SlideShare a Scribd company logo

FedLab and OIC testing at NorduNet

Download as KEY, PDF
Andreas Åkre Solberg
Andreas Åkre Solberg

OpenID Connect test fascility Federation Lab. Presented at NorduNet 2012 in Oslo, Norway.

Technology
1 of 17
Andreas Åkre Solberg Roland Hedberg UNINETT AS Univ. Umeå Federation Lab and OpenID Connect NorduNet Conference Oslo, Norway, September 2012
Federation Lab ✤ Identity toolkit for testing, validation and debugging of Identity Software. ✤ Automated testing tool for increasing interoperability between providers and consumers with SAML and OpenID Connect. ✤ A GÉANT project (GN3 JRA3T2) in collaboration with Kantara Initiative and the OpenID community. OpenID Testing Commercial (Kantara Intitive) <-> Research and HE (GEANT) Established (SAML) <-> Emerging (OIC) Nordic collaboration (UNINETT and umu.se) Involved in standardization A very important reference implementation
Complex End-to-end Systems Many implementations This is a good thing! Many deployments Variying spec interpretion Really difficult Sub-set implementations to avoid this Interop issues Things stop working for end users. Who to blame? Who can fix it? ! - difficult question Things continues to not work Unhappy users We MUST avoid this, but how?
What causes interop issues ✤ Flexibility, too many options. Sub-set implementations. ✤ Deployment options ✤ Yet to be discovered software bugs ✤ Unclear specification ✤ Poor error handling ✤ Lack of feature negotiation or limited language (metadata) of expressing supported features
Postel’s Law «Be strict in what you send, but generous in what you receive» Postel's Law,1981, RFC793: TCP ✤ Will this increase interop? ✤ Interop issues less likely to be detected, and may easily pass matrix testing.
Typical Matrix Testing Test 4-5 products against each other Validate that it is possible to configure the products to work with each other. Product is certified. Does not really ensure interop in an actual deployment.
Profiling By being very excplitit on how to use the protocols, interoperability increases. saml2int
Automated Testing of SAML and OpenID Connect This is what we did with Federation Lab An automated client, simulates one entity whiles test the other. Consumer <-> Provider Performs about 100 different test flows, and focus on discovering things that goes wrong, rather than verifying that things may work. Real time testing with detailed feedback Test each provider, and present results. for debugging.
Federation Lab contains a set of useful debugging tools for encoding and decoding messages.
Automated testing of SAML Service Providers performs approx 80 test runs with various legal and illegal message flows to verify behaviour of software.
Automated testing of OpenID Connect Providers tests providers, and involves an innovative engine for working with human user interaction with login screens.
OpenID Connect Roland Hedberg Univ. Umeå
How to find the ‘key’?
Different solutions • SAML • Metadata • OpenID Connect • Dynamic discovery and registration
Flow differencies IdP AS 4 5 3 3 2 4 UA 6 OP UA 2 1 7 1 9 8 SP RP SAML OpenID Connect
Returning attributes • SAML • Static • Response contains 1-n assertions • OIC • Dynamic • Aggregated/distributed claims
Thanks for listening. Federation Lab (beta) http://openidtest.uninett.no

Recommended

Verification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsVerification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsAdaCore
 
Java code coverage with JCov. Implementation details and use cases.
Java code coverage with JCov. Implementation details and use cases.Java code coverage with JCov. Implementation details and use cases.
Java code coverage with JCov. Implementation details and use cases.Alexandre (Shura) Iline
 
OpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGOpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGNat Sakimura
 
Full stack security
Full stack securityFull stack security
Full stack securityDPC Consulting Ltd
 
OpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGOpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGNat Sakimura
 
API Days 2016 Day 1: OpenID Financial API WG
API Days 2016 Day 1: OpenID Financial API WGAPI Days 2016 Day 1: OpenID Financial API WG
API Days 2016 Day 1: OpenID Financial API WGNat Sakimura
 
OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11Nov Matake
 
API Security with OAuth2.0.
API Security with OAuth2.0.API Security with OAuth2.0.
API Security with OAuth2.0.Kellton Tech Solutions Ltd
 

Recommended

Verification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsVerification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsAdaCore
 
Java code coverage with JCov. Implementation details and use cases.
Java code coverage with JCov. Implementation details and use cases.Java code coverage with JCov. Implementation details and use cases.
Java code coverage with JCov. Implementation details and use cases.Alexandre (Shura) Iline
 
OpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGOpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGNat Sakimura
 
Full stack security
Full stack securityFull stack security
Full stack securityDPC Consulting Ltd
 
OpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGOpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGNat Sakimura
 
API Days 2016 Day 1: OpenID Financial API WG
API Days 2016 Day 1: OpenID Financial API WGAPI Days 2016 Day 1: OpenID Financial API WG
API Days 2016 Day 1: OpenID Financial API WGNat Sakimura
 
OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11Nov Matake
 
API Security with OAuth2.0.
API Security with OAuth2.0.API Security with OAuth2.0.
API Security with OAuth2.0.Kellton Tech Solutions Ltd
 
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CloudIDSummit
 
JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2Rodrigo Cândido da Silva
 
Financial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID ConnectFinancial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID ConnectNat Sakimura
 
Blockchain and Big Data/IoT
Blockchain and Big Data/IoTBlockchain and Big Data/IoT
Blockchain and Big Data/IoTEiji Sasahara, Ph.D., MBA 笹原英司
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API SecurityJagadish Vemugunta
 
Deep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital AgeDeep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital AgeApigee | Google Cloud
 
reveal.js 3.0.0
reveal.js 3.0.0reveal.js 3.0.0
reveal.js 3.0.0Hakim El Hattab
 
Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...
Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...
Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...Pistoia Alliance
 
Six Principles of Software Design to Empower Scientists
Six Principles of Software Design to Empower ScientistsSix Principles of Software Design to Empower Scientists
Six Principles of Software Design to Empower ScientistsDavid De Roure
 
Transport SDN Interoperability Program with OIF
Transport SDN Interoperability Program with OIFTransport SDN Interoperability Program with OIF
Transport SDN Interoperability Program with OIFDeborah Porchivina
 
A Fault Tolerance Concept for Distributed OSGi Applications - Fabian Meyer
A Fault Tolerance Concept for Distributed OSGi Applications - Fabian MeyerA Fault Tolerance Concept for Distributed OSGi Applications - Fabian Meyer
A Fault Tolerance Concept for Distributed OSGi Applications - Fabian Meyermfrancis
 
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...Applitools
 
Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...
Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...
Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...IRJET Journal
 
Google, quality and you
Google, quality and youGoogle, quality and you
Google, quality and younelinger
 
Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...
Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...
Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...Curiosity Software Ireland
 
Unit Testing Fundamentals
Unit Testing FundamentalsUnit Testing Fundamentals
Unit Testing FundamentalsRichard Paul
 
Agile Mobile Testing Workshop
Agile Mobile Testing WorkshopAgile Mobile Testing Workshop
Agile Mobile Testing WorkshopNaresh Jain
 
Writting Better Software
Writting Better SoftwareWritting Better Software
Writting Better Softwaresvilen.ivanov
 
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...Open Mobile Alliance
 
Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...
Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...
Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...Susumu Tokumoto
 
TMF2014 Mobile Testing Workshop Michael Palotas
TMF2014 Mobile Testing Workshop Michael PalotasTMF2014 Mobile Testing Workshop Michael Palotas
TMF2014 Mobile Testing Workshop Michael PalotasKJR
 
TEA Presentation V 0.3
TEA Presentation V 0.3TEA Presentation V 0.3
TEA Presentation V 0.3Ian McDonald
 

More Related Content

Viewers also liked

CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CloudIDSummit
 
JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2Rodrigo Cândido da Silva
 
Financial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID ConnectFinancial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID ConnectNat Sakimura
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API SecurityJagadish Vemugunta
 
Deep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital AgeDeep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital AgeApigee | Google Cloud
 

Viewers also liked (7)

CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
 
JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2
 
Financial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID ConnectFinancial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID Connect
 
Blockchain and Big Data/IoT
Blockchain and Big Data/IoTBlockchain and Big Data/IoT
Blockchain and Big Data/IoT
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API Security
 
Deep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital AgeDeep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital Age
 
reveal.js 3.0.0
reveal.js 3.0.0reveal.js 3.0.0
reveal.js 3.0.0
 

Similar to FedLab and OIC testing at NorduNet

Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...
Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...
Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...Pistoia Alliance
 
Six Principles of Software Design to Empower Scientists
Six Principles of Software Design to Empower ScientistsSix Principles of Software Design to Empower Scientists
Six Principles of Software Design to Empower ScientistsDavid De Roure
 
Transport SDN Interoperability Program with OIF
Transport SDN Interoperability Program with OIFTransport SDN Interoperability Program with OIF
Transport SDN Interoperability Program with OIFDeborah Porchivina
 
A Fault Tolerance Concept for Distributed OSGi Applications - Fabian Meyer
A Fault Tolerance Concept for Distributed OSGi Applications - Fabian MeyerA Fault Tolerance Concept for Distributed OSGi Applications - Fabian Meyer
A Fault Tolerance Concept for Distributed OSGi Applications - Fabian Meyermfrancis
 
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...Applitools
 
Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...
Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...
Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...IRJET Journal
 
Google, quality and you
Google, quality and youGoogle, quality and you
Google, quality and younelinger
 
Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...
Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...
Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...Curiosity Software Ireland
 
Unit Testing Fundamentals
Unit Testing FundamentalsUnit Testing Fundamentals
Unit Testing FundamentalsRichard Paul
 
Agile Mobile Testing Workshop
Agile Mobile Testing WorkshopAgile Mobile Testing Workshop
Agile Mobile Testing WorkshopNaresh Jain
 
Writting Better Software
Writting Better SoftwareWritting Better Software
Writting Better Softwaresvilen.ivanov
 
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...Open Mobile Alliance
 
Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...
Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...
Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...Susumu Tokumoto
 
TMF2014 Mobile Testing Workshop Michael Palotas
TMF2014 Mobile Testing Workshop Michael PalotasTMF2014 Mobile Testing Workshop Michael Palotas
TMF2014 Mobile Testing Workshop Michael PalotasKJR
 
TEA Presentation V 0.3
TEA Presentation V 0.3TEA Presentation V 0.3
TEA Presentation V 0.3Ian McDonald
 
IRJET - A Valuable and Speculative Approach to Manage the Item Testing by usi...
IRJET - A Valuable and Speculative Approach to Manage the Item Testing by usi...IRJET - A Valuable and Speculative Approach to Manage the Item Testing by usi...
IRJET - A Valuable and Speculative Approach to Manage the Item Testing by usi...IRJET Journal
 
Introduction of Okinawa Open Laboratory and it's activities (iPOP2015)
Introduction of Okinawa Open Laboratory and it's activities (iPOP2015)Introduction of Okinawa Open Laboratory and it's activities (iPOP2015)
Introduction of Okinawa Open Laboratory and it's activities (iPOP2015)Takashi Torii
 
UNH-IOL Software Defined Netwokring (SDN) Testing Services
UNH-IOL Software Defined Netwokring (SDN) Testing ServicesUNH-IOL Software Defined Netwokring (SDN) Testing Services
UNH-IOL Software Defined Netwokring (SDN) Testing ServicesUNH InterOperability Lab
 
A Tool for Optimizing Java 8 Stream Software via Automated Refactoring
A Tool for Optimizing Java 8 Stream Software via Automated RefactoringA Tool for Optimizing Java 8 Stream Software via Automated Refactoring
A Tool for Optimizing Java 8 Stream Software via Automated RefactoringRaffi Khatchadourian
 
ElasTest: quality for cloud native applications
ElasTest: quality for cloud native applicationsElasTest: quality for cloud native applications
ElasTest: quality for cloud native applicationsElasTest Project
 

Similar to FedLab and OIC testing at NorduNet (20)

Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...
Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...
Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...
 
Six Principles of Software Design to Empower Scientists
Six Principles of Software Design to Empower ScientistsSix Principles of Software Design to Empower Scientists
Six Principles of Software Design to Empower Scientists
 
Transport SDN Interoperability Program with OIF
Transport SDN Interoperability Program with OIFTransport SDN Interoperability Program with OIF
Transport SDN Interoperability Program with OIF
 
A Fault Tolerance Concept for Distributed OSGi Applications - Fabian Meyer
A Fault Tolerance Concept for Distributed OSGi Applications - Fabian MeyerA Fault Tolerance Concept for Distributed OSGi Applications - Fabian Meyer
A Fault Tolerance Concept for Distributed OSGi Applications - Fabian Meyer
 
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...
 
Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...
Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...
Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...
 
Google, quality and you
Google, quality and youGoogle, quality and you
Google, quality and you
 
Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...
Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...
Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...
 
Unit Testing Fundamentals
Unit Testing FundamentalsUnit Testing Fundamentals
Unit Testing Fundamentals
 
Agile Mobile Testing Workshop
Agile Mobile Testing WorkshopAgile Mobile Testing Workshop
Agile Mobile Testing Workshop
 
Writting Better Software
Writting Better SoftwareWritting Better Software
Writting Better Software
 
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
 
Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...
Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...
Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...
 
TMF2014 Mobile Testing Workshop Michael Palotas
TMF2014 Mobile Testing Workshop Michael PalotasTMF2014 Mobile Testing Workshop Michael Palotas
TMF2014 Mobile Testing Workshop Michael Palotas
 
TEA Presentation V 0.3
TEA Presentation V 0.3TEA Presentation V 0.3
TEA Presentation V 0.3
 
IRJET - A Valuable and Speculative Approach to Manage the Item Testing by usi...
IRJET - A Valuable and Speculative Approach to Manage the Item Testing by usi...IRJET - A Valuable and Speculative Approach to Manage the Item Testing by usi...
IRJET - A Valuable and Speculative Approach to Manage the Item Testing by usi...
 
Introduction of Okinawa Open Laboratory and it's activities (iPOP2015)
Introduction of Okinawa Open Laboratory and it's activities (iPOP2015)Introduction of Okinawa Open Laboratory and it's activities (iPOP2015)
Introduction of Okinawa Open Laboratory and it's activities (iPOP2015)
 
UNH-IOL Software Defined Netwokring (SDN) Testing Services
UNH-IOL Software Defined Netwokring (SDN) Testing ServicesUNH-IOL Software Defined Netwokring (SDN) Testing Services
UNH-IOL Software Defined Netwokring (SDN) Testing Services
 
A Tool for Optimizing Java 8 Stream Software via Automated Refactoring
A Tool for Optimizing Java 8 Stream Software via Automated RefactoringA Tool for Optimizing Java 8 Stream Software via Automated Refactoring
A Tool for Optimizing Java 8 Stream Software via Automated Refactoring
 
ElasTest: quality for cloud native applications
ElasTest: quality for cloud native applicationsElasTest: quality for cloud native applications
ElasTest: quality for cloud native applications
 

More from Andreas Åkre Solberg

Dataporten for grunnopplæringa - Workshop September 2017
Dataporten for grunnopplæringa - Workshop September 2017Dataporten for grunnopplæringa - Workshop September 2017
Dataporten for grunnopplæringa - Workshop September 2017Andreas Åkre Solberg
 
Dataporten intro (workshop with Difi)
Dataporten intro (workshop with Difi)Dataporten intro (workshop with Difi)
Dataporten intro (workshop with Difi)Andreas Åkre Solberg
 
UNINETT Feide Connect (Feide fagdag)
UNINETT Feide Connect (Feide fagdag)UNINETT Feide Connect (Feide fagdag)
UNINETT Feide Connect (Feide fagdag)Andreas Åkre Solberg
 
Connect (UNINETT-konferansen, Tromsø)
Connect (UNINETT-konferansen, Tromsø)Connect (UNINETT-konferansen, Tromsø)
Connect (UNINETT-konferansen, Tromsø)Andreas Åkre Solberg
 
Norsk UH-sektor og økosystemer for identitet og integrasjoner i skyen
Norsk UH-sektor og økosystemer for identitet og integrasjoner i skyenNorsk UH-sektor og økosystemer for identitet og integrasjoner i skyen
Norsk UH-sektor og økosystemer for identitet og integrasjoner i skyenAndreas Åkre Solberg
 
Feide Connect – Standard Norge February 2015
Feide Connect – Standard Norge February 2015Feide Connect – Standard Norge February 2015
Feide Connect – Standard Norge February 2015Andreas Åkre Solberg
 

More from Andreas Åkre Solberg (20)

OpenID Connect Federation
OpenID Connect FederationOpenID Connect Federation
OpenID Connect Federation
 
Dataporten for grunnopplæringa - Workshop September 2017
Dataporten for grunnopplæringa - Workshop September 2017Dataporten for grunnopplæringa - Workshop September 2017
Dataporten for grunnopplæringa - Workshop September 2017
 
Dataporten Workshop
Dataporten WorkshopDataporten Workshop
Dataporten Workshop
 
Dataporten
DataportenDataporten
Dataporten
 
Dataporten for Sigma2, Hell
Dataporten for Sigma2, HellDataporten for Sigma2, Hell
Dataporten for Sigma2, Hell
 
Dataporten intro (workshop with Difi)
Dataporten intro (workshop with Difi)Dataporten intro (workshop with Difi)
Dataporten intro (workshop with Difi)
 
UNINETT Feide Connect (Feide fagdag)
UNINETT Feide Connect (Feide fagdag)UNINETT Feide Connect (Feide fagdag)
UNINETT Feide Connect (Feide fagdag)
 
Connect (UNINETT-konferansen, Tromsø)
Connect (UNINETT-konferansen, Tromsø)Connect (UNINETT-konferansen, Tromsø)
Connect (UNINETT-konferansen, Tromsø)
 
Connect (USIT)
Connect (USIT)Connect (USIT)
Connect (USIT)
 
Connect (Feide fagdag, Gardemoen)
Connect (Feide fagdag, Gardemoen)Connect (Feide fagdag, Gardemoen)
Connect (Feide fagdag, Gardemoen)
 
Norsk UH-sektor og økosystemer for identitet og integrasjoner i skyen
Norsk UH-sektor og økosystemer for identitet og integrasjoner i skyenNorsk UH-sektor og økosystemer for identitet og integrasjoner i skyen
Norsk UH-sektor og økosystemer for identitet og integrasjoner i skyen
 
Feide Connect – Standard Norge February 2015
Feide Connect – Standard Norge February 2015Feide Connect – Standard Norge February 2015
Feide Connect – Standard Norge February 2015
 
Feide Connect SUHS 2014
Feide Connect SUHS 2014Feide Connect SUHS 2014
Feide Connect SUHS 2014
 
Feide Connect (NOKIOS 2014)
Feide Connect (NOKIOS 2014)Feide Connect (NOKIOS 2014)
Feide Connect (NOKIOS 2014)
 
Feide Connect TNC2014
Feide Connect TNC2014Feide Connect TNC2014
Feide Connect TNC2014
 
Feide connect tnc2014
Feide connect tnc2014Feide connect tnc2014
Feide connect tnc2014
 
SCIM and VOOT
SCIM and VOOTSCIM and VOOT
SCIM and VOOT
 
Feide Connect (IoU Fagdag)
Feide Connect (IoU Fagdag)Feide Connect (IoU Fagdag)
Feide Connect (IoU Fagdag)
 
Feide Connect
Feide ConnectFeide Connect
Feide Connect
 
Feide Connect
Feide ConnectFeide Connect
Feide Connect
 

Recently uploaded

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 

Recently uploaded (20)

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

FedLab and OIC testing at NorduNet

  • 1. Andreas Åkre Solberg Roland Hedberg UNINETT AS Univ. Umeå Federation Lab and OpenID Connect NorduNet Conference Oslo, Norway, September 2012
  • 2. Federation Lab ✤ Identity toolkit for testing, validation and debugging of Identity Software. ✤ Automated testing tool for increasing interoperability between providers and consumers with SAML and OpenID Connect. ✤ A GÉANT project (GN3 JRA3T2) in collaboration with Kantara Initiative and the OpenID community. OpenID Testing Commercial (Kantara Intitive) <-> Research and HE (GEANT) Established (SAML) <-> Emerging (OIC) Nordic collaboration (UNINETT and umu.se) Involved in standardization A very important reference implementation
  • 3. Complex End-to-end Systems Many implementations This is a good thing! Many deployments Variying spec interpretion Really difficult Sub-set implementations to avoid this Interop issues Things stop working for end users. Who to blame? Who can fix it? ! - difficult question Things continues to not work Unhappy users We MUST avoid this, but how?
  • 4. What causes interop issues ✤ Flexibility, too many options. Sub-set implementations. ✤ Deployment options ✤ Yet to be discovered software bugs ✤ Unclear specification ✤ Poor error handling ✤ Lack of feature negotiation or limited language (metadata) of expressing supported features
  • 5. Postel’s Law «Be strict in what you send, but generous in what you receive» Postel's Law,1981, RFC793: TCP ✤ Will this increase interop? ✤ Interop issues less likely to be detected, and may easily pass matrix testing.
  • 6. Typical Matrix Testing Test 4-5 products against each other Validate that it is possible to configure the products to work with each other. Product is certified. Does not really ensure interop in an actual deployment.
  • 7. Profiling By being very excplitit on how to use the protocols, interoperability increases. saml2int
  • 8. Automated Testing of SAML and OpenID Connect This is what we did with Federation Lab An automated client, simulates one entity whiles test the other. Consumer <-> Provider Performs about 100 different test flows, and focus on discovering things that goes wrong, rather than verifying that things may work. Real time testing with detailed feedback Test each provider, and present results. for debugging.
  • 9. Federation Lab contains a set of useful debugging tools for encoding and decoding messages.
  • 10. Automated testing of SAML Service Providers performs approx 80 test runs with various legal and illegal message flows to verify behaviour of software.
  • 11. Automated testing of OpenID Connect Providers tests providers, and involves an innovative engine for working with human user interaction with login screens.
  • 12. OpenID Connect Roland Hedberg Univ. Umeå
  • 13. How to find the ‘key’?
  • 14. Different solutions • SAML • Metadata • OpenID Connect • Dynamic discovery and registration
  • 15. Flow differencies IdP AS 4 5 3 3 2 4 UA 6 OP UA 2 1 7 1 9 8 SP RP SAML OpenID Connect
  • 16. Returning attributes • SAML • Static • Response contains 1-n assertions • OIC • Dynamic • Aggregated/distributed claims
  • 17. Thanks for listening. Federation Lab (beta) http://openidtest.uninett.no

Editor's Notes

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n