Folks interested in OAuth interop/implementation testing may want to
participate in this discussion.
Details at:
http://www.ietf.org/mail-archive/web/oauth/current/msg12128.html
-------- Original Message --------
Subject: [oauth-interop] scope and reach of testing activity
Date: Fri, 04 Oct 2013 16:48:50 -0700
From: Prateek Mishra <prateek.mis...@oracle.com>
Organization: Oracle Corporation
To: oauth-inte...@elists.isoc.org
Hello OAuth Interop list,
I would be interested in kicking off a discussion around the definition
of scope and reach of the proposed testing activity.
OAuth interop, of course, is the core activity. I assume this would take
the form of testing the exchanges described
in Sections 4-6 of RFC 6749 for each of the different client and grant
types. Both positive and negative tests would presumably be included.
But OAuth is also a security specification, and there are constraints
defined over OAuth server and client behavior with respect to
redirect_uri checking,
access code and token lifetimes and so on. In addition to the material
in Sections 4-6, there are additional constraints described in
Section 10 and, of course, RFC 6819. So thats another area that would
benefit from a set of tests, but I can see that describing these tests
might be more challenging.
I would be interested in other opinions on the scope and nature of tests
being developed by this group.
- prateek
_______________________________________________
Oauth-interop mailing list
oauth-inte...@elists.isoc.org
https://elists.isoc.org/mailman/listinfo/oauth-interop
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
