[foaf-protocols] Conclusions on Multiple SAN in Apache WebID module
presbrey at csail.mit.edu
Fri Aug 20 22:37:36 CEST 2010
I'm fixing an old bug in the Apache WebID module processing
certificates with both URI and email.
As a side effect, I now have multiple SANs to decide how to verify/resolve:
I'm thinking about an .htaccess directive called AuthWebIDOrder or
with options: [first, random, all]
(existing configuration examples listed at
The options might mean:
first - try one at a time in listed order, set first to succeed
random - try one at a time in random order, set first to succeed
all - try all of them, set all that succeed (?)
I think the application should get to decide what to do when one is
authenticated vs. many.
I will be patching this together this weekend. Please send along your
thoughts, especially if you use mod_authn_webid. Thanks!
More information about the foaf-protocols