Open zandbelt opened 7 years ago
Hans will send the changes to Mike, who will then update the documents.
OP-Response-form_post
Is indeed not (yet) present in the document because it is relatively new (added after the doc was created)sThe following:
OP-request_uri-Unsigned
OP-ClientAuth-Basic-Dynamic
OP-ClientAuth-SecretPost-Dynamic
OP-IDToken-none
OP-IDToken-kid
OP-IDToken-RS256
Are available in both the doc as well as the test suite under the same name, no action required wrt. documentation.I believe the tester is missing those tests in the list because of the configuration of the test tool instance; the following should be enabled:
Cryptographic support: signing none encryption
The tester confirmed: "Yeah I think it is due to the configuration." Now there's just the matter of OP-Response-form_post
not being present in the document yet but it is optional anyhow (and we'll have more like op-init-sso
) so I believe we can close this for now.
Both and OP-request_uri-Support and OP-Rotation-OP-Sig are currently displayed even when not testing the Dynamic OP profile, but they should only appear for Dynamic - per the profile definitions at http://openid.net/wordpress-content/uploads/2016/12/OpenID-Connect-Conformance-Profiles.pdf . @rohe - can you do an updated release restricting their visibility to Dynamic (and possibly Extra). Thanks.
Note that this is not a complete review of the potential issues on my part. It's just cases I know of because they are causing confusion for testers.
Also rp-claims-distributed
and rp-claims-aggregated
are in the list of RP tests but not reflected in the latest version of the conformance profiles doc: https://openid.net/wordpress-content/uploads/2018/06/OpenID-Connect-Conformance-Profiles.pdf
I believe all tests are still there, they just have different names. Changing the names of the tests may result in problems for testers using automated certification, so we are going to change the names in the doc.
I'll report back here which tests have been renamed to which names asap.