InCommon Library Services

Brown currently uses the "standard" set of approaches for providing 
access to electronic resources. On-campus users can access them 
directly; to make this work, librarians manage a set of IP addresses 
at each of the vendors. Off-campus users can 1) use a proxy, or 2) 
use VPN (so their home computer appears to be on campus).

I'm told that we're getting more and more complaints from vendors 
about excessive downloading by specific users. The vendor usually 
sends us a notice that they are blocking access for IP address X.Y.Z. 
This isn't terribly useful, because in many buildings IP addresses 
are managed using DHCP. There's no guarantee that they're actually 
blocking the misbehaving person. In addition, more than half the time 
the cited IP address is within the range used for VPN access -- this 
will never block the misbehaving person.

In a pure Shib environment, I can imagine that the library staff 
could use the Shib IdP logs to identify the miscreant, and then 
remove from that person's user object the entitlement value that 
authorizes that person to use licensed resources. A big hammer, but 
it would certainly get the right person, and get their attention.

In a mixed environment, however, where all campus IP addresses are 
allowed direct access to a provider, and there is VPN access to the 
campus network, I don't see  a workable approach to shutting down one 
user.

I'm curious about how other sites approach this problem... now, or 
even a planned approach ...

thanks!