[foaf-protocols] Multiple entries in SAN in mod_authn_webid
presbrey at csail.mit.edu
Fri Aug 27 00:51:48 CEST 2010
mod_authn_webid  now authenticates users sending SANs with multiple
entries: URI, email, etc.
When there are multiple URIs, the user agent is authenticated as the
first verifiable WebID. Email and other entry types are ignored.
The patch is browsable online  and you can download a new release here:
 http://dig.csail.mit.edu/2009/mod_authn_webid/ (Apache 2 WebID
On to ACLs for tabulator.org...
On Fri, Aug 20, 2010 at 4:37 PM, Joe Presbrey <presbrey at csail.mit.edu> wrote:
> I'm fixing an old bug in the Apache WebID module processing
> certificates with both URI and email.
> As a side effect, I now have multiple SANs to decide how to verify/resolve:
> I'm thinking about an .htaccess directive called AuthWebIDOrder or
> with options: [first, random, all]
> (existing configuration examples listed at
> The options might mean:
> first - try one at a time in listed order, set first to succeed
> random - try one at a time in random order, set first to succeed
> all - try all of them, set all that succeed (?)
> I think the application should get to decide what to do when one is
> authenticated vs. many.
> I will be patching this together this weekend. Please send along your
> thoughts, especially if you use mod_authn_webid. Thanks!
> Joe Presbrey
More information about the foaf-protocols