Subject RE: Report on disco-STEPS
From Andrew Cormack <Andrew.Cormack@xxxxxx>
Date Mon, 12 Jul 2010 07:41:07 +0000

Possibly a belated Friday idea, but since we're only looking for hints, do we actually need to actively maintain a full list of IP address mappings? Wouldn't the web2.0 way to do it be to look for what choice had previously been made by 'nearby' IP addresses?

Clearly there's a small information leakage there - "someone from your site has been here before" - and the WAYF needs to remember some information linked to, say, a /24. People accessing from home via a broadband ISP are going to get slightly random results, but I think that's true of any scheme that tries to use IP addresses as hints.

Just a thought...

Andrew Cormack, Chief Regulatory Adviser
JANET(UK), Lumen House, Library Avenue, Harwell Science and Innovation Campus, Didcot, OX11 0SG, UK
Phone: +44 (0) 1235 822302
Fax: +44 (0) 1235 822399

JANET, the UK's education and research network

JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG

> -----Original Message-----
> From: john.paschoud@xxxxxxxxx [mailto:john.paschoud@xxxxxxxxx] On
> Behalf Of John Paschoud
> Sent: 12 July 2010 08:07
> To: REFEDS list
> Subject: Re: [refeds] Report on disco-STEPS
> On 12 July 2010 07:41, <alex.reid@xxxxxxxxxx> wrote:
> 	Would it not be possible for the SP, when first
> 	approached by a potential user, to send to the
> 	WAYF the IP address from which the user is
> 	accessing the SP?  If the WAYF were equipped with
> 	a list of "standard" IP address ranges for each
> 	IdP (ie ones which are assigned to that IdP
> 	institution), it could be programmed to ask
> 	*first* (before offering the whole list of IdPs)
> 	if the one relating to that IP address was theirs.
> I'm pretty sure we discussed this approach in a much earlier (and more-
> theoretical/less-desperate than today's) iteration of the "how do you
> scale the WAYF" conversation.  I can certainly remember thinking about
> the accessibility of a users IP address to the WAYF.
> One reason that it didn't go further, then, was because an argument
> being used for SPs to convert from IP-checking to enforce on-campus-
> use-only licences, to Shib (and authorised-use-anywhere), was "stop
> having to maintain all those pesky per-campus IP ranges".  And of
> course, this only provides a solution for on-campus users.
> However, with the existing and unavoidable federation overhead of
> entity metadata refresh, adding a few more bytes to describe the
> potential IP range for on-campus users shouldn't be a big deal.  On a
> mega-WAYF scale, IP to identify country of location for a user is a lot
> simpler;  to suggest which WAYF might be offered as default.  The
> caution is that there's potential here for us to create some quite
> annoying end user interfaces!
> What I don't remember is whether the discussion got as far as anyone
> documenting it.  A trawl of the earlier Internet2 Shib lists (which I
> haven't tried) might reveal it;  but you'd probably need to think of a
> smarter search term than just "WAYF and IP"!
> John
> --
> John Paschoud
> InfoSystems Engineer & Projects Manager, LSE Library
> E: J.Paschoud@xxxxxxxxx
> M: +44.7753 740526
> Skype: paschoud
> Visit for information about current & recent projects