[Openid-specs-ab] Tests

Mike Jones Michael.Jones at microsoft.com
Mon Jan 26 20:33:10 UTC 2015 

There's actually no normative behavior required for any of the "display" values, other than this behavior specified in http://openid.net/specs/openid-connect-core-1_0.html#ServerMTI:

Display Parameter

OPs MUST support the display parameter, as defined in Section 3.1.2. (Note that the minimum level of support required for this parameter is simply that its use must not result in an error.)



This is the behavior being tested.  The display values are hints to the OP, but smart OPs may do a better job than what's suggested by the hint.  For instance, if the OP knows that the RP is on a small-screen mobile phone, it may legally use a full-screen rendering of the UI - resulting in probably a better UX than if it tried to use only part of an already small drawing surface.


It's not sufficient to have one test that the OP ignores unknown parameters.  (We do have one - it's OP-H-01 - "Ignores not understood query parameter in Authentication Request".  Although, it's strangely not showing up for all profiles at present.  I'll file a bug about that.)  We also need to test that when specific request parameters and values are used, that OPs implement at least the minimum specified behaviors.

Note that we already *do* emit warnings if it can be detected that the OP doesn't fully implement a feature.  For instance, when asking for claims, if the requested claims aren't returned, we emit a warning.  But that's still a passing result, by design.

Anyway, we can talk about this more on today's working group call in 2 1/2 hours...

                                                                -- Mike



-----Original Message-----
From: Openid-specs-ab [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of John Bradley
Sent: Monday, January 26, 2015 12:07 PM
To: John Bradley
Cc: openid-specs-ab at lists.openid.net
Subject: [Openid-specs-ab] Tests



Some tests like the one for display=popup OP-F02 show pass as long as the implementation doesn't throw an error on seeing the parameter in the request.



I think that not trowing an error needs to be differentiated from supporting the feature.



There is a general requirement to ignore unknown parameters,  so showing a pass may confuse people looking at the tests, who would take that as indication of something supporting the display extension.



If the functionality is optional and we are not really testing for it then it might be better to have one test that the AS ignores unknown parameters, and not report optional functionality at all.



John B.




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150126/dfe4e541/attachment.html>

More information about the Openid-specs-ab mailing list