Open labkode opened 5 years ago
@glpatcern let me know when you have time to start so I can guide you
In the CS3APIS documentation there are description for the requirements written for humans, like
REQUIRED. The access token this application provider will use when contacting the storage
provider to read and write. Service implementors MUST make sure that the access token only
grants access to the requested resource. Service implementors should use a ResourceId rather
than a filename to grant access, as ResourceIds MUST NOT change when a resource is renamed.
The access token MUST be short-lived. TODO(labkode): investigate token derivation techniques.
These statements should be numbered, like
CS3-100: Access-token only grants access to the resource.
CS3-200: ResourceId MUST NOT change when renaming a resource
...
Then when running the tool:
$ reva-certify cs3.cloud
CS3-100: OK
CS3-200: FAIL
...
The idea is to develop a tool that will verify the compliance level of any CS3 service with the CS3 APIS.
Think of litmus for webdav.
This tool is needed to certify future CS3-based services deployments to ensure interoperability between entities and implementations.
The tool will also help to identify bugs and missing features on implementations of CS3 services.