[foaf-protocols] Webid Spec: HTTP status codes?
Joe Presbrey
presbrey at csail.mit.edu
Fri Aug 13 01:56:34 CEST 2010
On Thu, Aug 12, 2010 at 7:13 PM, Akbar Hossain <akkiehossain at gmail.com> wrote:
> Joe Presbrey created an apache mod to implement the foaf+ssl authnetication [1].
Hi Akbar, thanks! I'll document the current mod_authn_webid responses
to your rough list inline below.
> A rough list would probably include
>
> TLS connection error
no HTTP connection => no HTTP response status code
> No client certificate supplied
> No URI found in the SAN
401
> Unable to dereference a URI in the SAN
Not considered. Is this a failed GET sub-request of the WebID URI? If
so, this should be 502.
> Public Key in the Client Certificate doesnt match the RSA Public Key in WebId
401.
> Authorised
200
My only use of 403 is in mod_authz_webid (the RDF authorization/ACL
module). At the very least, a more specific HTTP response body should
be returned from the various cases for 401 to differentiate them. I
had this on my TODO but will now hold it until this discussion
concludes.
Best regards,
--
Joe Presbrey
More information about the foaf-protocols
mailing list