Anyone who has worked with federations will be familiar with the term WAYF – Where are You From? This is the question you are asked so a service provider can identity which institution you are affiliated with. As a term it’s not so accurate – am I really ‘from’ King’s College? – but as a concept it has helped explain the process in relatively simple terms to non-technical people. The keen eyed among you will have seen a generally tendency to refer to the WAYF as the ‘Discovery Service’ these days, a refinement of terms that always happens as services mature.
However, what happens if I *really* want to know where you are, not where you are from, but where you actually are at this minute? We’ve tended to rely on IP address checking to make this possible, but it has many problems. It means that Service Providers have to maintain and update a list of IP addresses for organisations – JSTOR recently told me that they have up to 3 change requests for IP ranges per day for their services (globally, not from the UK). It’s something that you have to remember to do if your IP range changes, and that depends on the right people being told that changes are occurring. We know it is prone to inaccuracies and human error – a certain provider was for a period of time convinced that the JISC IP range belonged to Bournemouth University. Finally, IP address doesn’t actually give you any interaction with an individual as it applies access indiscriminately to the machine and not to the user, so personalisation, customisation and other identity management features are not possible.
These problems are magnified in the schools sector, where any Service Provider may be dealing with literally thousands of schools customers. There are also even more reasons within the school sector as to why it’s important to know that a logged in student is actually within a specific IP range in terms of serving content to children.
A short while ago, the schools representatives on the UK federation Technical Advisory Group approached the federation staff and asked if it would be possible to include a location assertion in the assertions made by an IdP to support the use cases where geographical location was important. The technical team and EDINA got to work and I’m pleased to say that the UK federation will be commissioning development of a location assertion to meet these use cases. As well as supporting many use-cases within the schools sector we can see places where this could be more broadly used, such as to support walk-in access.
For those interested in learning more, Ian Young recently presented his findings to the TAG and the slides from this talk are below or from slideshare directly. Development work will start shortly, so keep an eye out for further information and updates. If you would like further information on the work, drop a line to the UK federation helpdesk.
…and here are some useful slides from Owen Stephens on this topic from way back at #FAM09.
Pingback: JISC Access Management Team: WAY… « oracle fusion identity
Pingback: UK Access Management Focus · Achieving WAYRN