- From: Samuel Weiler <weiler@w3.org>
- Date: Tue, 27 Nov 2018 16:25:37 -0500
- To: Ackermann Yuriy <ackermann.yuriy@gmail.com>
- Cc: Brett McDowell <brett@fidoalliance.org>, public-webauthn@w3.org, swick@w3.org, "Hayward, Rae" <rae@fidoalliance.org>
Thank you, Yuriy. I'm not trivially seeing in these documents the answers to the specific questions I asked on 7 November. I think it would be helpful to go through the specific questions I asked on 7 November, address them directly, and (ideally) point us at the portions of documents (similar to these test plans) that support those answers. I also see that this v1.1 test plan is dated 8 November 2018. I would expect to see artifacts from when the relevant interop testing happened, acknowledging that might not match what is happening now. -- Sam On 11/20/18 5:39 PM, Ackermann Yuriy wrote: > Current certification process made of three stages: > > - Conformance testing, done through our automated conformance tests > tools. Conformance tools ensure that: > * Server returns valid requests and accepts valid responses(Positive > tests) > * Server throws error when bad response is received(Negative tests) > * Authenticator successfully process valid requests, and it responses > are compliant to the specs(Positive tests) > * Authenticator returns an error if bad request was sent(Negative tests) > > - Interoperability event, short Interop, is an event where server, and > authenticator vendors meet and test their implementations against each > other. Every authenticator is tested against every server. If issue > found, investigation is done by the authenticator and server vendor > under supervision of the FIDO engineer. If changes are made to any code, > server or/and authenticator vendor will re-run conformance tools, and > repeat their testing. > > - Security questionary: authenticator vendor will sit with FIDO security > secretariat representative and will assert their claims to their > security level. > > The conformance testing is governed by the testplan, that is approved by > the TWG. Here is UAF1.1 test plan and FIDO2 testplan for the extension > testing(sorry my bikeshed is broken and I am in the middle of flying) > > Please let me know if there is any other information you are required > > Yuriy Ackermann > FIDO, Identity, Standards > skype: ackermann.yuriy > github: @herrjemand <https://github.com/herrjemand> > twitter: @herrjemand <https://twitter.com/herrjemand> > medium: @herrjemand <https://medium.com/@herrjemand> > > > ср, 21 нояб. 2018 г. в 08:56, Brett McDowell <brett@fidoalliance.org > <mailto:brett@fidoalliance.org>>: > > Thanks Sam. Jumping to the question you didn't think we answered yet... > > On Tue, Nov 20, 2018 at 2:37 PM Samuel Weiler <weiler@w3.org > <mailto:weiler@w3.org>> wrote: > > Rather than try to reformat the data FIDO has, I encourage you > to focus > first on the specific question I asked on November 7th. That > question, > which I managed to phrase as a yes/no, boils down to "would you > please > clarify the minimum requirements for certification, so we can > see if > certification necessarily would prove extension interop?". > > > In a word -- YES -- and I thought Yuriy had actually answered that > in detail by passing along the certification criteria and test plan. > > Yuriy, > Since you are already on the list can you package up all the details > you previously sent to W3C separately and include them all here in > one reply to the public list? >
Received on Tuesday, 27 November 2018 21:25:17 UTC