Hi, I am really happy to inform that my proposal of "Improving Rampart tests" has been accepted for GSoC this year. So I would like to take this opportunity to thank my mentor Nandana, who helped me immensely and guided me from the beginning. Also I would like to thank the Rampart community for their support.
I will put my maximum effort to make this project a success. I hope I will get the support from the community in future as well. Thanks. best regards, / thilina On Fri, Apr 3, 2009 at 11:27 PM, Thilina Buddhika <thilin...@gmail.com>wrote: > Hi, > > I submitted the final version of the proposal to the GSoC 2009 web app. I > would like to thank everyone especially to Nandana Mihindukulasooriya for > the support and guidance you all offered. > > Thanks. > > best regards, > / thilina > > > > > On Fri, Apr 3, 2009 at 6:55 AM, Thilina Buddhika <thilin...@gmail.com>wrote: > >> Hi, >> >> Thanks a lot for the feedback. I will do the suggested modifications. >> >> thanks. >> >> best regards, >> thilina >> >> >> regards, >>> Nandana >>> >>> On Thu, Apr 2, 2009 at 1:56 AM, Thilina Buddhika <thilin...@gmail.com >>> >wrote: >>> >>> > Hi, >>> > >>> > I have come up with a draft proposal for the above GSoC project idea >>> [1]. >>> > It >>> > would be really helpful if you can go through it and post some feedback >>> and >>> > suggestions for possible improvements. >>> > >>> > I think the section of " Estimated schedule" can be written in a more >>> > detailed manner. The problem I had was that I am not well aware of the >>> > workload and the complexity of each of these tests. So It was a bit >>> hard to >>> > decide on which should be done first. >>> > >>> > Thanks in advance. >>> > >>> > best regards, >>> > / thilina >>> > >>> > On Sun, Mar 29, 2009 at 5:36 PM, Thilina Buddhika <thilin...@gmail.com >>> > >wrote: >>> > >>> > > Hi, >>> > > >>> > > Thanks for the reply. I will write to the axis-user list asking for >>> more >>> > > ideas. I'll go through the references you have suggested first and >>> then >>> > > start working on the proposal as the next step. >>> > > >>> > > I planning to study the existing tests[1] to get some more inputs to >>> my >>> > > proposal. >>> > > >>> > > thanks. >>> > > >>> > > / thlina >>> > > >>> > > [1] - >>> > > >>> > >>> http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-tests/src/test/java/org/apache/ >>> > > >>> > > On Sat, Mar 28, 2009 at 11:40 PM, Nandana Mihindukulasooriya < >>> > > nandana....@gmail.com> wrote: >>> > > >>> > >> Hi Thilina, >>> > >> Yes, That is one area in Rampart which needs improvements. These >>> > >> are some of areas I see which needs more tests. >>> > >> >>> > >> 1.) Binding level policy configuration >>> > >> If you are familiar with Axis2 you must probably know that Axis2 >>> > >> added the ability to apply binding level policies via services.xml >>> in >>> > >> Axis2. According to WS - Security Policy specification, security >>> > >> policies should be at binding level and not in port type (service) >>> > >> level. But all the Rampart tests currently uses older configuration >>> > >> which applies policies at service level. So one improvements would >>> be >>> > >> add tests which uses binding / binding operation / binding message >>> > >> level policies. This tutorial will provide more information on how >>> to >>> > >> configure policies at these levels [1]. >>> > >> >>> > >> 2.) Tests for negative scenarios >>> > >> Rampart has very few tests for negative scenarios. As this is a >>> > >> major part of security testing, I think we need lot more test cases >>> > >> for negative scenarios.Some test cases would be, for no security >>> > >> header, empty security headers, wrong encrypted parts / signed parts >>> > >> etc. >>> > >> >>> > >> 3.) Improve tests to use code generated stubs, rather than service >>> > client >>> > >> Most of the tests use service client directly and not the stub >>> > >> generated from WSDL. I think we should have test which uses >>> > >> dynamically generates stubs from the WSDL. This will cover both WSDL >>> > >> generation aspect and code generation aspect when security policies >>> > >> are attached to the service. >>> > >> >>> > >> 4.) Test for policies attached at different levels >>> > >> This is extension to point 1.). In addition to binding level >>> > >> policies we need to add test cases for message level and operation >>> > >> level policies. >>> > >> >>> > >> 5.) Test cases for Secure MTOM scenarios >>> > >> This is also an area which is lacking test cases. >>> > >> >>> > >> These are the areas that popped in to my mind. I suggest you to >>> write >>> > >> to axis-user list also with these ideas and get their feedback. They >>> > >> also might have areas that they want to see more test cases in >>> > >> Rampart. Tutorials here [2] will help you to get started. >>> > >> >>> > >> thanks, >>> > >> Nandana >>> > >> >>> > >> [1] - https://wso2.org/library/3786 >>> > >> [2] - http://ws.apache.org/rampart/articles.html >>> > >> >>> > >> On 3/28/09, Thilina Buddhika <thilin...@gmail.com> wrote: >>> > >> > Hi, >>> > >> > >>> > >> > I am Thilina Mahesh Buddhika, an undergraduate student from Sri >>> Lanka. >>> > I >>> > >> am >>> > >> > interested in Apache Rampart project and willing to contribute to >>> it >>> > and >>> > >> I >>> > >> > feel that GSoC is a good entry point. >>> > >> > >>> > >> > I would like to contribute to improve the rampart tests as my GSoC >>> > >> project. >>> > >> > I would like to add tests for the features and scenarios that do >>> not >>> > >> have >>> > >> > tests at the moment. >>> > >> > >>> > >> > I hope this will be useful to Rampart and I would like to get some >>> > >> feedback >>> > >> > from the community about this idea. >>> > >> > >>> > >> > Thanks. >>> > >> > >>> > >> > / thilina. >>> > >> > >>> > >> >>> > > >>> > > >>> > > >>> > > -- >>> > > E-Mail : thilin...@gmail.com >>> > > I blog here : http://thilinamb.com >>> > > >>> > >>> > >>> > >>> > -- >>> > E-Mail : thilin...@gmail.com >>> > I blog here : http://thilinamb.com >>> > >>> >> >> >> >> -- >> E-Mail : thilin...@gmail.com >> I blog here : http://thilinamb.com >> > > > > -- > E-Mail : thilin...@gmail.com > I blog here : http://thilinamb.com > -- E-Mail : thilin...@gmail.com I blog here : http://thilinamb.com
