[foaf-protocols] Multiple entries in SAN in mod_authn_webid

Kingsley Idehen kidehen at openlinksw.com
Fri Aug 27 00:59:31 CEST 2010


  On 8/26/10 6:51 PM, Joe Presbrey wrote:
> mod_authn_webid [1] now authenticates users sending SANs with multiple
> entries: URI, email, etc.
>
> When there are multiple URIs, the user agent is authenticated as the
> first verifiable WebID. Email and other entry types are ignored.
>
> The patch is browsable online [2] and you can download a new release here:
> http://dig.csail.mit.edu/2009/mod_authn_webid/Download
>
> [1] http://dig.csail.mit.edu/2009/mod_authn_webid/ (Apache 2 WebID
> authentication module)
> [2] http://dig.xvm.mit.edu/redmine/projects/authn-webid/repository/diff?rev=29573&rev_to=29572
>
> On to ACLs for tabulator.org...
> Best wishes,
>
> --
> Joe Presbrey

We also support SANs with multiple entries. Thus it begs the question: 
how many WebID implementations don't support this important capability? 
Are we still debating this matter re. WebID spec?

Kingsley
> On Fri, Aug 20, 2010 at 4:37 PM, Joe Presbrey<presbrey at csail.mit.edu>  wrote:
>> I'm fixing an old bug in the Apache WebID module processing
>> certificates with both URI and email.
>> As a side effect, I now have multiple SANs to decide how to verify/resolve:
>>
>> I'm thinking about an .htaccess directive called AuthWebIDOrder or
>> AuthWebIDResolve
>> with options: [first, random, all]
>>   (existing configuration examples listed at
>> http://dig.csail.mit.edu/2009/mod_authn_webid/)
>>
>> The options might mean:
>> first - try one at a time in listed order, set first to succeed
>> random - try one at a time in random order, set first to succeed
>> all - try all of them, set all that succeed (?)
>>
>> I think the application should get to decide what to do when one is
>> authenticated vs. many.
>>
>> I will be patching this together this weekend. Please send along your
>> thoughts, especially if you use mod_authn_webid. Thanks!
>>
>> Cheers,
>>
>> --
>> Joe Presbrey
>>
> _______________________________________________
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols
>


-- 

Regards,

Kingsley Idehen	
President&  CEO
OpenLink Software
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen







More information about the foaf-protocols mailing list