Versions Compared

Old Version 1

changes.mady.by.user Eve Maler

Saved on

compared with

New Version 2

changes.mady.by.user Eve Maler

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

5The value, if this property is present, the value MUST be the string "yes" (dynamic registration is supported, using an unspecified method) or "no" (it is not supported; hosts and requesters are required to pre-register)." (The property being dynamic_client_registration_supported.)
  • Sec 2.2: "If the host has not already obtained an OAuth client identifier and optional secret from this AM, in this step it MUST do so in order to engage in OAuth-based interactions with the AM."
    •  
    Feature IDTypeDescriptionTest IDTypeRoleDescriptionSucceedFail
    F-as-configreq

    AS makes available its configuration data in the correct form at the correct location. Supporting clauses:

    • Core Sec 1.4: "The authorization server MUST provide configuration data in a JSON [RFC4627] document that resides in an /uma-configuration directory at at its hostmeta [hostmeta] location."
    • Core Sec 1.4: "Authorization server configuration data MAY contain extension properties that are not defined in this specification."
    • Core Sec 1.4: "All endpoint URIs SHOULD require the use of a transport-layer security mechanism such as TLS. The authorization server MUST declare all of its endpoints in its configuration data (see Section 1.4)."
    • (Also all the REQUIREDs/MUSTs and MAYs appearing in Core Sec 1.4 regarding the JSON format for AM configuration data.)
    • RSR Sec 1.3: "If the authorization server declares its endpoints and any other configuration data in a machine-readable form, for example [OAuth-linktypes] or [OAuth-meta], it SHOULD convey its resource set registration endpoint in this fashion as well."

    Issues: We no longer say RS and C MUST retrieve the config data. Should we? Should the last two tests here be "opt"?

    		FT-as-config-datareqASAS provides configuration data that conforms to specified formatData conforms to format requirementsFails
    FT-as-config-endptsoptASAS makes config data available through SSL/TLS-protected URLAS config data endpoint uses https: scheme and RS or client is able to validate AS's certificateFails
    FT-rs-get-config-datareqRSRS successfully accesses and parses AS config data properties it needs at http://\{as_uri}/.well-known/uma-configuration or https://\{as_uri}/.well-known/uma-configuration, including all endpoint-related properties not specific to the client and including handling of non-understood extension propertiesRS successfully accesses and parses AS config dataFails
    FT-c-get-config-datareqCClient successfully accesses and parses AS config data properties it needs at http://\{as_uri}/.well-known/uma-configuration or https://\{as_uri}/.well-known/uma-configuration, including all endpoint-related properties not specific to the RS and including handling of non-understood extension propertiesClient successfully accesses and parses AS config dataFails
    F-dyn-client-regopt

    AS supports generating dynamic client credentials and RS and client support getting them. Supporting clauses:

    		     
    • dynamic_client_endpoint - OPTIONAL. The endpoint to use for performing dynamic client registration. Usage is defined by [DynClientReg]. The presence of this property indicates authorization server support for the dynamic client registration feature and its absent indicates a lack of support."
    • Core Sec 2: "It is OPTIONAL for the client credentials to be provided dynamically through [DynClientReg]); alternatively, they MAY use a static process."

    Issues: Typo in Core Sec 1.4: s/absent/absence/

    		FT-as-dyn-client-regoptASAS config data "dynamic_client_endpoint" property is non-nullAS config data "dynamic_client_endpoint" property has a valid URL value for a DynClientReg endpointFails
    FT-rs-get-dyn-client-credsoptRSRS interacts with AS to request and receive client credentials dynamicallyRS gets client credentials dynamicallyFails
    FT-c-get-dyn-client-credsoptCC interacts with AS to request and receive client credentials dynamicallyC gets client credentials dynamicallyFails
             

     

    F-dyn-client-reg:

    • Sec 1.5: "The value, if this property is present, the value MUST be the string "yes" (dynamic registration is supported, using an unspecified method) or "no" (it is not supported; hosts and requesters are required to pre-register)." (The property being dynamic_client_registration_supported.)
    • Sec 2.2: "If the host has not already obtained an OAuth client identifier and optional secret from this AM, in this step it MUST do so in order to engage in OAuth-based interactions with the AM."

    ...