- From: Cory Sabol <cssabol@uncg.edu>
- Date: Sun, 25 Jun 2017 19:29:16 -0400
- To: Martynas Jusevičius <martynas@atomgraph.com>
- Cc: public-webid <public-webid@w3.org>
Received on Sunday, 25 June 2017 23:29:49 UTC
I've also been wondering the same thing. In my application's auth flow if the webid uri returns of 404 I returned a 400 bad request and reject the Authentication. This way my client side application can decide what to do with that information in terms of what views to render Etc. I think it might be nice if the spec did mention something about this though. On Jun 25, 2017 7:05 PM, "Martynas Jusevičius" <martynas@atomgraph.com> wrote: > Hey, > > what is supposed to happen when the WebID URI extracted from the client > certificate returns 404 Not Found when dereferenced? > > Step 6.1 in Authentication Sequence [1] talks about fetching WebID profile > by dereferencing it, but does not consider a failure scenario. > > What kind of response status code should be sent when such failure occurs? > It is a client error, so probably a 4xx like 400 Bad Request. Although some > servers send SSL-specific like 495 SSL Certificate Error or 496 SSL > Certificate Required, but those are non-standard [2]. > > [1] https://www.w3.org/2005/Incubator/webid/spec/tls/# > authentication-sequence > [2] https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#nginx >
Received on Sunday, 25 June 2017 23:29:49 UTC