Location, location, location
DATE: 21 November 2012
TIME: 14:45
ROOM: Alternative
TOPIC:
CONVENER: Brook
SCRIBE: Brook
# of ATTENDEES: Peter, Montonori (2)
MAIN ISSUES DISCUSSED
- Clarified the problem statement. Different to the solution proposed in WAYRN.
Clarified what this problem actually is. It is the brokenness of existing publisher ACL mechanisms? This work on sending a CIDR record (or records) to a service provider that traditionally does IP based authorisation is to simulate or replace the user host IP because the CIDR database already exists at the resource provider.
The problem will become more confusing with the deployment of IPv6.
- The problem does not solve organisations without FIXED address ranges (i.e. commodity internet access).
Answers to Questions:
Q: Should this be its own attribute? (as it is in the UK) - NO
Q: Should it be an entitlement value? (i.e. CIDR=192.168.12.0/23) - NO
Q: Should we implement this for simpleSAMLphp? - NO
Q: Is a geolocation entitlement value also of interest/value? (i.e. latlong=44.802453,20.48491) - NO
SAML Metadata has the Geolocation and IP ranges of institutions for Discovery Hints - but this is NOT authoritative location of use data or meant for authorization purposes. Semantics are different.
ACTIVITIES GOING FORWARD / NEXT STEPS
- Don't standardise this work. Don't spread this mess. Don't present to other federations.
- Brook can continue to talk about location - but not about this! (see the Location Awareness Work Item from TF-MNM).
RESOURCES
- http://access.jiscinvolve.org/wp/wayrn-where-are-you-right-now/
- http://access.jiscinvolve.org/wp/wayrn2/
- http://www.eduserv.org.uk/newsandevents/events/2012/fam12/stream-two
- https://github.com/ukf/ua-attribute-idp-ext
If slides, websites or other pointers for information are used in the session, please attach them to this page or send them to the secretary for posting.
If you don't have an account on the TERENA wiki you can post your notes as a comment to this page - and they'll be incorporated into the notes and then deleted.