[OpenID] Backwards Compatibility
John Bradley
john.bradley at wingaa.com
Thu Mar 19 05:00:39 UTC 2009
I am not trying to argue against providing that sort of educational
tool.
I think we need to provide sets of tools tuned to different levels.
I consider the current tests to be at an intermediate level. They
require user interaction but provide full debugging and logging of all
the steps the OP and RP take. Tuning the debug level per user is
going to take more work.
We would like to store the results of tests in a DB so that they can
be tracked over time. On the other hand that may discourage some
people from testing.
I am still thinking about how to best balance that without creating
silly layers of security.
As a learning tool we have all the source code for the tests in GitHub
with links from the test pages so people can inspect what each test is
doing.
Feedback has already caught a couple of bugs in the tests themselves
because of completely unanticipated behavior by RPs and OPs out in the
wide world. The tests Andrew and I have up will get better over
time. No one should assume they are perfect. We welcome feedback.
Regards
John Bradley
On 18-Mar-09, at 9:29 PM, SitG Admin wrote:
>> The user oriented tests you seem to be thinking of are possible but
>> a bit orthogonal to the testing needs of OPs and RPs.
>
> User-oriented and developer-oriented, where "developer" is a user
> who hasn't been convinced yet that OpenID is secure, or for some
> reason is coding their own library from scratch (instead of using
> one of the pre-existing libraries) and wants to understand what each
> step is and how they all fit together.
>
> -Shade
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2486 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090318/d2577962/attachment-0002.bin>
More information about the general
mailing list