Your SlideShare is downloading. ×
0
Location Assertion - Nicole Harris, JISC Advance
Location Assertion - Nicole Harris, JISC Advance
Location Assertion - Nicole Harris, JISC Advance
Location Assertion - Nicole Harris, JISC Advance
Location Assertion - Nicole Harris, JISC Advance
Location Assertion - Nicole Harris, JISC Advance
Location Assertion - Nicole Harris, JISC Advance
Location Assertion - Nicole Harris, JISC Advance
Location Assertion - Nicole Harris, JISC Advance
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Location Assertion - Nicole Harris, JISC Advance

520

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
520
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Location Assertion Nicole Harris FAM12 6th November 2012
  • 2. From Where Are You From to Where Are You Now?
  • 3. Problem Statement• Original requirement from the Schools Sector;• SP Business Case: – Primary market is individual home users; – Secondary sales to schools for pupils ‘on network’;• Need to distinguish these cases;• Desire to move from SP recognising IP to IdP asserting location.
  • 4. Why not IP authentication?• Often not granular enough;• Easy to ‘fake’;• Difficult to maintain accurately;• Prone to keying errors;• Low tech implementations.
  • 5. Location Assertion Extension• Extension to Shibboleth;• Downloadable and implementable now;(https://github.com/ukf/ua-attribute-idp- ext);• Creates attributes at the time of authentication based on IP address of the user agent;• SP can make decisions based on known location as well as other assertions.
  • 6. What Does it Look Like?New Subsidiary attribute and use of eduPersonEntitlementresolver:DataConnector id=”userAgentAttributes”xsi:type=”uadc:UserAgentMappedAttributes”uadc:Mapping cidrBlock=”217.155.0.0/16″attributeId=”userAgent”attributeValue=”http://iay.org.uk/networks/zenInternet”/uadc:Mapping cidrBlock=”82.68.0.0/14″attributeId=”userAgent”attributeValue=”http://iay.org.uk/networks/zenInternet”/uadc:Mapping cidrBlock=”192.168.117.19/32″attributeId=”eduPersonEntitlement”attributeValue=”http://iay.org.uk/entitlements/kestrel”/
  • 7. Solving Walk-in?• Allows Walk-in with BYOD;• Easy to provision guest accounts that don’t work outside the institutional boundary;• Able to configure walk-in at a granular level for SPs that don’t allow.BUT…
  • 8. Service Provider ImplementationPublishers have to actually consume and react to the attributes being passed.
  • 9. More informationBlog post:• http://access.jiscinvolve.org/wp/wayrn2/The code:• https://github.com/ukf/ua-attribute-idp-ext

×