IETF Logo Mail Archive

Re: [OAUTH-WG] Fwd: [oauth-interop] scope and reach of testing activity

Anthony Nadalin <tonynad@microsoft.com> Tue, 08 October 2013 11:22 UTC

Return-Path: <tonynad@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC9DB11E81AF for <oauth@ietfa.amsl.com>; Tue, 8 Oct 2013 04:22:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lynVAfJ2+XxU for <oauth@ietfa.amsl.com>; Tue, 8 Oct 2013 04:22:12 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1lp0158.outbound.protection.outlook.com [207.46.163.158]) by ietfa.amsl.com (Postfix) with ESMTP id 302A421E8189 for <oauth@ietf.org>; Tue, 8 Oct 2013 04:22:11 -0700 (PDT)
Received: from BY2PR03MB189.namprd03.prod.outlook.com (10.242.36.140) by BY2PR03MB189.namprd03.prod.outlook.com (10.242.36.140) with Microsoft SMTP Server (TLS) id 15.0.785.10; Tue, 8 Oct 2013 11:22:08 +0000
Received: from BY2PR03MB189.namprd03.prod.outlook.com ([169.254.6.204]) by BY2PR03MB189.namprd03.prod.outlook.com ([169.254.6.31]) with mapi id 15.00.0785.001; Tue, 8 Oct 2013 11:22:02 +0000
From: Anthony Nadalin <tonynad@microsoft.com>
To: Prateek Mishra <prateek.mishra@oracle.com>, IETF oauth WG <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Fwd: [oauth-interop] scope and reach of testing activity
Thread-Index: AQHOw6WsfqytXuqiEEiPXocUnGMXpZnqqakw
Date: Tue, 08 Oct 2013 11:22:02 +0000
Message-ID: <cd890c5028424db6b7f78df6e2bad6f3@BY2PR03MB189.namprd03.prod.outlook.com>
References: <524F53E2.6050901@oracle.com> <525329EE.5040403@oracle.com>
In-Reply-To: <525329EE.5040403@oracle.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [94.245.87.29]
x-forefront-prvs: 0993689CD1
x-forefront-antispam-report: SFV:NSPM; SFS:(377454003)(2473001)(189002)(199002)(13464003)(76482001)(15975445006)(74502001)(47446002)(69226001)(50986001)(47976001)(16236675002)(81342001)(54316002)(4396001)(56776001)(49866001)(47736001)(83322001)(19580405001)(74876001)(19580395003)(74706001)(46102001)(81686001)(81816001)(74662001)(31966008)(15202345003)(83072001)(85306002)(74366001)(80976001)(76786001)(63696002)(76796001)(33646001)(76576001)(53806001)(77982001)(59766001)(19300405004)(54356001)(51856001)(81542001)(74316001)(66066001)(80022001)(65816001)(79102001)(77096001)(56816003)(42262001)(24736002); DIR:OUT; SFP:; SCL:1; SRVR:BY2PR03MB189; H:BY2PR03MB189.namprd03.prod.outlook.com; CLIP:94.245.87.29; FPR:; RD:InfoNoRecords; MX:1; A:1; LANG:en;
Content-Type: multipart/alternative; boundary="_000_cd890c5028424db6b7f78df6e2bad6f3BY2PR03MB189namprd03pro_"
MIME-Version: 1.0
X-OriginatorOrg: DuplicateDomain-a84fc36a-4ed7-4e57-ab1c-3e967bcbad48.microsoft.com
Subject: Re: [OAUTH-WG] Fwd: [oauth-interop] scope and reach of testing activity
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Oct 2013 11:22:17 -0000

One thing to look at are the OpenID Connect interop tests and the portions/flows of OAuth that it covers, as that is going on now.

From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Prateek Mishra
Sent: Monday, October 7, 2013 2:39 PM
To: IETF oauth WG
Subject: [OAUTH-WG] Fwd: [oauth-interop] scope and reach of testing activity

Folks interested in OAuth interop/implementation testing may want to participate in this discussion.

Details at:
http://www.ietf.org/mail-archive/web/oauth/current/msg12128.html

-------- Original Message --------
Subject:

[oauth-interop] scope and reach of testing activity

Date:

Fri, 04 Oct 2013 16:48:50 -0700

From:

Prateek Mishra <prateek.mishra@oracle.com><mailto:prateek.mishra@oracle.com>

Organization:

Oracle Corporation

To:

oauth-interop@elists.isoc.org<mailto:oauth-interop@elists.isoc.org>



Hello OAuth Interop list,



I would be interested in kicking off a discussion around the definition

of scope and reach of the proposed testing activity.



OAuth interop, of course, is the core activity. I assume this would take

the form of testing the exchanges described

in Sections 4-6  of RFC 6749 for each of the different client and grant

types. Both positive and negative tests would presumably be included.



But OAuth is also a security specification, and there are constraints

defined over OAuth server and client behavior with respect to

redirect_uri checking,

access code and token lifetimes and so on. In addition to the material

in Sections 4-6, there are additional constraints described in

Section 10 and, of course, RFC 6819. So thats another area that would

benefit from a set of tests, but I can see that describing these tests

might be more challenging.



I would be interested in other opinions on the scope and nature of tests

being developed by this group.



- prateek



_______________________________________________

Oauth-interop mailing list

Oauth-interop@elists.isoc.org<mailto:Oauth-interop@elists.isoc.org>

https://elists.isoc.org/mailman/listinfo/oauth-interop

v2.23.0 | Report a Bug | By Email