added variant to prevent access to resources even ehen accepting certificate on the TLS layer
--- a/index.html Fri Jul 16 00:13:15 2010 +0200
+++ b/index.html Fri Jul 16 00:28:23 2010 +0200
@@ -408,7 +408,8 @@
query other trusted sources attempting to authenticate the Identification Agent.
</li>
-<li>If authentication of the WebId failed the Verification Agent must not accept the client certificate.</li>
+<li>If authentication of the WebId failed the Verification Agent must not accept the client certificate or
+otherwise prevent access to resources requiring authentication.</li>
<li>If <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> has accepted the
client certificate the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>