Subject Re: Report on disco-STEPS
From Andreas Åkre Solberg <andreas.solberg@xxxxxxxxxx>
Date Mon, 12 Jul 2010 10:12:50 +0200

On 12. juli2010, at 09:41, Andrew Cormack wrote:

> Possibly a belated Friday idea, but since we're only looking for hints, do we actually need to actively maintain a full list of IP address mappings? Wouldn't the web2.0 way to do it be to look for what choice had previously been made by 'nearby' IP addresses?
> Clearly there's a small information leakage there - "someone from your site has been here before" - and the WAYF needs to remember some information linked to, say, a /24. People accessing from home via a broadband ISP are going to get slightly random results, but I think that's true of any scheme that tries to use IP addresses as hints.

I've been thinking about this as well. I also planned to implement a proof of concept, but never got to it.

Letting the wayf maintain a list of associations (IP addresss to IdPs); and then sorting the list of IdPs based upon a scoring rule. For a visiting user; each stored association  would contribute a score to a IdP based upon how many bits the current user's IP share with the associated IP in it's largest common prefix.  This system will learn over time, and do not need any configuraiton.

An interesting excercise would be to implement this system in a wayf, letting the system guess what the user would choose; and then log on which place on the ordered list the user really choose. Say, if 95% of all users chooses from the top 5 list, then I would say the idea would be improve the user experience a lot.

Wherever there is a correlation between something the WAYF knows and 'which IdP', the Wayf might use it for what it is worth in order to make a sucky user interface a little less sucky. There definitively is a correlation on both IP address, geo location, user's earlier preferences, which SP the request comes from, the accept-language header, etc. 


Attachment: smime.p7s
Description: S/MIME cryptographic signature