Subject Re: Report on disco-STEPS
From Thomas Lenggenhager <lenggenhager@xxxxxxxxx>
Date Mon, 12 Jul 2010 13:36:44 +0200

On 12.07.10 12:02, John Paschoud wrote:
> Another way to do this of course would avoid maintenance of IP range
> lists at all by a WAYF (or by SPs), and add IP-checking to the IdP:  If
> a user was (appeared to be from current IP address) "in the library" or
> "on campus", a Location-aware IdP could (when a user was in a recognised
> IP range/'place') return an agreed EduPersonEntitlement value (like
> "InLibrary@xxxxxxxxxxxxx" or "OnCampus@xxxxxxxxxxxxx" to an SP, and
> skip challenging for a password.  

Interesting idea. However, if a student of UniA would go online in the
library of UniB, the IdP of UniA (the one the user would most likely
choose when asked 'Where are you from') would not be able to recognize
his presence at UniB.

Here it should be up to the user to decide whether he wants to act (and
authenticate) as student of UniA or as walk-in of UniB.
The set of licensed content is likely to be different for UniA and UniB,
which might be the reason why he went into the library of UniB.

Doing too much 'magic' might also confuse users.


Serving Swiss Universities
Thomas Lenggenhager
P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 1505  direct +41 44 268 1541