- From: Samuel Weiler <weiler@w3.org>
- Date: Tue, 27 Nov 2018 17:05:17 -0500
- To: Brett McDowell <brett@fidoalliance.org>
- Cc: Yuriy Ackermann <ackermann.yuriy@gmail.com>, public-webauthn@w3.org, swick@w3.org, "Hayward, Rae" <rae@fidoalliance.org>
On 11/27/18 4:59 PM, Brett McDowell wrote: > At the risk of transparency, and based on my assessment that we are > talking past each other and duplicating effort, may I suggest Sam jump > on a call with Yuriy, open up some form of screen sharing, and get to > the bottom of what needs answering once and for all? Heck, it could be > a bridge we advertise so others could join as well (for transparency). > But the emails are just keeping us in a loop of "I answered your > question, I don't think you answered my question..." That might well be useful - thank you for suggesting it. I'll email Yuriy. > > Brett McDowell | Sent from mobile > > On Wed, Nov 28, 2018, 5:25 AM Samuel Weiler <weiler@w3.org > <mailto:weiler@w3.org> wrote: > > Thank you, Yuriy. > > I'm not trivially seeing in these documents the answers to the specific > questions I asked on 7 November. > > I think it would be helpful to go through the specific questions I > asked > on 7 November, address them directly, and (ideally) point us at the > portions of documents (similar to these test plans) that support those > answers. > > I also see that this v1.1 test plan is dated 8 November 2018. I would > expect to see artifacts from when the relevant interop testing > happened, > acknowledging that might not match what is happening now. > > -- Sam > > On 11/20/18 5:39 PM, Ackermann Yuriy wrote: > > Current certification process made of three stages: > > > > - Conformance testing, done through our automated conformance tests > > tools. Conformance tools ensure that: > > * Server returns valid requests and accepts valid > responses(Positive > > tests) > > * Server throws error when bad response is received(Negative tests) > > * Authenticator successfully process valid requests, and it > responses > > are compliant to the specs(Positive tests) > > * Authenticator returns an error if bad request was > sent(Negative tests) > > > > - Interoperability event, short Interop, is an event where > server, and > > authenticator vendors meet and test their implementations against > each > > other. Every authenticator is tested against every server. If issue > > found, investigation is done by the authenticator and server vendor > > under supervision of the FIDO engineer. If changes are made to > any code, > > server or/and authenticator vendor will re-run conformance tools, > and > > repeat their testing. > > > > - Security questionary: authenticator vendor will sit with FIDO > security > > secretariat representative and will assert their claims to their > > security level. > > > > The conformance testing is governed by the testplan, that is > approved by > > the TWG. Here is UAF1.1 test plan and FIDO2 testplan for the > extension > > testing(sorry my bikeshed is broken and I am in the middle of flying) > > > > Please let me know if there is any other information you are required > > > > Yuriy Ackermann > > FIDO, Identity, Standards > > skype: ackermann.yuriy > > github: @herrjemand <https://github.com/herrjemand> > > twitter: @herrjemand <https://twitter.com/herrjemand> > > medium: @herrjemand <https://medium.com/@herrjemand> > > > > > > ср, 21 нояб. 2018 г. в 08:56, Brett McDowell > <brett@fidoalliance.org <mailto:brett@fidoalliance.org> > > <mailto:brett@fidoalliance.org <mailto:brett@fidoalliance.org>>>: > > > > Thanks Sam. Jumping to the question you didn't think we > answered yet... > > > > On Tue, Nov 20, 2018 at 2:37 PM Samuel Weiler <weiler@w3.org > <mailto:weiler@w3.org> > > <mailto:weiler@w3.org <mailto:weiler@w3.org>>> wrote: > > > > Rather than try to reformat the data FIDO has, I > encourage you > > to focus > > first on the specific question I asked on November 7th. That > > question, > > which I managed to phrase as a yes/no, boils down to > "would you > > please > > clarify the minimum requirements for certification, so we can > > see if > > certification necessarily would prove extension interop?". > > > > > > In a word -- YES -- and I thought Yuriy had actually answered > that > > in detail by passing along the certification criteria and > test plan. > > > > Yuriy, > > Since you are already on the list can you package up all the > details > > you previously sent to W3C separately and include them all > here in > > one reply to the public list? > > >
Received on Tuesday, 27 November 2018 22:05:20 UTC