[OpenID-Specs-eKYC-IDA] Conformance tests

[Edmund Jay]

Hi WG members,


Here is a list of the current conformance suite tests :

ekyc-server-happypath   Request only one claim, selected from the list of claims_in_verified_claims_supported without requesting any other verification element and expect a happy path flow.

ekyc-server-happypath-emptyobject   Request only one claim, selected from the list of claims_in_verified_claims_supported, without requesting any other verification element and expect a happy path flow. Uses empty objects instead of 'null' when requesting claim.

ekyc-server-happypath-essentialfalse      Request only one claim, selected from the list of claims_in_verified_claims_supported, without requesting any other verification element and expect a happy path flow. Uses {\"essential\": false} instead of null when request the claim.

ekyc-server-unknown-claim-omitted   This test requests one known claim, selected from the list of claims_in_verified_claims_supported, and one random claim name (unknown to the OP) and expects a happy path flow. The unknown claim must be omitted from responses.

ekyc-server-unknown-essential-claim-omitted     This test requests one known claim, selected from the list of claims_in_verified_claims_supported, and one random claim name (unknown to the OP), marked as essential, and expects a happy path flow. The unknown claim must be omitted from responses.

ekyc-server-unknown-claim-specialchars-omitted  This test requests one known claim, selected from the list of claims_in_verified_claims_supported, and one random claim name (unknown to the OP), with special chars in its name, and expects a happy path flow. The unknown claim must be omitted from responses.

ekyc-server-one-claim-with-random-value-omitted       This test requests one known claim, selected from the list of claims_in_verified_claims_supported,  but with a random value (a UUID) that cannot be fullfilled and expects the authorization to succeed. The verified_claims must be omitted from responses completely as the value cannot be fulfilled.

ekyc-server-long-purpose-invalid-request  This test requests one known claim, selected from the list of claims_in_verified_claims_supported,  with a purpose longer than 300 characters. The authentication request MUST fail and the OP return an error invalid_request to the RP.

ekyc-server-short-purpose-invalid-request       This test requests one known claim, selected from the list of claims_in_verified_claims_supported, with a purpose which is only 2 characters long. As per section 6.1 of the spec, the authentication request MUST fail and the OP return an error invalid_request to the RP.

ekyc-server-request-only-in-idtoken       Request only one claim, selected from the list of claims_in_verified_claims_supported, only in id_token, without requesting any other verification element and expect a happy path flow. verified_claims must not be included in userinfo responses.

ekyc-server-request-only-in-userinfo      Request only one claim, selected from the list of claims_in_verified_claims_supported, only in userinfo, without requesting any other verification element and expect a happy path flow.verified_claims must not be included in id_tokens.

ekyc-server-testuserprovidedrequest       This test uses the verified_claims request provided in verified_claims_request field and expects a happy path flow, i.e the request must succeed.

ekyc-server-testbasedonuserinfo-defaults  This test builds the verified_claims request using the userinfo data provided in test configuration and expects a happy path flow, i.e the request must succeed, and returned data must match the provided userinfo. This test will be skipped if userinfo data is not provided.

ekyc-server-test-userinfo-notfoundinop    This test builds the verified_claims request using the userinfo data provided in test configuration and expects a happy path flow, i.e the request must succeed, and returned data must match the provided userinfo. This test will be skipped if userinfo data is not provided in configuration.

Of these tests, it looks like ekyc-server-long-purpose-invalid-request and ekyc-server-short-purpose-invalid-request are no longer relevant.

Some of the more advanced things like trust frameworks, evidences and documents  are not tested.

Mark has mentioned testing eKYC as part of other protocols like FAPI.

I'm currently updating the conformance suite from ID3 -> Final and as part of the that , please think about what other parts of the specs you would like to be tested.

Edmund





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ekyc-ida/attachments/20241119/63fb1c4f/attachment-0001.htm>