[foaf-protocols] Conclusions on Multiple SAN in Apache WebID module
Joe Presbrey
presbrey at csail.mit.edu
Fri Aug 20 22:37:36 CEST 2010
I'm fixing an old bug in the Apache WebID module processing
certificates with both URI and email.
As a side effect, I now have multiple SANs to decide how to verify/resolve:
I'm thinking about an .htaccess directive called AuthWebIDOrder or
AuthWebIDResolve
with options: [first, random, all]
(existing configuration examples listed at
http://dig.csail.mit.edu/2009/mod_authn_webid/)
The options might mean:
first - try one at a time in listed order, set first to succeed
random - try one at a time in random order, set first to succeed
all - try all of them, set all that succeed (?)
I think the application should get to decide what to do when one is
authenticated vs. many.
I will be patching this together this weekend. Please send along your
thoughts, especially if you use mod_authn_webid. Thanks!
Cheers,
--
Joe Presbrey
More information about the foaf-protocols
mailing list