You can query the Tailscale API socket locally from your application to see who someone is (email address) based on the connecting IP. It would be nice if the API let you tap into their ACL system as well