[foaf-protocols] Bootstrapping the Semantic Inbox

Toby Inkster mail at tobyinkster.co.uk
Tue Sep 28 09:39:29 CEST 2010

On Tue, 28 Sep 2010 09:16:29 +0200
Pierre-Antoine Champin <swlists-040405 at champin.net> wrote:

> Just a question: how do you manage differently unauthenticated vs.
> authenticated POSTs?

If the POST is authenticated via WebID, then the foaf:mbox from the
client's FOAF is used. If not, they have to provide an HTTP "From"
header to set their email address. (If they're authenticated, they're
still able to provide an explicit "From" header which will be used,
but they don't have to.)

Authenticated clients get their WebID added as a message header:

	Link: <webid>; rel="http://xmlns.com/foaf/0.1/maker"

Other than that, they're treated identically. Though the configuration
file (mbox.php) allows you to set $__webid to 'force' which will
disallow any unauthenticated requests.

Toby A Inkster
<mailto:mail at tobyinkster.co.uk>

More information about the foaf-protocols mailing list