[foaf-protocols] Multiple entries in SAN in mod_authn_webid

Joe Presbrey presbrey at csail.mit.edu
Fri Aug 27 00:51:48 CEST 2010


mod_authn_webid [1] now authenticates users sending SANs with multiple
entries: URI, email, etc.

When there are multiple URIs, the user agent is authenticated as the
first verifiable WebID. Email and other entry types are ignored.

The patch is browsable online [2] and you can download a new release here:
http://dig.csail.mit.edu/2009/mod_authn_webid/Download

[1] http://dig.csail.mit.edu/2009/mod_authn_webid/ (Apache 2 WebID
authentication module)
[2] http://dig.xvm.mit.edu/redmine/projects/authn-webid/repository/diff?rev=29573&rev_to=29572

On to ACLs for tabulator.org...
Best wishes,

--
Joe Presbrey

On Fri, Aug 20, 2010 at 4:37 PM, Joe Presbrey <presbrey at csail.mit.edu> wrote:
> I'm fixing an old bug in the Apache WebID module processing
> certificates with both URI and email.
> As a side effect, I now have multiple SANs to decide how to verify/resolve:
>
> I'm thinking about an .htaccess directive called AuthWebIDOrder or
> AuthWebIDResolve
> with options: [first, random, all]
>  (existing configuration examples listed at
> http://dig.csail.mit.edu/2009/mod_authn_webid/)
>
> The options might mean:
> first - try one at a time in listed order, set first to succeed
> random - try one at a time in random order, set first to succeed
> all - try all of them, set all that succeed (?)
>
> I think the application should get to decide what to do when one is
> authenticated vs. many.
>
> I will be patching this together this weekend. Please send along your
> thoughts, especially if you use mod_authn_webid. Thanks!
>
> Cheers,
>
> --
> Joe Presbrey
>


More information about the foaf-protocols mailing list