Certification Testing

May 9th 2025

At EIC, Joseph Heenan, Alex Olivier, and David B met to discuss OpenID certification.

OpenID maintains a conformance suite project that each WG can contribute tests to.

The certification team writes tests in Java to conform to what needs to be tested within a given spec.

In the case of OpenID AuthZEN 1.0, we want to test:

1. The evaluation API
2. The evaluations API
3. The Subject Search API
4. The Resource Search API
5. The Action Search API
6. The Discovery API

We need to test structurally:

• A valid AuthZEN request will always yield an HTTP 200 from the AuthZ Service.
• An invalid AuthZEN request will always yield an HTTP 400 from the AuthZ Service.
• Search API responses are unordered
• The schema of the discovery API endpoint

We then need to test scenario use cases. We should agree whether to use a single use case across all runtime APIs or reuse the Todo use case for the binary APIs and the records use case for the Search APIs.

We need a standard place where the use cases are defined alongside the test runner so that the certification team can point to it.

The WG is welcome to support the certification in writing the tests.

From a technical standpoint, the tests will 'merely' POST an AuthZEN request payload, receive a response, and compare it with the expected.

Next steps

1. Define the tests in the certification framework as we move the spec to final
2. Joseph will check what the team's workload is

Process

1. During the summer, define the conformance tests and plan certification
2. Wrap up the spec by late summer/fall
3. Get 3 vendors/frameworks to dry-run the tests before they're officially released
4. The WG approves the certification
5. Release the certification. Vendors can certify. There are 2 prices (members and non-members).
6. PR material (announcements)

Recording

This meeting was recorded on AuthZEN's Zoom on May 9th 2025.