One thing to look at are the OpenID Connect interop tests and the portions/flows of OAuth that it covers, as that is going on now.
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Prateek Mishra Sent: Monday, October 7, 2013 2:39 PM To: IETF oauth WG Subject: [OAUTH-WG] Fwd: [oauth-interop] scope and reach of testing activity Folks interested in OAuth interop/implementation testing may want to participate in this discussion. Details at: http://www.ietf.org/mail-archive/web/oauth/current/msg12128.html -------- Original Message -------- Subject: [oauth-interop] scope and reach of testing activity Date: Fri, 04 Oct 2013 16:48:50 -0700 From: Prateek Mishra <prateek.mis...@oracle.com><mailto:prateek.mis...@oracle.com> Organization: Oracle Corporation To: oauth-inte...@elists.isoc.org<mailto:oauth-inte...@elists.isoc.org> Hello OAuth Interop list, I would be interested in kicking off a discussion around the definition of scope and reach of the proposed testing activity. OAuth interop, of course, is the core activity. I assume this would take the form of testing the exchanges described in Sections 4-6 of RFC 6749 for each of the different client and grant types. Both positive and negative tests would presumably be included. But OAuth is also a security specification, and there are constraints defined over OAuth server and client behavior with respect to redirect_uri checking, access code and token lifetimes and so on. In addition to the material in Sections 4-6, there are additional constraints described in Section 10 and, of course, RFC 6819. So thats another area that would benefit from a set of tests, but I can see that describing these tests might be more challenging. I would be interested in other opinions on the scope and nature of tests being developed by this group. - prateek _______________________________________________ Oauth-interop mailing list oauth-inte...@elists.isoc.org<mailto:oauth-inte...@elists.isoc.org> https://elists.isoc.org/mailman/listinfo/oauth-interop
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
