Hi, Please ignore the previous post, the missing URL of the proposal is appended.
I have come up with a draft proposal for the above GSoC project idea [1]. It would be really helpful if you can go through it and post some feedback and suggestions for possible improvements. I think the section of " Estimated schedule" can be written in a more detailed manner. The problem I had was that I am not well aware of the workload and the complexity of each of these tests. So It was a bit hard to decide on which should be done first. Thanks in advance. best regards, / thilina [ <goog_1238602364479> http://wiki.apache.org/general/ThilinaBuddhika/GSoC2009/ImprovingRampartTests On Thu, Apr 2, 2009 at 1:56 AM, Thilina Buddhika <thilin...@gmail.com>wrote: > Hi, > > I have come up with a draft proposal for the above GSoC project idea [1]. > It would be really helpful if you can go through it and post some feedback > and suggestions for possible improvements. > > I think the section of " Estimated schedule" can be written in a more > detailed manner. The problem I had was that I am not well aware of the > workload and the complexity of each of these tests. So It was a bit hard to > decide on which should be done first. > > Thanks in advance. > > best regards, > / thilina > > > On Sun, Mar 29, 2009 at 5:36 PM, Thilina Buddhika <thilin...@gmail.com>wrote: > >> Hi, >> >> Thanks for the reply. I will write to the axis-user list asking for more >> ideas. I'll go through the references you have suggested first and then >> start working on the proposal as the next step. >> >> I planning to study the existing tests[1] to get some more inputs to my >> proposal. >> >> thanks. >> >> / thlina >> >> [1] - >> http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-tests/src/test/java/org/apache/ >> >> On Sat, Mar 28, 2009 at 11:40 PM, Nandana Mihindukulasooriya < >> nandana....@gmail.com> wrote: >> >>> Hi Thilina, >>> Yes, That is one area in Rampart which needs improvements. These >>> are some of areas I see which needs more tests. >>> >>> 1.) Binding level policy configuration >>> If you are familiar with Axis2 you must probably know that Axis2 >>> added the ability to apply binding level policies via services.xml in >>> Axis2. According to WS - Security Policy specification, security >>> policies should be at binding level and not in port type (service) >>> level. But all the Rampart tests currently uses older configuration >>> which applies policies at service level. So one improvements would be >>> add tests which uses binding / binding operation / binding message >>> level policies. This tutorial will provide more information on how to >>> configure policies at these levels [1]. >>> >>> 2.) Tests for negative scenarios >>> Rampart has very few tests for negative scenarios. As this is a >>> major part of security testing, I think we need lot more test cases >>> for negative scenarios.Some test cases would be, for no security >>> header, empty security headers, wrong encrypted parts / signed parts >>> etc. >>> >>> 3.) Improve tests to use code generated stubs, rather than service client >>> Most of the tests use service client directly and not the stub >>> generated from WSDL. I think we should have test which uses >>> dynamically generates stubs from the WSDL. This will cover both WSDL >>> generation aspect and code generation aspect when security policies >>> are attached to the service. >>> >>> 4.) Test for policies attached at different levels >>> This is extension to point 1.). In addition to binding level >>> policies we need to add test cases for message level and operation >>> level policies. >>> >>> 5.) Test cases for Secure MTOM scenarios >>> This is also an area which is lacking test cases. >>> >>> These are the areas that popped in to my mind. I suggest you to write >>> to axis-user list also with these ideas and get their feedback. They >>> also might have areas that they want to see more test cases in >>> Rampart. Tutorials here [2] will help you to get started. >>> >>> thanks, >>> Nandana >>> >>> [1] - https://wso2.org/library/3786 >>> [2] - http://ws.apache.org/rampart/articles.html >>> >>> On 3/28/09, Thilina Buddhika <thilin...@gmail.com> wrote: >>> > Hi, >>> > >>> > I am Thilina Mahesh Buddhika, an undergraduate student from Sri Lanka. >>> I am >>> > interested in Apache Rampart project and willing to contribute to it >>> and I >>> > feel that GSoC is a good entry point. >>> > >>> > I would like to contribute to improve the rampart tests as my GSoC >>> project. >>> > I would like to add tests for the features and scenarios that do not >>> have >>> > tests at the moment. >>> > >>> > I hope this will be useful to Rampart and I would like to get some >>> feedback >>> > from the community about this idea. >>> > >>> > Thanks. >>> > >>> > / thilina. >>> > >>> >> >> >> >> -- >> E-Mail : thilin...@gmail.com >> I blog here : http://thilinamb.com >> > > > > -- > E-Mail : thilin...@gmail.com > I blog here : http://thilinamb.com > -- E-Mail : thilin...@gmail.com I blog here : http://thilinamb.com
