Page History
Warning | ||
---|---|---|
| ||
This is an early draft specification. All aspects and details of this document are subject to change. |
...
Contracts covering access to licensed electronic resources may contain language to the effect that access should be permitted to subject physically present in the "library" or on the "campus" or "company" IP network – either in addititon to or as an alternative access method to federated access control. To enable the Service Provider (SP) to determine whether someone accessing their service is on the campus/company network of a given customer (institution) it is usually provided with a list of IP address ranges in some manual, out-of-band process.
This document specifies an attribute that can be used instead of such manual processes by transferring the list of "on-premise" IP network ranges "in-band" as part of each individual's login process. The SP may then dynamically determine whether the current IP address of a subject accessing a given resource is contained within the currently provided list of IP network ranges.
...
Values of this attribute each specify an IP address range of publicly routed IP addresses in CIDR notation that the asserting party considers to be "on - premise".
IP ranges of private network addresses or ULA MUST NOT be included.
...