Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Reverted from v. 4

...

  1. Clarified the problem statement. Different to the solution proposed in WAYRN.
  2. Clarified what this problem actually is. It is the brokenness of existing publisher ACL mechanisms? This work on sending a CIDR record (or records) to a service provider that traditionally does IP based authorisation is to simulate or replace the user host IP because the CIDR database already exists at the resource provider.

  3. The problem will become more confusing with the deployment of IPv6.

  4. The problem does not solve organisations without FIXED address ranges (i.e. commodity internet access).
  5. Answers to Questions:

    1. Q: Should this be its own attribute? (as it is in the UK) - NO

    2. Q: Should it be an entitlement value? (i.e. CIDR=192.168.12.0/23) - NO

    3. Q: Should we implement this for simpleSAMLphp? - NO

    4. Q: Is a geolocation entitlement value also of interest/value? (i.e. latlong=44.802453,20.48491) - NO

  6. SAML Metadata has the Geolocation and IP ranges of institutions for Discovery Hints - but this is NOT authoritative location of use data or meant for authorization purposes. Semantics are different.

ACTIVITIES GOING FORWARD / NEXT STEPS

...