Sean Mehan wrote:
> Hi. Yes, interesting. We have been working on this very thing up at UHI.
> Basic concept: Using a linux box running ipfilters, it walls off a subnet
> to all unknown machines, throws the unknown user out to an IdP, and upon
> auth, throws the user's (now known) mac into the filter with a timeout to
> allow them through.
>
> Is it worthwhile us putting in a blurb to the consultation about this,
> Nicole, or would it simply distract?
>
> Would other people find this approach useful or not?
Hi Sean,
Within the eduroam federation (which the JANET Roaming Service is
affiliated to) all forms of web redirection have been depecated in
favour of 802.1X (in the context of network access). The approach you've
suggested has been considered.
IMHO, a more interesting application of Shibboleth in this space is
providing richer AuthZ via some Shibb/RADIUS gateway.
Best regards, josh.
|