[
https://issues.apache.org/jira/browse/CLEREZZA-479?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13031180#comment-13031180
]
Reto Bachmann-Gmür commented on CLEREZZA-479:
---------------------------------------------
There seems to be a major security issue here: if the webid cannot be
dereference a new user can still log in and rights can be granted to this user,
anybody can now login and claim this webid and impersonate that user, no
certificate validation occurs. Please roll back this changes asap.
> WebID test suite
> ----------------
>
> Key: CLEREZZA-479
> URL: https://issues.apache.org/jira/browse/CLEREZZA-479
> Project: Clerezza
> Issue Type: New Feature
> Reporter: Henry Story
>
> We need a test suite to be able to help work out where WebID authentication
> fails. This can be useful in a number of ways:
> 1. for helping developers and end users work out where a problem lies
> 2. to build test suites to test the local webid implementations.
> For 2 the result should be marked up so as to show what tests succeeded and
> where the error occurred using an ontology to be specified on the w3c webid
> working group. This will then allow other robot services to be created which
> can the send requests, broken or valid, and check if the results are correct.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
