- From: Angelo Veltens <angelo.veltens@online.de>
- Date: Sun, 05 May 2013 11:01:51 +0200
- To: public-webid@w3.org
Hi all,
since I am still a little uncertain about what a WebID authentication
service has to consider, I am looking for test cases to verify the
correct behavior of such a service.
I found the "Test Suite" wiki page [1], which seems to focus on
verifying certificates and profile pages, but not authentication services.
Are there any formalised test cases to verify the correct behaviour of a
WebID authentication service? If not, I suggest to phrase them down,
e.g. in the gherkin language used by cucumber [2] (examples below).
Based on this I am going to write an automated test suite that can be
run against any implementation of WebID authentication to verify it's
correct behaviour.
[1] http://www.w3.org/2005/Incubator/webid/wiki/Test_Suite
[2] http://cukes.info/
Example scenarios in gherkin:
Feature: WebID Authentication Service
Background:
Given a website provides a WebID authentication at a login URL
Scenario: Client authenticates with an invalid certificate
Given I own a certificate C
And the private key of C does not belong to the public key of C
When I visit the login URL
And provide the certificate C for authentication
Then the service responds ...
Scenario: Client authenticates with an expired certificate
Given I own an expired certificate C
When I visit the login URL
And provide the certificate C for authentication
Then the service responds ...
...
What do you think of it?
Best regards,
Angelo
Received on Sunday, 5 May 2013 09:02:20 UTC