...
- This topic opened with Rainer presenting his paper... http://kantarainitiative.org/confluence/download/attachments/41649836/SAML+ProfTest+Concept.pdf . The objective is to create a common super set of (web accessible ) tests, whereby each deployer adds tests to a common repository, and work with FedLab to fill test 'gaps'. The actual test harness itself would restrict access to 'signed up' deployers. All test cases covered: Request/Response, Meta-data etc.Metadata etc. .[JB: Notes that some vendor products do not automatically import metadata, so have to manually import and refresh. Also that Ping has done work with Box for a connection for SaaS providers, which offers a metadata applet for SP/IDPs supporting Ping Federate]. Austria wants to start with SP/RP's first since it has many SPs with many client apps and only 3 or 4 vendor products covering the 30 or so IDPs. .[SC: As an InCommon IDP all I care about is if they consume InCommon's metatada].[JB: SP piece will take a while to build]. General difficulty with metadata tests is testing 'consumption' - each product will behave differently. [JB: OID Connect tests if the overall exchange works or nor, rather than if it is conformant]. Metadata supplied by SP must be validated/pre-checked as OK before submission to the test harness. [SC: We must have a test for the XML DSig wrapping attack (since SAML Pummel predates it). Austria trying to find funding for this, since it will take hard work to automate.
- Next call consideration: Maybe do a discussion paper to lay out a kind of project plan
- Action: Put Rainer's 'SAML Profile Test Concept' draft paper on the wiki for easier reference (completed on 20th Dec?).
- Action: Put this topic on the list for discussion at the European IIW Vienna meeting, Feb 12/13th
...