- From: Henry Story <henry.story@bblfish.net>
- Date: Mon, 6 May 2013 09:52:25 +0200
- To: Angelo Veltens <angelo.veltens@online.de>
- Cc: public-webid@w3.org
Thanks Angelo, your proposal below is exactly what we were hoping to do with the Test Suite. I think we erred trying to build something a bit too complicated requiring the authentication endpoint to return information about the reasons for the failure. It is probably best to start with something very simple like what you are proposing, and then make proposals on how endpoints that get false negtives can enhance their score. On 5 May 2013, at 11:01, Angelo Veltens <angelo.veltens@online.de> wrote: > Hi all, > > since I am still a little uncertain about what a WebID authentication > service has to consider, I am looking for test cases to verify the > correct behavior of such a service. > > I found the "Test Suite" wiki page [1], which seems to focus on > verifying certificates and profile pages, but not authentication services. > > Are there any formalised test cases to verify the correct behaviour of a > WebID authentication service? If not, I suggest to phrase them down, > e.g. in the gherkin language used by cucumber [2] (examples below). > > Based on this I am going to write an automated test suite that can be > run against any implementation of WebID authentication to verify it's > correct behaviour. > > [1] http://www.w3.org/2005/Incubator/webid/wiki/Test_Suite > [2] http://cukes.info/ > > Example scenarios in gherkin: > > Feature: WebID Authentication Service > > Background: > Given a website provides a WebID authentication at a login URL > > Scenario: Client authenticates with an invalid certificate > Given I own a certificate C > And the private key of C does not belong to the public key of C > When I visit the login URL > And provide the certificate C for authentication > Then the service responds ... > > Scenario: Client authenticates with an expired certificate > Given I own an expired certificate C > When I visit the login URL > And provide the certificate C for authentication > Then the service responds ... > > ... > > What do you think of it? > > Best regards, > Angelo > Social Web Architect http://bblfish.net/
Received on Monday, 6 May 2013 07:53:08 UTC