On Tue, 24 Apr 2007, Ian Young wrote: >> The hard part is the SP locating that information in it's own logs and >> matching those tokens to a flame post in a shibbed message board for >> example. I presume that's what all this is for? > > Yes, things like that or egregious abuses of licensed resources. One > I've heard about more than once is the person who downloads maps of > every part of the UK from a geo server. > > The question of how the SP maintains the information required at their > end is, of course, up to them. You don't have to care about that for > section 6 purposes. An entirely analogous situation already exists for operators of institution web proxies and NAT gateways: SPs report alleged abuse quoting various bits of information (commonly origin IP address as seen from their end, more-or-less accurate time, target URLs, etc.) and proxy and gateway operators search their logs, normally manually, for information to help to identify the perpetrator. Typically this will result in an internal IP address which requires further work to resolve to an individual - in this respect Shib should be easier since the IdP already has identity information (modulo password-sharing, security breaches, etc.). The current situation is by-and-large manageable as things stand, though if the volume of complaints were to rise then some sot of automation would be required, which in turn would require some sort of profile for reports. Jon. -- Jon Warbrick Web/News Development, Computing Service, University of Cambridge