[foaf-protocols] Logging out early w/ OCSP

Joe Presbrey presbrey at csail.mit.edu
Mon Sep 20 17:04:15 CEST 2010


Do your WebID IdP's implement OCSP?

http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol

On a public terminal, It seems I can ask for a 30-minute session
(literally with X509 enddate/notAfter) but I can't end it early
without OCSP.

I would think my IdP's should send OCSP denials for requests for my
temporarily-issued cert after I click my IdP's Logout button.

Apache implements OCSP:
http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslocspenable

--
Joe Presbrey


More information about the foaf-protocols mailing list