Easy Testing On Ruby Openid Consumers

2,371 views

Published on

A presentation about how to do easy testing on OpenID Consumer, using a gem called rots. more info at http://github.com/roman/rots

Published in: Technology
  • Be the first to comment

Easy Testing On Ruby Openid Consumers

  1. 1. Easy Testing on Ruby OpenID Consumer Implementations by Roman Gonzalez. Tuesday 24 March 2009
  2. 2. Presentation Highlights • What is OpenID? • URL’s as our identity credentials • OpenID Terminology • The OpenID authentication process explained • How to implement RP’s Ruby Tuesday 24 March 2009
  3. 3. Presentation Highlights • Testing OpenID RP’s • Demo (Rails, Merb) • Q&A’s Tuesday 24 March 2009
  4. 4. What is OpenID? • A protocol that promotes the use of a single digital identity (Single Sign On) • Decentralized • Simple and light-weight (no high security stuff) • Built upon Web technologies (HTTP, DNS) Tuesday 24 March 2009
  5. 5. URL’s are our credentials • Most of people already have an URL to represent their identity (Facebook, Twitter) • They are globally unique and ubiquitous Tuesday 24 March 2009
  6. 6. OpenID Terminology • Actors • Identifier (URL of the user) • User-Agent (normally a Web Browser) • Relying Party (RP) • OpenID Provider (OP) Tuesday 24 March 2009
  7. 7. OpenID Terminology • Direct Messages • HTTP POST requests from RP’s to OP’s • Used for interchange of public keys Tuesday 24 March 2009
  8. 8. OpenID Terminology • Indirect Messages • HTTP Redirects from RP’s to OP’s and back • Used for the authentication process Tuesday 24 March 2009
  9. 9. OpenID Authentication Step 1. Discovery Tuesday 24 March 2009
  10. 10. OpenID Authentication Step 1. Discovery HTTP GET Tuesday 24 March 2009
  11. 11. OpenID Authentication Step 1. Discovery Tuesday 24 March 2009
  12. 12. OpenID Authentication Step 1. Discovery Tuesday 24 March 2009
  13. 13. OpenID Authentication Step 1. Discovery Tuesday 24 March 2009
  14. 14. OpenID Authentication Step 2. Association Tuesday 24 March 2009
  15. 15. OpenID Authentication Step 2. Association HTTP POST Exchange of public keys Tuesday 24 March 2009
  16. 16. OpenID Authentication Step 3. Give credentials to OP Tuesday 24 March 2009
  17. 17. OpenID Authentication Step 4. Choose which info to give to the RP Tuesday 24 March 2009
  18. 18. OpenID Authentication Step 5. You are _authenticated_ Tuesday 24 March 2009
  19. 19. Implementing OpenID RP’s in Ruby • Ruby On Rails: open_id_authentication by rails at http://github.com • Merb: hassox’s merb-auth gem, using the OpenID strategy • Rack: Using the auth/openid Rack app included in the gem Tuesday 24 March 2009
  20. 20. Testing OpenID RP’s • How do we make test on it? • First naive approach: mocking/stubbing the ruby- openid gem • Why it is so hard to test? • Multiple types of communication between the RP and the OP • The existing OP’s need human interaction Tuesday 24 March 2009
  21. 21. Introducing ROTS (Ruby OpenID Test Server) • It provides an “easy” interface for automated testing • It uses an OP test servers (provided on the gem) and a test API Tuesday 24 March 2009
  22. 22. DEMO Tuesday 24 March 2009
  23. 23. Final Thoughts • ROTS is _not_ a silver bullet • OpenID is not perfect, and it is not trying to be Tuesday 24 March 2009
  24. 24. Resources • http://openidexplained.com • http://github.com/rails/open_id_auth • http://github.com/roman/rots • http://test-id.net Tuesday 24 March 2009
  25. 25. Q&A’s Tuesday 24 March 2009
  26. 26. Thanks... Contact Me Follow: http://twitter/romanandreg Read: http://blog.romanandreg.com Tuesday 24 March 2009

×