[foaf-protocols] Webid Spec: HTTP status codes?

Joe Presbrey presbrey at csail.mit.edu
Fri Aug 13 01:56:34 CEST 2010


On Thu, Aug 12, 2010 at 7:13 PM, Akbar Hossain <akkiehossain at gmail.com> wrote:
> Joe Presbrey created an apache mod to implement the foaf+ssl authnetication [1].

Hi Akbar, thanks! I'll document the current mod_authn_webid responses
to your rough list inline below.

> A rough list would probably include
>
> TLS connection error

no HTTP connection => no HTTP response status code

> No client certificate supplied
> No URI found in the SAN

401

> Unable to dereference a URI in the SAN

Not considered. Is this a failed GET sub-request of the WebID URI? If
so, this should be 502.

> Public Key in the Client Certificate doesnt match the RSA Public Key in WebId

401.

> Authorised

200

My only use of 403 is in mod_authz_webid (the RDF authorization/ACL
module).  At the very least, a more specific HTTP response body should
be returned from the various cases for 401 to differentiate them. I
had this on my TODO but will now hold it until this discussion
concludes.

Best regards,

--
Joe Presbrey


More information about the foaf-protocols mailing list