Features and Feature Tests for the UMA1 Interop
NOTE: This page is very much in-progress. The full draft set of features and feature tests is attached.
The features and tests relate exclusively to the core protocol spec, any other normatively referenced specs, and software components that serve as protocol endpoints. None relate to the Binding Obligations document because this document describes expected behaviors of operators and users of these endpoints, which makes them untestable for the purposes of an interop.
Table of Contents |
---|
Features and tests that are new for UMA1 interop
Feature ID | Type | Description | Test ID | Type | Role | Description | Succeed | Fail |
---|---|---|---|---|---|---|---|---|
F-as-config | req | AS makes available its configuration data in the correct form at the correct location. Supporting clauses:
Issues: We no longer say RS and C MUST retrieve the config data. Should we? Should the last two tests here be "opt"? | FT-as-config-data | req | AS | AS provides configuration data that conforms to specified format | Data conforms to format requirements | Fails |
FT-as-config-endpts | opt | AS | AS makes config data available through SSL/TLS-protected URL | AS config data endpoint uses https: scheme and RS or client is able to validate AS's certificate | Fails | |||
FT-rs-get-config-data | req | RS | RS successfully accesses and parses AS config data properties it needs at http://\{as_uri}/.well-known/uma-configuration or https://\{as_uri}/.well-known/uma-configuration, including all endpoint-related properties not specific to the client and including handling of non-understood extension properties | RS successfully accesses and parses AS config data | Fails | |||
FT-c-get-config-data | req | C | Client successfully accesses and parses AS config data properties it needs at http://\{as_uri}/.well-known/uma-configuration or https://\{as_uri}/.well-known/uma-configuration, including all endpoint-related properties not specific to the RS and including handling of non-understood extension properties | Client successfully accesses and parses AS config data | Fails | |||
F-dyn-client-reg | opt | AS supports generating dynamic client credentials and RS and client support getting them. Supporting clauses:
Issues: Typo in Core Sec 1.4: s/absent/absence/ | FT-as-dyn-client-reg | opt | AS | AS config data "dynamic_client_endpoint" property is non-null | AS config data "dynamic_client_endpoint" property has a valid URL value for a DynClientReg endpoint | Fails |
FT-rs-get-dyn-client-creds | opt | RS | RS interacts with AS to request and receive client credentials dynamically | RS gets client credentials dynamically | Fails | |||
FT-c-get-dyn-client-creds | opt | C | C interacts with AS to request and receive client credentials dynamically | C gets client credentials dynamically | Fails | |||
Historical supporting clauses:
F-pat:
- Sec 1.5: "oauth_token_profiles_supported REQUIRED. …. The AM is REQUIRED to support this profile, and to supply this string value explicitly. The AM MAY declare its support for additional access token profiles by providing a unique absolute URI in a string value in the array for each one." (This profile being the bearer token profile.)
- Sec 1.5: "oauth_grant_types_supported REQUIRED. …. Each string value MUST be one of the grant_type values defined in [OAuth2], or alternatively an extension grant type indicated by a unique absolute URI."
- Sec 1.5: "token_endpoint REQUIRED."
- Sec 1.5: "user_endpoint REQUIRED."
- Sec 2.3: "The host MUST use OAuth 2.0 [OAuth2] to obtain the protection API token."
- Sec 1.3: "The AM presents the following endpoints to the host as part of its protection API; these endpoints are OAuth-protected and require a PAT for access, for which the "protection" OAuth scope is required…"
- Sec 1.5: "resource_set_registration_endpoint REQUIRED. …. A PAT MUST accompany requests to this protected endpoint."
- Sec 2.4.3: "The host MUST use its valid PAT obtained previously to gain access to this endpoint." (This endpoint being resource_set_registration_endpoint.)
- Sec 3.2: "The host registers the permission using the POST method at the AM's permission registration endpoint, providing its PAT to get access to this endpoint."
...