[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[upki-fed:00482] Re: FYI: ブラウザのIPアドレスを元に属性を生成するIdPプラグイン
- Subject: [upki-fed:00482] Re: FYI: ブラウザのIPアドレスを元に属性を生成するIdPプラグイン
- Date: Fri, 06 Jul 2012 12:59:16 +0900
- From: "NODA, Hideaki" <xxxxx@xxxxxxxxxxxxxxxxx>
みなさま
千葉大 野田です.
以前に西村先生からご紹介いただいたプラグイン,
UK Federationから図書館関係者向けのメール広報が出ました.
(JISC LIS-E-RES メーリングリストより)
プラグインが活用できそうな想定事例もありますね.
ご参考まで。。。
---
The UK federation has developed a Shibboleth IdP extension which lets the identity provider (most commonly an institution) release an attribute which is dependent on the user's IP address. So, for example, the IdP could release an entitlement indicating that a student was logging in from the campus network.
This allows the user's IP address to be used to be matched against policy rules to inform service providers (most commonly publishers) about the user's network location.
An example of how this could be used would be where a license has different terms for on-site and home use. The "user agent attribute" could then be used to define which locations were permissible for a particular use case. In the context of a resource that had terms in its license that meant it should only be access when supervised by a teacher (in a schools context), it would allow the resource provider to prevent a user accessing the content when outside a school.
The UK federation has developed this extension with the schools sector in mind, however if you think it would help your own situation or just want to know more, please contact us or click the link below
http://www.ukfederation.org.uk/content/News/2012-07-05-UAA
Many thanks
Mark
Mark Williams
Operator Manager
UK Access Management Federation
JISC Collections
Brettenham House
5 Lancaster Place
London
WC2E 7EN
----- Original Message -----
> 西村です。
>
> おもしろいIdPプラグインを見つけましたのでご紹介させていただきます。
>
> URLは最後に貼付した英文メール中にありますが、このIdPプラグインを
> 使えば利用者がどこからアクセスしているか(アクセス元IPアドレス)に
> 応じて、例えば学内の場合のみ1になる属性を生成することができます。
> これ単体で学認の属性として使うことはないと思いますが、既存の
> 属性とattribute-resolver.xml/attribute-filter.xmlで組み合わせれば、
> 例えば学内からのアクセスの場合のみに正当なeduPersonEntitlement属性
> を送出するようなことが考えられます。
>
> そもそも、学認はどこからでもアクセスできるのが売りですので、利用者が
> どこからアクセスしているかで結果を変える必要があるというのがかなりの
> レアケースかもしれませんが、そのようなケースでは役に立つと思いますの
> で、ご参考まで。
>
> -------- Original Message --------
> Subject: User Agent Based Attributes Extensions
> Date: Thu, 12 Apr 2012 11:23:43 -0400
> From: Chad La Joie <xxxxxx@xxxxxxxxx>
> Reply-To: Shib Dev <xxx@xxxxxxxxxxxxxx>
> To: Shib Dev <xxx@xxxxxxxxxxxxxx>
>
> The UK Federation asked me to create a plugin that could generate
> attributes, during attribute resolution, based on the IP address of
> the user agent at the time of authentication. The extension works for
> both front and back-channel requests.
>
> Now that the plugin is complete, they have made it available on github
> in case others would have a use for it. You can find the information
> on the plugin here:
>
> https://github.com/ukf/ua-attribute-idp-ext
>
> --
> Chad La Joie
> www.itumi.biz
> trusted identities, delivered
> --
> To unsubscribe from this list send an email to xxxxxxxxxxxxxxx@xxxxxxxxxxxxxx
>
>
------------------------
NODA, Hideaki / 野田 英明
千葉大学附属図書館 亥鼻分館
Tel: 043-226-2211(ex.5604)
Fax: 043-226-2214
Mail: xxxxx@xxxxxxxxxxxxxxxxx
-------------------------
Chiba University Library of Health Sciences
http://www.LL.chiba-u.jp/