[foaf-protocols] Fw: CPAN Upload: T/TO/TOBYINK/CGI-Auth-FOAF_SSL-1.001_02.tar.gz
Toby Inkster
tai at g5n.co.uk
Tue Jan 18 18:16:59 CET 2011
On Tue, 18 Jan 2011 09:06:35 -0800
Peter Williams <home_pw at msn.com> wrote:
> so what does it mean to put multiple refs in the cert's subj alt name?
I think most implementations do support this now - it's a feature
that's been much discussed on this list in the past. CGI::Auth::FOAF_SSL
was one of the first to do support it.
Essentially if you've got a subjectAltName of:
URI:http://alice.example/foaf#me URI:http://example.com/alice.rdf#me
Then the certificate is claiming that both URIs are identifiers for the
agent (i.e. person, usually) making the HTTPS request.
In terms of server implementation, you'd check the first URI, and then
fall back to subsequent URIs in the case where the first did not result
in a positive authentication.
--
Toby A Inkster
<mailto:mail at tobyinkster.co.uk>
<http://tobyinkster.co.uk>
More information about the foaf-protocols
mailing list