Thats a good suggestion; it looks the tests are all listed under
http://osis.idcommons.net/wiki/Category:OC5_FeatureTests
Is there an IP regime under which they have been published? I suppose
all materials would follow OSIS rules in general.
- prateek
FYI, the implementations participating in the current round of OpenID
Connect interop testing are described at
http://osis.idcommons.net/wiki/Category:OC5_Solution. You'll see the
list of the 110 feature tests by going to any of the solution pages,
such as http://osis.idcommons.net/wiki/OC5:MITREid_Connect. While many
are specific to OpenID Connect, you'll find that many are actually
testing OAuth functionality. For instance, the test /Support
Authentication to Token Endpoint using HTTP Basic with POST
<http://osis.idcommons.net/wiki/OC5:FeatureTest-Support_Authentication_to_Token_Endpoint_using_HTTP_Basic_with_POST>/is
testing pure OAuth functionality.
-- Mike
*From:*[email protected] [mailto:[email protected]] *On
Behalf Of *Anthony Nadalin
*Sent:* Tuesday, October 08, 2013 4:22 AM
*To:* Prateek Mishra; IETF oauth WG
*Subject:* Re: [OAUTH-WG] Fwd: [oauth-interop] scope and reach of
testing activity
One thing to look at are the OpenID Connect interop tests and the
portions/flows of OAuth that it covers, as that is going on now.
*From:*[email protected] <mailto:[email protected]>
[mailto:[email protected]] *On Behalf Of *Prateek Mishra
*Sent:* Monday, October 7, 2013 2:39 PM
*To:* IETF oauth WG
*Subject:* [OAUTH-WG] Fwd: [oauth-interop] scope and reach of testing
activity
Folks interested in OAuth interop/implementation testing may want to
participate in this discussion.
Details at:
http://www.ietf.org/mail-archive/web/oauth/current/msg12128.html
-------- Original Message --------
*Subject: *
[oauth-interop] scope and reach of testing activity
*Date: *
Fri, 04 Oct 2013 16:48:50 -0700
*From: *
Prateek Mishra <[email protected]>
<mailto:[email protected]>
*Organization: *
Oracle Corporation
*To: *
[email protected] <mailto:[email protected]>
Hello OAuth Interop list,
I would be interested in kicking off a discussion around the definition
of scope and reach of the proposed testing activity.
OAuth interop, of course, is the core activity. I assume this would take
the form of testing the exchanges described
in Sections 4-6 of RFC 6749 for each of the different client and grant
types. Both positive and negative tests would presumably be included.
But OAuth is also a security specification, and there are constraints
defined over OAuth server and client behavior with respect to
redirect_uri checking,
access code and token lifetimes and so on. In addition to the material
in Sections 4-6, there are additional constraints described in
Section 10 and, of course, RFC 6819. So thats another area that would
benefit from a set of tests, but I can see that describing these tests
might be more challenging.
I would be interested in other opinions on the scope and nature of tests
being developed by this group.
- prateek
_______________________________________________
Oauth-interop mailing list
[email protected] <mailto:[email protected]>
https://elists.isoc.org/mailman/listinfo/oauth-interop
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
