FYI, the implementations participating in the current round of OpenID Connect
interop testing are described at
http://osis.idcommons.net/wiki/Category:OC5_Solution. You'll see the list of
the 110 feature tests by going to any of the solution pages, such as
http://osis.idcommons.net/wiki/OC5:MITREid_Connect. While many are specific to
OpenID Connect, you'll find that many are actually testing OAuth functionality.
For instance, the test Support Authentication to Token Endpoint using HTTP
Basic with
POST<http://osis.idcommons.net/wiki/OC5:FeatureTest-Support_Authentication_to_Token_Endpoint_using_HTTP_Basic_with_POST>
is testing pure OAuth functionality.
-- Mike
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
Anthony Nadalin
Sent: Tuesday, October 08, 2013 4:22 AM
To: Prateek Mishra; IETF oauth WG
Subject: Re: [OAUTH-WG] Fwd: [oauth-interop] scope and reach of testing activity
One thing to look at are the OpenID Connect interop tests and the
portions/flows of OAuth that it covers, as that is going on now.
From: oauth-boun...@ietf.org<mailto:oauth-boun...@ietf.org>
[mailto:oauth-boun...@ietf.org] On Behalf Of Prateek Mishra
Sent: Monday, October 7, 2013 2:39 PM
To: IETF oauth WG
Subject: [OAUTH-WG] Fwd: [oauth-interop] scope and reach of testing activity
Folks interested in OAuth interop/implementation testing may want to
participate in this discussion.
Details at:
http://www.ietf.org/mail-archive/web/oauth/current/msg12128.html
-------- Original Message --------
Subject:
[oauth-interop] scope and reach of testing activity
Date:
Fri, 04 Oct 2013 16:48:50 -0700
From:
Prateek Mishra <prateek.mis...@oracle.com><mailto:prateek.mis...@oracle.com>
Organization:
Oracle Corporation
To:
oauth-inte...@elists.isoc.org<mailto:oauth-inte...@elists.isoc.org>
Hello OAuth Interop list,
I would be interested in kicking off a discussion around the definition
of scope and reach of the proposed testing activity.
OAuth interop, of course, is the core activity. I assume this would take
the form of testing the exchanges described
in Sections 4-6 of RFC 6749 for each of the different client and grant
types. Both positive and negative tests would presumably be included.
But OAuth is also a security specification, and there are constraints
defined over OAuth server and client behavior with respect to
redirect_uri checking,
access code and token lifetimes and so on. In addition to the material
in Sections 4-6, there are additional constraints described in
Section 10 and, of course, RFC 6819. So thats another area that would
benefit from a set of tests, but I can see that describing these tests
might be more challenging.
I would be interested in other opinions on the scope and nature of tests
being developed by this group.
- prateek
_______________________________________________
Oauth-interop mailing list
oauth-inte...@elists.isoc.org<mailto:oauth-inte...@elists.isoc.org>
https://elists.isoc.org/mailman/listinfo/oauth-interop
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
