A large proportion of access decisions (or authorization decisions) are based on the physical location of the user. The design of the internet means that it is quite difficult for a resource host to know, for sure, where a user is in the physical world. This chapter explains how the topology of the internet relates to the geography of the real world, and how services can make access decisions by making a ‘reasonable guess’ about the location of a user based on an IP address.

Introduction

The internet is based on technical protocols which allow the traffic which uses the network to find its destination. While humans rely on the domain name system, the computers which actually handle the routing of data use the more fundamental and more systematically structured IP address system. As well as providing the (non-physical) location of devices attached to the internet, this underlying structure can be used to determine physical location too, and this is the basis for some of the simplest forms of access control, even if the structure itself is quite technical and has a complex history.

Domains and domain names

Domain names are effectively the basis for human-understandable interaction with the internet. People are familiar with typing URLs (uniform resource locators), such as http://en.wikipedia.org/wiki/Rivera_Plate (obtained from Wikipedia's random article function), into web browsers in order to access the resource.

A URL can be broken up into several pieces. The first piece is the choice of how to access the resource (here http, which is the basic protocol used on the web), then the domain name (here en.wikipedia.org) which indicates the location of the resource, classically a single server attached to the internet, and then the ‘path’, the specific location of the item required on the server (here /wiki/Rivera_Plate), a single web page or a call to software to generate a viewable page (as in this case). A complete domain name such as en.wikipedia.org is known as a ‘fully qualified’ domain name. Not only does the URL move from the general to the specific, but so does the domain name itself – though it does so from right to left instead of left to right, for historical reasons. In the example, the most general part, known as a top level domain (TLD), is ‘org’, more or less indicating a non-commercial organization which is either American or international in scope.