
ps: as a side-note, OCLC's OpenURL registry used to include IP-ranges as
they were known to OCLC; this was at some point removed due to privacy
concerns. I do note, however, that in general the ownership of IP-ranges is
public information, as are CIDR ranges, both of which are easily accessible
via web services provided by arin.net or by the regional registries. Though
mapping from an IP address to its owner is not the same as listing IP
ranges associated with an organization (many include multiple discontiguous
CIDR ranges), I note that some of this information is also public via the
BGP-advertised IP-prefixes for an institution's (main-) AS. In any event,
no one would be forced to run this service if they have privacy concerns.
|