-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 [I posted this question a little while ago to the WG chairs mailing list and got no response. Maybe my question is too trivial but I thought I should try it on the ietf@xxxxxxxx list as well to get some feedback.] Hi all, when concerns about the lack of interoperability surfaced mid last year in the OAuth working group we (Derek, and myself) tried to figure out whether we should schedule a face-to-face interop and/or to develop an online test suite. We got in touch with Lucy Lynch (ISOC) and she helped us to find developers to work with us on the test software. Roland Hedberg, one of the guys working on the project for OAuth testing, presented his ongoing work in the OAuth working group, see http://www.ietf.org/proceedings/86/slides/slides-86-oauth-2.pdf OAuth is a bit more complex since it involves more than two parties and we were looking for a test framework that could be re-used to develop the desired results more quickly. To our surprise we couldn't find a test framework that we could easily re-use since most test frameworks really focus on different types of tests. Of course, we might have looked in the wrong direction. Here is how it works at the moment: * Imagine you have developed an OAuth-based identity management server (that contains an OAuth 2.0 authorization server) and it runs somewhere on the Internet (or in your lab). You don't need to have access to the source code to execute the tests. * You download the scripts that Roland & Co had developed and configure them. Of course you will have to create an account at your IdP as well. * You run the test scripts against the authorization server and the script plays the other OAuth 2.0 parties in the exchange. The script contains a number of test cases (around 60+ at the moment) and determines whether the IdP responds correctly in the exchanges. I know that these ideas have come up in other working groups in the past already (such as in SCIM, which also has a test server up and running). It would be interesting to hear what others have been doing and what worked for you or what didn't. Ciao Hannes -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBCgAGBQJRzb+vAAoJEGhJURNOOiAtZBwIAISKHjD7gv8irkL4yaBR31K8 KLZCr/1n0n1OcXl3rE9MFOyA85hYNplZFd1giJLLgEX3UyofYXg/L2QOOLqtP0lT JgnW2CvR0WWKfIT1iKjAwAodCVLsHF8MdPE4tl0LBlCeqhA1waj/oCLkBzZrrhhq oWnZzP0I9nFdlSxV9EAHQ62RAxLUVQmBEqgMxl7A+iC9fGD8IhWSNSqqsaF0WOaB 6bHdwCFLYYAyqKhiuJAo/f6YFGEzIbPgpHPGjwBZzBIjwP/EGiFnAliyF8WATHzF RM+OWg6QASh1cNwzc0dbMcrcr1L1ve7amATMc4uPN7sRjhv0s62iguWfGRhQhHw= =YT5M -----END PGP SIGNATURE-----