+1 from me. I’d make time available for testing. —Keith
--
email & jabber: keith.hazelton@wisc.edu
calendar: http://go.wisc.edu/i6zxx0
____________
On 2015-11-06, 09:54 , "wg-uma-bounces@kantarainitiative.org on behalf of Mike Schwartz"
UMA-tarians,
We've been talking about interop / conformance testing for a long time, and I think we need to get this to the starting line.
There are a lot of UMA use cases that we need to prove out. I think we all agree that in order to move forward, we should start small, and in each iteration, cover more cases.
This past IIW, I broached the idea of forming a new volunteer organization called "SecurityLoft". I have been inspired by OWASP.
To start, SecurityLoft would just be a website, and a cloud server somewhere.
I spoke with Kelly Grizzle at Sailpoint about hosting SCIM conformance tests at SecurityLoft. Perhaps SecurityLoft could also host UMA tests.
The specific use case I think we should start with is (drum roll please...):
Client calls API on Resource Server
To get this done, we'll need to make a policy that any client can call to test positive and negative results. To make it easy to start with, I suggest using a policy based on time. In order to get a successful request, the permission ticket must be registered in the first 15 seconds of the minute. Just an idea... I was also thinking perhaps the UMA client could send claims as a json payload.
Modest start? Yes! But at least a start that shows something tangible!
- Mike
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-uma