[foaf-protocols] Webid Spec: HTTP status codes?
Nathan
nathan at webr3.org
Mon Sep 20 05:01:02 CEST 2010
Joe Presbrey wrote:
> On Thu, Aug 12, 2010 at 7:13 PM, Akbar Hossain <akkiehossain at gmail.com> wrote:
>> Joe Presbrey created an apache mod to implement the foaf+ssl authnetication [1].
>
> Hi Akbar, thanks! I'll document the current mod_authn_webid responses
> to your rough list inline below.
>
>> A rough list would probably include
>>
>> TLS connection error
>
> no HTTP connection => no HTTP response status code
>
>> No client certificate supplied
>> No URI found in the SAN
>
> 401
>
>> Unable to dereference a URI in the SAN
>
> Not considered. Is this a failed GET sub-request of the WebID URI? If
> so, this should be 502.
>
>> Public Key in the Client Certificate doesnt match the RSA Public Key in WebId
>
> 401.
>
>> Authorised
>
> 200
agree with everything up to the 200, we can't specify that as it depends
on the request/verb/ action being taken etc, each successful request
could have any code.
I'd suggest we map to 401 with a description in the message-body of what
went wrong, why not in RDFa w/ a nice ontology for errors..
As for 502, makes sense to me but maybe best to double-check with
httpbis working group.
Cen't see a need for any other status codes at all, either server error
or unauthorised is all we need, then boot to message-body to describe in
more detail, as per http spec.
Best,
Nathan
More information about the foaf-protocols
mailing list