W3C home > Mailing lists > Public > public-webid@w3.org > May 2013

TestSuite to verify WebID authentication services

From: Angelo Veltens <angelo.veltens@online.de>
Date: Sun, 05 May 2013 11:01:51 +0200
Message-ID: <51861FFF.4060801@online.de>
To: public-webid@w3.org
Hi all,

since I am still a little uncertain about what a WebID authentication
service has to consider, I am looking for test cases to verify the
correct behavior of such a service.

I found the "Test Suite" wiki page [1], which seems to focus on
verifying certificates and profile pages, but not authentication services.

Are there any formalised test cases to verify the correct behaviour of a
WebID authentication service? If not, I suggest to phrase them down,
e.g. in the gherkin language used by cucumber [2] (examples below).

Based on this I am going to write an automated test suite that can be
run against any implementation of WebID authentication to verify it's
correct behaviour.

[1] http://www.w3.org/2005/Incubator/webid/wiki/Test_Suite
[2] http://cukes.info/

Example scenarios in gherkin:

Feature: WebID Authentication Service

  Background:
    Given a website provides a WebID authentication at a login URL

  Scenario: Client authenticates with an invalid certificate
    Given I own a certificate C
    And the private key of C does not belong to the public key of C
    When I visit the login URL
    And provide the certificate C for authentication
    Then the service responds  ...

  Scenario: Client authenticates with an expired certificate
    Given I own an expired certificate C
    When I visit the login URL
    And provide the certificate C for authentication
    Then the service responds ...

  ...

What do you think of it?

Best regards,
Angelo
Received on Sunday, 5 May 2013 09:02:20 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:54:43 UTC