[foaf-protocols] Webid Spec: HTTP status codes?

Nathan nathan at webr3.org
Mon Sep 20 05:01:02 CEST 2010


Joe Presbrey wrote:
> On Thu, Aug 12, 2010 at 7:13 PM, Akbar Hossain <akkiehossain at gmail.com> wrote:
>> Joe Presbrey created an apache mod to implement the foaf+ssl authnetication [1].
> 
> Hi Akbar, thanks! I'll document the current mod_authn_webid responses
> to your rough list inline below.
> 
>> A rough list would probably include
>>
>> TLS connection error
> 
> no HTTP connection => no HTTP response status code
> 
>> No client certificate supplied
>> No URI found in the SAN
> 
> 401
> 
>> Unable to dereference a URI in the SAN
> 
> Not considered. Is this a failed GET sub-request of the WebID URI? If
> so, this should be 502.
> 
>> Public Key in the Client Certificate doesnt match the RSA Public Key in WebId
> 
> 401.
> 
>> Authorised
> 
> 200

agree with everything up to the 200, we can't specify that as it depends 
on the request/verb/ action being taken etc, each successful request 
could have any code.

I'd suggest we map to 401 with a description in the message-body of what 
went wrong, why not in RDFa w/ a nice ontology for errors..

As for 502, makes sense to me but maybe best to double-check with 
httpbis working group.

Cen't see a need for any other status codes at all, either server error 
or unauthorised is all we need, then boot to message-body to describe in 
more detail, as per http spec.

Best,

Nathan


More information about the foaf-protocols mailing list