Subject Re: Report on disco-STEPS
From Andreas Åkre Solberg <andreas.solberg@xxxxxxxxxx>
Date Mon, 12 Jul 2010 08:56:42 +0200

On 12. juli2010, at 08:40, Alex Reid wrote:

> Would it not be possible for the SP, when first approached by a potential user, to send to the WAYF the IP address from which the user is accessing the SP?  If the WAYF were equipped with a list of "standard" IP address ranges for each IdP (ie ones which are assigned to that IdP institution), it could be programmed to ask *first* (before offering the whole list of IdPs) if the one relating to that IP address was theirs.

1) This is already implemented in simpleSAMLphp. The option is 'cidr.hint', a list of prefixes, configured for each IdP.
2) As the disco protocol is front-channel, the discovery service knows the IP of the user, hence it does not need the SP to send it. 
3) IP ranges are a hassle to maintain; therefore we (GN3 Identity Federations) planned on doing much of the same using the HTML5 Geo-location API. And if I'm correct Wayf is working on that as we speak, and probably will announce when this is complete.


Attachment: smime.p7s
Description: S/MIME cryptographic signature