Re: [OAUTH-WG] Fwd: [oauth-interop] scope and reach of testing activity
John Bradley <ve7jtb@ve7jtb.com> Wed, 09 October 2013 21:51 UTC
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A46321F9BF3 for <oauth@ietfa.amsl.com>; Wed, 9 Oct 2013 14:51:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.202
X-Spam-Level:
X-Spam-Status: No, score=-2.202 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UXjFOq6syTkC for <oauth@ietfa.amsl.com>; Wed, 9 Oct 2013 14:51:17 -0700 (PDT)
Received: from mail-we0-f181.google.com (mail-we0-f181.google.com [74.125.82.181]) by ietfa.amsl.com (Postfix) with ESMTP id EA3D721F88A9 for <oauth@ietf.org>; Wed, 9 Oct 2013 14:51:11 -0700 (PDT)
Received: by mail-we0-f181.google.com with SMTP id t60so1510609wes.26 for <oauth@ietf.org>; Wed, 09 Oct 2013 14:51:11 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:references:mime-version:in-reply-to:content-type :content-transfer-encoding:message-id:cc:from:subject:date:to; bh=OniVxQZktrcsQejkLHimyYx+b2uNeLBe8EF0U3j1f24=; b=UuH3TjhpUNcLlel7dTz+cNr8ESKA2fIwlfydDNzCWTDiiWGV79aE6JxOzj1b8TI80d Z+HJQNCdHBnXX8t2OAUKMpwtHH7WbSqXOVdAZR/aH0Wctnf0ot+hqduictMOeDc7RkJd 4CwyxxQirTkENI7qd/nLH7IlAJborypGSHYWaYiPufH7GjkGfNVeWSMH1Ei+NVVBIHfM DMdkZwsCZoqM6uzOjLx14XoUuLAzFS88a9oWzPwjpmRbtQ+KwJIeT+DAJ2gURhzuxTHd ZIOe8iojTC6CZ13hVJPmgynV4JXKtI6Wjg0jSfDYH8CDAhpGvAvzmODGX4HUSTknhZLm kjjw==
X-Gm-Message-State: ALoCoQk9ZAbCGE+KOr18IDHtTJvFTlA9qdHyHq3kWJuySIHVSBHcoBBbLdozjbSQsmzu1JDRSM9R
X-Received: by 10.180.73.113 with SMTP id k17mr4647901wiv.6.1381355470840; Wed, 09 Oct 2013 14:51:10 -0700 (PDT)
Received: from [10.4.102.197] (188.29.165.247.threembb.co.uk. [188.29.165.247]) by mx.google.com with ESMTPSA id ma3sm19367536wic.1.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 09 Oct 2013 14:51:09 -0700 (PDT)
References: <524F53E2.6050901@oracle.com> <525329EE.5040403@oracle.com> <cd890c5028424db6b7f78df6e2bad6f3@BY2PR03MB189.namprd03.prod.outlook.com> <4E1F6AAD24975D4BA5B168042967394376D838DA@TK5EX14MBXC290.redmond.corp.microsoft.com> <5255B940.5040202@oracle.com>
Mime-Version: 1.0 (1.0)
In-Reply-To: <5255B940.5040202@oracle.com>
Content-Type: multipart/signed; micalg="sha1"; boundary="Apple-Mail-46AF92A2-C598-4028-921F-7BCF640FB266"; protocol="application/pkcs7-signature"
Content-Transfer-Encoding: 7bit
Message-Id: <EDAC49D3-B179-4DD7-9D5A-1C9F24098D90@ve7jtb.com>
X-Mailer: iPhone Mail (11A501)
From: John Bradley <ve7jtb@ve7jtb.com>
Date: Wed, 09 Oct 2013 22:50:57 +0100
To: Prateek Mishra <prateek.mishra@oracle.com>
Cc: IETF oauth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Fwd: [oauth-interop] scope and reach of testing activity
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2013 21:51:21 -0000
Yes they are all under OSIS IPR rules. Sent from my iPhone > On Oct 9, 2013, at 9:14 PM, Prateek Mishra <prateek.mishra@oracle.com> wrote: > > Thats a good suggestion; it looks the tests are all listed under http://osis.idcommons.net/wiki/Category:OC5_FeatureTests > > Is there an IP regime under which they have been published? I suppose all materials would follow OSIS rules in general. > > - prateek >> FYI, the implementations participating in the current round of OpenID Connect interop testing are described at http://osis.idcommons.net/wiki/Category:OC5_Solution. You’ll see the list of the 110 feature tests by going to any of the solution pages, such as http://osis.idcommons.net/wiki/OC5:MITREid_Connect. While many are specific to OpenID Connect, you’ll find that many are actually testing OAuth functionality. For instance, the test Support Authentication to Token Endpoint using HTTP Basic with POST is testing pure OAuth functionality. >> >> -- Mike >> >> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Anthony Nadalin >> Sent: Tuesday, October 08, 2013 4:22 AM >> To: Prateek Mishra; IETF oauth WG >> Subject: Re: [OAUTH-WG] Fwd: [oauth-interop] scope and reach of testing activity >> >> One thing to look at are the OpenID Connect interop tests and the portions/flows of OAuth that it covers, as that is going on now. >> >> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Prateek Mishra >> Sent: Monday, October 7, 2013 2:39 PM >> To: IETF oauth WG >> Subject: [OAUTH-WG] Fwd: [oauth-interop] scope and reach of testing activity >> >> Folks interested in OAuth interop/implementation testing may want to participate in this discussion. >> >> Details at: >> http://www.ietf.org/mail-archive/web/oauth/current/msg12128.html >> >> -------- Original Message -------- >> Subject: >> [oauth-interop] scope and reach of testing activity >> Date: >> Fri, 04 Oct 2013 16:48:50 -0700 >> From: >> Prateek Mishra <prateek.mishra@oracle.com> >> Organization: >> Oracle Corporation >> To: >> oauth-interop@elists.isoc.org >> >> >> Hello OAuth Interop list, >> >> I would be interested in kicking off a discussion around the definition >> of scope and reach of the proposed testing activity. >> >> OAuth interop, of course, is the core activity. I assume this would take >> the form of testing the exchanges described >> in Sections 4-6 of RFC 6749 for each of the different client and grant >> types. Both positive and negative tests would presumably be included. >> >> But OAuth is also a security specification, and there are constraints >> defined over OAuth server and client behavior with respect to >> redirect_uri checking, >> access code and token lifetimes and so on. In addition to the material >> in Sections 4-6, there are additional constraints described in >> Section 10 and, of course, RFC 6819. So thats another area that would >> benefit from a set of tests, but I can see that describing these tests >> might be more challenging. >> >> I would be interested in other opinions on the scope and nature of tests >> being developed by this group. >> >> - prateek >> >> _______________________________________________ >> Oauth-interop mailing list >> Oauth-interop@elists.isoc.org >> https://elists.isoc.org/mailman/listinfo/oauth-interop > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Fwd: [oauth-interop] scope and reach o… Prateek Mishra
- Re: [OAUTH-WG] Fwd: [oauth-interop] scope and rea… Anthony Nadalin
- Re: [OAUTH-WG] Fwd: [oauth-interop] scope and rea… Mike Jones
- Re: [OAUTH-WG] Fwd: [oauth-interop] scope and rea… Prateek Mishra
- Re: [OAUTH-WG] Fwd: [oauth-interop] scope and rea… Mike Jones
- Re: [OAUTH-WG] Fwd: [oauth-interop] scope and rea… John Bradley