Versions Compared

Old Version 9

changes.mady.by.user Peter Brand

Saved on

compared with

New Version Current

changes.mady.by.user Peter Brand

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: typo


Warning
titleDO NOT CONUSME CONSUME UNCOOKED

This is an early draft specification. All aspects and details of this document are subject to change.
The whole thing may be scrapped before actually being used anywhere. It may also eat your homework.

...

Contracts covering access to licensed electronic resources may contain language to the effect that access should be permitted to subject physically present in the "library" or on the "campus" or "company" IP network – either in addititon to or as an alternative access method to federated access control. To enable the Service Provider  (SP) to determine whether someone accessing their service is on the campus/company network of a given customer (institution) it is usually provided with a list of IP address ranges in some manual, out-of-band process.

This document specifies an attribute that can be used instead of such manual processes by transferring the list of "on-premise" IP network ranges "in-band" as part of each individual's login process. The SP may then dynamically determine whether the current IP address of a subject accessing a given resource is contained within the currently provided list of IP network ranges.

...

Values of this attribute each specify an IP address range of publicly routed IP addresses in CIDR notation that the asserting party considers to be "on - premise".

IP ranges of private network addresses or ULA MUST NOT be included.

...