[foaf-protocols] Conclusions on Multiple SAN in Apache WebID module

Joe Presbrey presbrey at csail.mit.edu
Fri Aug 20 22:37:36 CEST 2010


I'm fixing an old bug in the Apache WebID module processing
certificates with both URI and email.
As a side effect, I now have multiple SANs to decide how to verify/resolve:

I'm thinking about an .htaccess directive called AuthWebIDOrder or
AuthWebIDResolve
with options: [first, random, all]
 (existing configuration examples listed at
http://dig.csail.mit.edu/2009/mod_authn_webid/)

The options might mean:
first - try one at a time in listed order, set first to succeed
random - try one at a time in random order, set first to succeed
all - try all of them, set all that succeed (?)

I think the application should get to decide what to do when one is
authenticated vs. many.

I will be patching this together this weekend. Please send along your
thoughts, especially if you use mod_authn_webid. Thanks!

Cheers,

--
Joe Presbrey


More information about the foaf-protocols mailing list