[OpenID] ANN: OpenID4Java 0.9.4 - OpenID draft 12 and AX draft 7 support

Pádraic Brady padraic.brady at yahoo.com
Mon Oct 1 16:53:25 UTC 2007 

>But as far as OpenID is concerned a test-suite would
>be even more useful, I think.

I really agree with this.

A lot of developers implementing currently use real-world testing against a near-reference service like myopenid.com, but this disagrees with best development practice in developing a library which can be tested with "mocked" (i.e. faked/pre-defined) inputs.

So I'd say the best method of reference testing is have actual reference HTTP requests/responses of each OpenID process documented somewhere which can then be used to build an acceptance testing suite using whichever testing package is available. This is actually a task I'm facing at the moment - I will not be releasing OpenID For PHP as stable until a complete acceptance test suite is in place to verify it continually.

Example: Tests in JUnit for Java, PHPUnit for PHP, rspec for Ruby, etc. all using the exact same reference data? Pretty useful IMO.

At the moment most available libraries (perhaps those using Java/Ruby libs have seen differently?) only have a few examples which means there's no actual test suite to detect issues a development change might introduce by accident. It also has the side-effect to some developers mistrusting them - an untested library is almost a dirty word to some people.

Paddy
 
Pádraic Brady

http://blog.astrumfutura.com
http://www.patternsforphp.com
OpenID Europe Foundation Member-Subscriber


----- Original Message ----
From: Jack <jack at jackpot.uk.net>
To: OpenID List <general at openid.net>
Sent: Monday, October 1, 2007 5:33:55 PM
Subject: Re: [OpenID] ANN: OpenID4Java 0.9.4 - OpenID draft 12 and AX draft 7 support

Hans Granqvist wrote:
> It would be quite useful if there was an official OpenID reference 
> implementation, both RP and OP. Without a reference implemen- tation,
> a standard probably should not be considered final.
> 
> Ref. implementations are of enormous value for standards adoption. 
> Think for example where the Java servlets standard would have been 
> without Apache Tomcat.

Somewhere closer to Jetty, perhaps? Tomcat is and always has been rotten
code; and it has suffered bloat, so that it isn't any longer just a
servlet implementation - it's halfway to J2EE. There's nothing about
JNDI in the servlet spec, for example.

Actually, I agree. But as far as OpenID is concerned a test-suite would
be even more useful, I think.

A reference implementation of an OP would allow a developer to construct
an RP that had a fair chance of being compliant; an OP needs to accept
any standard-compliant requests from an RP. But what would a reference
implementation of a RP do? To comply with the standards, you need to
support RPs that vary quite significantly in what they will ask for. So
a reference RP needs to be configurable to issue 1.0, 1.1, and 2.0
requests, as well as requests for extensions, unencrypted requests and
requests with no association.

I've been thinking of trying to construct a testing engine that could be
put on a public website, but I suspect it will present significant
problems. At the least, to construct an automated test, you need to be
able to reliably scrape login screens. Perhaps, if the tester can input
some scraping hints, that might make it easier.

Is anyone working on a test engine that could be used to validate an
arbitrary RP or an OP, without getting involved in collusion? At the
moment, I'm testing using debug lines, but my tests are critically
dependent on my own understanding of the specs, which is evidently
deficient. A public test-suite would be open to critical appraisal, and
so would make for a much more robust and well-understood spec.

-- 
Jack Cleaver.
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general







       
____________________________________________________________________________________
Pinpoint customers who are looking for what you sell. 
http://searchmarketing.yahoo.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20071001/49d1d125/attachment-0002.htm>

More information about the general mailing list