[WG-UMA] Forwarded from Cordny: logical test cases

5 views
Skip to first unread message

Eve Maler

unread,
Feb 9, 2012, 10:18:22 AM2/9/12
to WG UMA
UMAnitarians,

see below for a draft of phase 2 testcases
I won't be in for tonight's telecon.

Feedback very welcome

Best,

Cordny



21 January 2012

 

User Managed Access Core Protocol
 
Logical testcases based on User-Managed Access (UMA) 1.0 Core Protocol[i]
based on specs per 21-01-12
Phase 2: Getting Authorization

 

Actors: HOST, requester, AM
Steps:

 

  1. The requester attempts access at a particular protected resource at a HOST (3.1)
  2. HOST checks token's status at AM(3.3)
  3. no match permissions scope attempted access
  4. requester request token from approprioate AM
  5. requester request token ,for adding permission, from AM
  6. Host gives OK response and representation resource to requester's access attempt

 

 

Phase2Step1 Requester-HOST: Attempt Access to protected resource

 

Preconditions:
Host-AM registration UMA-protected resources to be accessed

 

Response HOST
Phase2Step1Branch1 Requester presents VALID Access Toke
IF                    requester's Access Request (DETAILS) contains VALID Access token
AND               requester's token status associated with 1 or more valid permissions (scope of access)
THEN             HOST Response 200 OK status: requester access to protected resource
AND              conclusion Phase 3 UMA

          

ELSE

 

Phase2Step1Branch2 Requester presents NO Access Token
IF                    requester's Access Request (DETAILS) contains NO Access token
THEN             HOST Response: HTTP 401 (Unauthorized) Status Code
AND               AM's URI (facilitation AM Metadata by requester)
HOST-id mandatory??

 

ELSE
Phase2Step1Branch3 Requester presents INVALID Access Token
IF                    requester's Access Request token's status invalid
THEN             HOST Response: HTTP 401 (Unauthorized) Status Code
AND               AM's URI (facilitation AM Metadata by requester)
HOST-id mandatory??

 

ELSE
Phase2Step1Branch4 Requester token has insufficient permission
IF                    requester's token status NOT associated with 1 valid permissions (scope of access)
THEN             HOST Response: HTTP 403 (Forbidden) Status Code
Phase2Step2 HOST-AM: Ask for Requester Access Token Status
 
Precondition:
Host receives requester access token from requester when requester tries to access the host.

 

IF                    HOST receives access token from requester
THEN             HOST asks AM for that token status:

                      

IF                    HOST request contains:
Ø       POST request to AM's token status endpoint with
*body HTTP request message has JSON document ( requester access token + (IP address requester's address OR originating IP address indic. In requester;s X-forwared-For: header value)
                                   *host access token

 

THEN             response AM:
Ø       HTTP RESPONSE
·          JSON doc.
·          AND
·          (200 OK status
                                   AND
                                   JSON array contains all necessary properties: resource_set_id, scopes and                            exp
                                   AND
                                   All permissions valid for tequester access token
                                   OR
                                   indication token is invalid )                              

 

ELSE 

 

IF                    HOST has cached token status description
AND               cached token status description is NOT expired
THEN             use cached token status description instead of request AM token's status

 

Technically a substep of Phase2Step1Branch1-4

 

 

 

 

Phase2Step3 HOST-AM Register a Permission
 
Precondition:

 

 

Technically a substep of Phase2Step1Branch1-4

 

 

 

 

Phase2Step4 Request Authorization to Add Permissions
 
Precondition:

 

 

Technically a substep of Phase2Step1Branch1-4
 
Testcases authorization flows
also needed for conformance testing?

Eve Maler                                  http://www.xmlgrrl.com/blog
+1 425 345 6756                         http://www.twitter.com/xmlgrrl

Reply all
Reply to author
Forward
0 new messages