incubator-clerezza-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reto Bachmann-Gmür (JIRA) <j...@apache.org>
Subject [jira] [Commented] (CLEREZZA-479) WebID test suite
Date Tue, 10 May 2011 13:20:47 GMT

    [ https://issues.apache.org/jira/browse/CLEREZZA-479?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13031180#comment-13031180
] 

Reto Bachmann-Gmür commented on CLEREZZA-479:
---------------------------------------------

There seems to be a major security issue here: if the webid cannot be dereference a new user
can still log in and rights can be granted to this user, anybody can now login and claim this
webid and impersonate that user, no certificate validation occurs. Please roll back this changes
asap.

> WebID test suite
> ----------------
>
>                 Key: CLEREZZA-479
>                 URL: https://issues.apache.org/jira/browse/CLEREZZA-479
>             Project: Clerezza
>          Issue Type: New Feature
>            Reporter: Henry Story
>
> We need a test suite to be able to help work out where WebID authentication fails. This
can be useful in a number of ways:
>    1. for helping developers and end users work out where a problem lies
>    2. to build test suites to test the local webid implementations. 
> For 2 the result should be marked up so as to show what tests succeeded and where the
error occurred using an ontology to be specified on the w3c webid working group. This will
then allow other robot services to be created which can the send requests, broken or valid,
and check if the results are correct. 

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message