[Openid-specs-ab] RP Certification has launched to Pilot Phase

Mike Jones Michael.Jones at microsoft.com
Sat Dec 10 01:46:24 UTC 2016


Hans Zandbelt and I have also exchanged thoughts on this and he’d also like the option to submit RP-collected logs rather than screen shots as auditable evidence of compliant RP behavior.  I’ll work on proposed language for the instructions allowing this possibility.  I’ll be looking forward to your feedback on it.

It seems like your test harness must have knowledge of which tests succeed by detecting negative outcomes (such as rp-id_token-bad-sig-rs256 and rp-id_token-issuer-mismatch) and which succeed by detecting positive outcomes (such as rp-nonce-unless-code-flow and rp-token_endpoint-client_secret_basic).  Could you share your categorization with the working group?  Hans, you must have this information too.  Can you do the same?  I plan to use this list in the updated instructions to describe how people can verify the expected outcomes of the tests.

                                                                Thanks all,
                                                                -- Mike

From: Filip [mailto:panva.ip at gmail.com]
Sent: Thursday, December 08, 2016 10:41 AM
To: Mike Jones
Cc: Roland Hedberg; openid-specs-ab at lists.openid.net
Subject: Re: [Openid-specs-ab] RP Certification has launched to Pilot Phase

In my suite

When the test focuses on returned data (green path) then the data presence simply being asserted by the suite. Any errors encountered during the test run resolve in the test failing to finish, outputting the failed assertion.

When the test focuses on an error being thrown by the library, the part of the code that is supposed to throw is wrapped in a try / catch, with an ensuring throw right after the statement that is expected to throw in the first place, ensuring there's always an error thrown. In the catch block i assert the error being thrown to be the expected one together with it's message. Should the expected exception not happen, the ensuring one will and the assertion for expected message fails.

Trying to understand the screenshots that you have in mind, are you expecting a screenshot from a user-agent? Or a console log outputting the expected data/error, or something completely different?

Best,
Filip Skokan

On Thu, Dec 8, 2016 at 7:27 PM, Mike Jones <Michael.Jones at microsoft.com<mailto:Michael.Jones at microsoft.com>> wrote:
I'd like to know more about how your test harness code verifies the invariants and logs that they were met.  The main thing that the screen shots are trying to achieve are transparency - that anyone can verify that your implementation got it right.  If there's another way of achieving that transparency, I'm sure that the working group would entertain it.  Hopefully this would be easier than having to have third parties read your test harness code.

If we can simplify things for developers while maintaining transparency, I'm all for it.

                                Your thoughts?
                                -- Mike

-----Original Message-----
From: Openid-specs-ab [mailto:openid-specs-ab-bounces at lists.openid.net<mailto:openid-specs-ab-bounces at lists.openid.net>] On Behalf Of Roland Hedberg via Openid-specs-ab
Sent: Thursday, December 8, 2016 8:06 AM
To: Filip <panva.ip at gmail.com<mailto:panva.ip at gmail.com>>
Cc: openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>
Subject: Re: [Openid-specs-ab] RP Certification has launched to Pilot Phase


> 8 dec. 2016 kl. 13:48 skrev Filip via Openid-specs-ab <openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>>:
>
> Hello Mike, everyone,
>
> in case of a library, rather than a deployment being tested, the interface provided by Roland is excellent for writing a suite like so that executes one test after the other in a ”spec” like manner, without any browser involvement, seeing how it is expected to submit image proofs of thrown errors is the described testing not eligible for certification submission?

I have a similar suite as Filip for running tests on my library against the test tool and I think Hans might also.
So, that is definitely a reasonable, if not even the preferred, use case.

> Of course it is entirely possible to rewrite the test suite to use a browser and capture the results there instead, but i think providing the codebase used for executing the tests and it's output where the executed assertions for each test are clearly marked could serve as proof as well.
>
> What do you think?
>
> Best,
> Filip Skokan
>
> On Thu, Dec 8, 2016 at 12:17 PM, Mike Jones via Openid-specs-ab <openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>> wrote:
> There are now complete RP certification submission instructions at http://openid.net/certification/rp_submission/ and updated example submissions showing RP certifications referenced from it at http://openid.net/wordpress-content/uploads/2016/12/Certification-Submission-Examples.pdf.  This means that we’re ready to accept real RP certification submissions!
>
>
>
> Hans, Edmund, Filip, Rich (and of course Roland) – you’ve been actively testing.  I encourage you to now take the final step to submit actual RP certification applications (thereby testing the instructions).  Please contact me (and possibly also Roland) if you have any questions about the instructions or suggestions on how to make them better.  All other members are likewise encouraged to likewise participate in the pilot phase, during which RP certifications are free.
>
>
>
> A huge thanks to Roland and the early testers for getting us to this point – especially Hans and Edmund!
>
>
>
> We’ll talk about this progress and related items on the Connect working group call in 3.75 hours…
>
>
>
>                                                        -- Mike
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-- Roland
"Education is the path from cocky ignorance to miserable uncertainty.” - Mark Twain



_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20161210/ab24e920/attachment-0001.html>


More information about the Openid-specs-ab mailing list