[foaf-protocols] Conclusions on Multiple SAN in Apache WebID module

Joe Presbrey presbrey at csail.mit.edu
Fri Aug 20 22:37:36 CEST 2010

I'm fixing an old bug in the Apache WebID module processing
certificates with both URI and email.
As a side effect, I now have multiple SANs to decide how to verify/resolve:

I'm thinking about an .htaccess directive called AuthWebIDOrder or
with options: [first, random, all]
 (existing configuration examples listed at

The options might mean:
first - try one at a time in listed order, set first to succeed
random - try one at a time in random order, set first to succeed
all - try all of them, set all that succeed (?)

I think the application should get to decide what to do when one is
authenticated vs. many.

I will be patching this together this weekend. Please send along your
thoughts, especially if you use mod_authn_webid. Thanks!


Joe Presbrey

More information about the foaf-protocols mailing list