[foaf-protocols] Multiple entries in SAN in mod_authn_webid
kidehen at openlinksw.com
Fri Aug 27 00:59:31 CEST 2010
On 8/26/10 6:51 PM, Joe Presbrey wrote:
> mod_authn_webid  now authenticates users sending SANs with multiple
> entries: URI, email, etc.
> When there are multiple URIs, the user agent is authenticated as the
> first verifiable WebID. Email and other entry types are ignored.
> The patch is browsable online  and you can download a new release here:
>  http://dig.csail.mit.edu/2009/mod_authn_webid/ (Apache 2 WebID
> authentication module)
>  http://dig.xvm.mit.edu/redmine/projects/authn-webid/repository/diff?rev=29573&rev_to=29572
> On to ACLs for tabulator.org...
> Best wishes,
> Joe Presbrey
We also support SANs with multiple entries. Thus it begs the question:
how many WebID implementations don't support this important capability?
Are we still debating this matter re. WebID spec?
> On Fri, Aug 20, 2010 at 4:37 PM, Joe Presbrey<presbrey at csail.mit.edu> wrote:
>> I'm fixing an old bug in the Apache WebID module processing
>> certificates with both URI and email.
>> As a side effect, I now have multiple SANs to decide how to verify/resolve:
>> I'm thinking about an .htaccess directive called AuthWebIDOrder or
>> with options: [first, random, all]
>> (existing configuration examples listed at
>> The options might mean:
>> first - try one at a time in listed order, set first to succeed
>> random - try one at a time in random order, set first to succeed
>> all - try all of them, set all that succeed (?)
>> I think the application should get to decide what to do when one is
>> authenticated vs. many.
>> I will be patching this together this weekend. Please send along your
>> thoughts, especially if you use mod_authn_webid. Thanks!
>> Joe Presbrey
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
More information about the foaf-protocols