[Openid-specs-ab] Proposed initial Certification tests for OpenID Federation

Michael Jones michael_b_jones at hotmail.com
Fri May 3 17:39:06 UTC 2024 

Hi all,

I created the attached test descriptions intended to enable us to get started writing OpenID Federation certification tests and testing deployed federations.  This test set:

  *   Tests core features that should be implemented correctly by all Federations
     *   Testing invariants for Leaf, Intermediate, and Trust Anchor entities, Entity Configurations, Subordinate Statements, and the Fetch, Listing, and Resolve endpoints
  *   Can be run against deployed Federations with no changes to them
  *   Is very incomplete (on purpose), so the Certification team has something easily attainable to get started with

Yes, lots more tests will be specified, including negative tests that can only be performed by joining test entities to a federation run by the Certification infrastructure.  (For instance, you can't test what happens when a signature is wrong in a correctly functioning deployed federation.)  But this gives a starting point to build to.

Certification team:  I am envisioning this working by having a profile configuration page in which the tester supplies a trust anchor's entity identifier.  The certification software would then use the list endpoints to enumerate the tree of subordinates beneath the trust anchor, running applicable tests on all entities in the federation.

These tests are informed by the tests developed by the Italian SPID CIE team and also by discussions with those involved in the Italian deployments, those involved in Australian deployments, the other Federation editors, and the Certification team.  Thanks all for helping us get started!

                                                                -- Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20240503/aaf449f1/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenID Federation Conformance Features 3-May-24.xlsx
Type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Size: 507512 bytes
Desc: OpenID Federation Conformance Features 3-May-24.xlsx
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20240503/aaf449f1/attachment-0001.xlsx>

More information about the Openid-specs-ab mailing list