IETF Logo Mail Archive

Re: [OAUTH-WG] Fwd: [oauth-interop] scope and reach of testing activity

Mike Jones <Michael.Jones@microsoft.com> Tue, 08 October 2013 23:26 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64ABC11E810D for <oauth@ietfa.amsl.com>; Tue, 8 Oct 2013 16:26:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.412
X-Spam-Level:
X-Spam-Status: No, score=-3.412 tagged_above=-999 required=5 tests=[AWL=0.186, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PJY3VY6U8dCu for <oauth@ietfa.amsl.com>; Tue, 8 Oct 2013 16:26:18 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1lp0155.outbound.protection.outlook.com [207.46.163.155]) by ietfa.amsl.com (Postfix) with ESMTP id 0ED2D21F9998 for <oauth@ietf.org>; Tue, 8 Oct 2013 16:25:50 -0700 (PDT)
Received: from SN2PR03MB063.namprd03.prod.outlook.com (10.255.175.151) by SN2PR03MB030.namprd03.prod.outlook.com (10.255.175.40) with Microsoft SMTP Server (TLS) id 15.0.785.10; Tue, 8 Oct 2013 23:25:28 +0000
Received: from DM2PR03CA007.namprd03.prod.outlook.com (10.141.52.155) by SN2PR03MB063.namprd03.prod.outlook.com (10.255.175.151) with Microsoft SMTP Server (TLS) id 15.0.785.10; Tue, 8 Oct 2013 23:25:27 +0000
Received: from BY2FFO11FD041.protection.gbl (2a01:111:f400:7c0c::108) by DM2PR03CA007.outlook.office365.com (2a01:111:e400:2414::27) with Microsoft SMTP Server (TLS) id 15.0.785.10 via Frontend Transport; Tue, 8 Oct 2013 23:25:27 +0000
Received: from mail.microsoft.com (131.107.125.37) by BY2FFO11FD041.mail.protection.outlook.com (10.1.14.226) with Microsoft SMTP Server (TLS) id 15.0.795.6 via Frontend Transport; Tue, 8 Oct 2013 23:25:26 +0000
Received: from TK5EX14MBXC290.redmond.corp.microsoft.com ([169.254.1.157]) by TK5EX14MLTC103.redmond.corp.microsoft.com ([157.54.79.174]) with mapi id 14.03.0136.001; Tue, 8 Oct 2013 23:24:53 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: IETF oauth WG <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Fwd: [oauth-interop] scope and reach of testing activity
Thread-Index: AQHOw6XNhps1rbVgEUqbRL6DV1H4I5nqqewAgADIrQA=
Date: Tue, 08 Oct 2013 23:24:53 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394376D838DA@TK5EX14MBXC290.redmond.corp.microsoft.com>
References: <524F53E2.6050901@oracle.com> <525329EE.5040403@oracle.com> <cd890c5028424db6b7f78df6e2bad6f3@BY2PR03MB189.namprd03.prod.outlook.com>
In-Reply-To: <cd890c5028424db6b7f78df6e2bad6f3@BY2PR03MB189.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.32]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B168042967394376D838DATK5EX14MBXC290r_"
MIME-Version: 1.0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(377454003)(189002)(199002)(13464003)(2473001)(69234005)(77096001)(84326002)(74662001)(31966008)(81686001)(16236675002)(69226001)(74502001)(76796001)(47446002)(76786001)(54356001)(76482001)(512954002)(51856001)(46102001)(81816001)(6806004)(74706001)(74876001)(66066001)(83322001)(15975445006)(81542001)(19300405004)(63696002)(83072001)(80022001)(65816001)(59766001)(20776003)(54316002)(33656001)(71186001)(79102001)(53806001)(19580395003)(74366001)(19580405001)(77982001)(56816003)(44976005)(56776001)(4396001)(15202345003)(49866001)(85306002)(47736001)(55846006)(80976001)(47976001)(81342001)(50986001)(85806001); DIR:OUT; SFP:; SCL:1; SRVR:SN2PR03MB063; H:mail.microsoft.com; CLIP:131.107.125.37; FPR:; RD:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 0993689CD1
X-OriginatorOrg: DuplicateDomain-a84fc36a-4ed7-4e57-ab1c-3e967bcbad48.microsoft.com
Subject: Re: [OAUTH-WG] Fwd: [oauth-interop] scope and reach of testing activity
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Oct 2013 23:26:37 -0000

FYI, the implementations participating in the current round of OpenID Connect interop testing are described at http://osis.idcommons.net/wiki/Category:OC5_Solution.  You'll see the list of the 110 feature tests by going to any of the solution pages, such as http://osis.idcommons.net/wiki/OC5:MITREid_Connect.  While many are specific to OpenID Connect, you'll find that many are actually testing OAuth functionality.  For instance, the test Support Authentication to Token Endpoint using HTTP Basic with POST<http://osis.idcommons.net/wiki/OC5:FeatureTest-Support_Authentication_to_Token_Endpoint_using_HTTP_Basic_with_POST> is testing pure OAuth functionality.

                                                            -- Mike

From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Anthony Nadalin
Sent: Tuesday, October 08, 2013 4:22 AM
To: Prateek Mishra; IETF oauth WG
Subject: Re: [OAUTH-WG] Fwd: [oauth-interop] scope and reach of testing activity

One thing to look at are the OpenID Connect interop tests and the portions/flows of OAuth that it covers, as that is going on now.

From: oauth-bounces@ietf.org<mailto:oauth-bounces@ietf.org> [mailto:oauth-bounces@ietf.org] On Behalf Of Prateek Mishra
Sent: Monday, October 7, 2013 2:39 PM
To: IETF oauth WG
Subject: [OAUTH-WG] Fwd: [oauth-interop] scope and reach of testing activity

Folks interested in OAuth interop/implementation testing may want to participate in this discussion.

Details at:
http://www.ietf.org/mail-archive/web/oauth/current/msg12128.html

-------- Original Message --------
Subject:

[oauth-interop] scope and reach of testing activity

Date:

Fri, 04 Oct 2013 16:48:50 -0700

From:

Prateek Mishra <prateek.mishra@oracle.com><mailto:prateek.mishra@oracle.com>

Organization:

Oracle Corporation

To:

oauth-interop@elists.isoc.org<mailto:oauth-interop@elists.isoc.org>



Hello OAuth Interop list,



I would be interested in kicking off a discussion around the definition

of scope and reach of the proposed testing activity.



OAuth interop, of course, is the core activity. I assume this would take

the form of testing the exchanges described

in Sections 4-6  of RFC 6749 for each of the different client and grant

types. Both positive and negative tests would presumably be included.



But OAuth is also a security specification, and there are constraints

defined over OAuth server and client behavior with respect to

redirect_uri checking,

access code and token lifetimes and so on. In addition to the material

in Sections 4-6, there are additional constraints described in

Section 10 and, of course, RFC 6819. So thats another area that would

benefit from a set of tests, but I can see that describing these tests

might be more challenging.



I would be interested in other opinions on the scope and nature of tests

being developed by this group.



- prateek



_______________________________________________

Oauth-interop mailing list

Oauth-interop@elists.isoc.org<mailto:Oauth-interop@elists.isoc.org>

https://elists.isoc.org/mailman/listinfo/oauth-interop

v2.23.0 | Report a Bug | By Email