Yes, these interop tests are being conducted under the auspices of OSIS, which
is a working group of Identity Commons. You can read about OSIS at
http://osis.idcommons.net/wiki/Main_Page. In particularly note this section:
What the OSIS Interops Are and Are Not
The OSIS Interops provide an opportunity for implementers to try their code
against one another's in a systematic way, providing data to help improve their
implementations. The OSIS Interops are not conformance tests. Participants do
not "pass" or "fail". There is no requirement that you must support particular
features to participate or that you must participate in all aspects of the
Interop.
-- Mike
From: Prateek Mishra [mailto:[email protected]]
Sent: Wednesday, October 09, 2013 1:15 PM
To: Mike Jones
Cc: IETF oauth WG; Anthony Nadalin
Subject: Re: [OAUTH-WG] Fwd: [oauth-interop] scope and reach of testing activity
Thats a good suggestion; it looks the tests are all listed under
http://osis.idcommons.net/wiki/Category:OC5_FeatureTests
Is there an IP regime under which they have been published? I suppose all
materials would follow OSIS rules in general.
- prateek
FYI, the implementations participating in the current round of OpenID Connect
interop testing are described at
http://osis.idcommons.net/wiki/Category:OC5_Solution. You'll see the list of
the 110 feature tests by going to any of the solution pages, such as
http://osis.idcommons.net/wiki/OC5:MITREid_Connect. While many are specific to
OpenID Connect, you'll find that many are actually testing OAuth functionality.
For instance, the test Support Authentication to Token Endpoint using HTTP
Basic with
POST<http://osis.idcommons.net/wiki/OC5:FeatureTest-Support_Authentication_to_Token_Endpoint_using_HTTP_Basic_with_POST>
is testing pure OAuth functionality.
-- Mike
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]] On Behalf Of Anthony Nadalin
Sent: Tuesday, October 08, 2013 4:22 AM
To: Prateek Mishra; IETF oauth WG
Subject: Re: [OAUTH-WG] Fwd: [oauth-interop] scope and reach of testing activity
One thing to look at are the OpenID Connect interop tests and the
portions/flows of OAuth that it covers, as that is going on now.
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]] On Behalf Of Prateek Mishra
Sent: Monday, October 7, 2013 2:39 PM
To: IETF oauth WG
Subject: [OAUTH-WG] Fwd: [oauth-interop] scope and reach of testing activity
Folks interested in OAuth interop/implementation testing may want to
participate in this discussion.
Details at:
http://www.ietf.org/mail-archive/web/oauth/current/msg12128.html
-------- Original Message --------
Subject:
[oauth-interop] scope and reach of testing activity
Date:
Fri, 04 Oct 2013 16:48:50 -0700
From:
Prateek Mishra <[email protected]><mailto:[email protected]>
Organization:
Oracle Corporation
To:
[email protected]<mailto:[email protected]>
Hello OAuth Interop list,
I would be interested in kicking off a discussion around the definition
of scope and reach of the proposed testing activity.
OAuth interop, of course, is the core activity. I assume this would take
the form of testing the exchanges described
in Sections 4-6 of RFC 6749 for each of the different client and grant
types. Both positive and negative tests would presumably be included.
But OAuth is also a security specification, and there are constraints
defined over OAuth server and client behavior with respect to
redirect_uri checking,
access code and token lifetimes and so on. In addition to the material
in Sections 4-6, there are additional constraints described in
Section 10 and, of course, RFC 6819. So thats another area that would
benefit from a set of tests, but I can see that describing these tests
might be more challenging.
I would be interested in other opinions on the scope and nature of tests
being developed by this group.
- prateek
_______________________________________________
Oauth-interop mailing list
[email protected]<mailto:[email protected]>
https://elists.isoc.org/mailman/listinfo/oauth-interop
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
