On Tue, 24 Apr 2007, Ian Young wrote:
>> The hard part is the SP locating that information in it's own logs and
>> matching those tokens to a flame post in a shibbed message board for
>> example. I presume that's what all this is for?
>
> Yes, things like that or egregious abuses of licensed resources. One
> I've heard about more than once is the person who downloads maps of
> every part of the UK from a geo server.
>
> The question of how the SP maintains the information required at their
> end is, of course, up to them. You don't have to care about that for
> section 6 purposes.
An entirely analogous situation already exists for operators of
institution web proxies and NAT gateways: SPs report alleged abuse quoting
various bits of information (commonly origin IP address as seen from their
end, more-or-less accurate time, target URLs, etc.) and proxy and gateway
operators search their logs, normally manually, for information to help to
identify the perpetrator. Typically this will result in an internal IP
address which requires further work to resolve to an individual - in this
respect Shib should be easier since the IdP already has identity
information (modulo password-sharing, security breaches, etc.).
The current situation is by-and-large manageable as things stand, though
if the volume of complaints were to rise then some sot of automation would
be required, which in turn would require some sort of profile for reports.
Jon.
--
Jon Warbrick
Web/News Development, Computing Service, University of Cambridge
|