summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/webrtc/coverage/identity.txt
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/webrtc/coverage/identity.txt')
-rw-r--r--testing/web-platform/tests/webrtc/coverage/identity.txt220
1 files changed, 220 insertions, 0 deletions
diff --git a/testing/web-platform/tests/webrtc/coverage/identity.txt b/testing/web-platform/tests/webrtc/coverage/identity.txt
new file mode 100644
index 0000000000..0d1bcca7ed
--- /dev/null
+++ b/testing/web-platform/tests/webrtc/coverage/identity.txt
@@ -0,0 +1,220 @@
+Coverage is based on the following editor draft:
+https://w3c.github.io/webrtc-pc/archives/20170605/webrtc.html
+
+9.3 Requesting Identity Assertions
+
+ [Trivial]
+ The identity assertion request process is triggered by a call to createOffer,
+ createAnswer, or getIdentityAssertion. When these calls are invoked and an
+ identity provider has been set, the following steps are executed:
+
+ [RTCPeerConnection-getIdentityAssertion]
+ 1. The RTCPeerConnection instantiates an IdP as described in Identity Provider
+ Selection and Registering an IdP Proxy. If the IdP cannot be loaded, instantiated,
+ or the IdP proxy is not registered, this process fails.
+
+ [RTCPeerConnection-getIdentityAssertion]
+ 2. The RTCPeerConnection invokes the generateAssertion method on the
+ RTCIdentityProvider methods registered by the IdP.
+
+ [RTCPeerConnection-getIdentityAssertion]
+ The RTCPeerConnection generates the contents parameter to this method as
+ described in [RTCWEB-SECURITY-ARCH]. The value of contents includes the
+ fingerprint of the certificate that was selected or generated during the
+ construction of the RTCPeerConnection. The origin parameter contains the
+ origin of the script that calls the RTCPeerConnection method that triggers
+ this behavior. The usernameHint value is the same value that is provided
+ to setIdentityProvider, if any such value was provided.
+
+ [RTCPeerConnection-getIdentityAssertion]
+ 3. The IdP proxy returns a Promise to the RTCPeerConnection. The IdP proxy is
+ expected to generate the identity assertion asynchronously.
+
+ [RTCPeerConnection-getIdentityAssertion]
+ If the user has been authenticated by the IdP, and the IdP is able to generate
+ an identity assertion, the IdP resolves the promise with an identity assertion
+ in the form of an RTCIdentityAssertionResult .
+
+ [RTCPeerConnection-getIdentityAssertion]
+ This step depends entirely on the IdP. The methods by which an IdP authenticates
+ users or generates assertions is not specified, though they could involve
+ interacting with the IdP server or other servers.
+
+ [RTCPeerConnection-getIdentityAssertion]
+ 4. If the IdP proxy produces an error or returns a promise that does not resolve
+ to a valid RTCIdentityValidationResult (see 9.5 IdP Error Handling), then
+ identity validation fails.
+
+ [Untestable]
+ 5. The RTCPeerConnection MAY store the identity assertion for use with future
+ offers or answers. If a fresh identity assertion is needed for any reason,
+ applications can create a new RTCPeerConnection.
+
+ [RTCPeerConnection-getIdentityAssertion]
+ 6. If the identity request was triggered by a createOffer() or createAnswer(),
+ then the assertion is converted to a JSON string, base64-encoded and inserted
+ into an a=identity attribute in the session description.
+
+ [RTCPeerConnection-getIdentityAssertion]
+ If assertion generation fails, then the promise for the corresponding function call
+ is rejected with a newly created OperationError.
+
+9.3.1 User Login Procedure
+ [RTCPeerConnection-getIdentityAssertion]
+ An IdP MAY reject an attempt to generate an identity assertion if it is unable to
+ verify that a user is authenticated. This might be due to the IdP not having the
+ necessary authentication information available to it (such as cookies).
+
+ [RTCPeerConnection-getIdentityAssertion]
+ Rejecting the promise returned by generateAssertion will cause the error to propagate
+ to the application. Login errors are indicated by rejecting the promise with an RTCError
+ with errorDetail set to "idp-need-login".
+
+ [RTCPeerConnection-getIdentityAssertion]
+ The URL to login at will be passed to the application in the idpLoginUrl attribute of
+ the RTCPeerConnection.
+
+ [Out of Scope]
+ An application can load the login URL in an IFRAME or popup window; the resulting page
+ then SHOULD provide the user with an opportunity to enter any information necessary to
+ complete the authorization process.
+
+ [Out of Scope]
+ Once the authorization process is complete, the page loaded in the IFRAME or popup sends
+ a message using postMessage [webmessaging] to the page that loaded it (through the
+ window.opener attribute for popups, or through window.parent for pages loaded in an IFRAME).
+ The message MUST consist of the DOMString "LOGINDONE". This message informs the application
+ that another attempt at generating an identity assertion is likely to be successful.
+
+9.4. Verifying Identity Assertions
+ The identity assertion request process involves the following asynchronous steps:
+
+ [TODO]
+ 1. The RTCPeerConnection awaits any prior identity validation. Only one identity
+ validation can run at a time for an RTCPeerConnection. This can happen because
+ the resolution of setRemoteDescription is not blocked by identity validation
+ unless there is a target peer identity.
+
+ [RTCPeerConnection-peerIdentity]
+ 2. The RTCPeerConnection loads the identity assertion from the session description
+ and decodes the base64 value, then parses the resulting JSON. The idp parameter
+ of the resulting dictionary contains a domain and an optional protocol value
+ that identifies the IdP, as described in [RTCWEB-SECURITY-ARCH].
+
+ [RTCPeerConnection-peerIdentity]
+ 3. The RTCPeerConnection instantiates the identified IdP as described in 9.1.1
+ Identity Provider Selection and 9.2 Registering an IdP Proxy. If the IdP
+ cannot be loaded, instantiated or the IdP proxy is not registered, this
+ process fails.
+
+ [RTCPeerConnection-peerIdentity]
+ 4. The RTCPeerConnection invokes the validateAssertion method registered by the IdP.
+
+ [RTCPeerConnection-peerIdentity]
+ The assertion parameter is taken from the decoded identity assertion. The origin
+ parameter contains the origin of the script that calls the RTCPeerConnection
+ method that triggers this behavior.
+
+ [RTCPeerConnection-peerIdentity]
+ 5. The IdP proxy returns a promise and performs the validation process asynchronously.
+
+ [Out of Scope]
+ The IdP proxy verifies the identity assertion using whatever means necessary.
+ Depending on the authentication protocol this could involve interacting with the
+ IdP server.
+
+ [RTCPeerConnection-peerIdentity]
+ 6. If the IdP proxy produces an error or returns a promise that does not resolve
+ to a valid RTCIdentityValidationResult (see 9.5 IdP Error Handling), then
+ identity validation fails.
+
+ [RTCPeerConnection-peerIdentity]
+ 7. Once the assertion is successfully verified, the IdP proxy resolves the promise
+ with an RTCIdentityValidationResult containing the validated identity and the
+ original contents that are the payload of the assertion.
+
+ [RTCPeerConnection-peerIdentity]
+ 8. The RTCPeerConnection decodes the contents and validates that it contains a
+ fingerprint value for every a=fingerprint attribute in the session description.
+ This ensures that the certificate used by the remote peer for communications
+ is covered by the identity assertion.
+
+ [RTCPeerConnection-peerIdentity]
+ 9. The RTCPeerConnection validates that the domain portion of the identity matches
+ the domain of the IdP as described in [RTCWEB-SECURITY-ARCH]. If this check fails
+ then the identity validation fails.
+
+ [RTCPeerConnection-peerIdentity]
+ 10. The RTCPeerConnection resolves the peerIdentity attribute with a new instance
+ of RTCIdentityAssertion that includes the IdP domain and peer identity.
+
+ [Out of Scope]
+ 11. The user agent MAY display identity information to a user in its UI. Any user
+ identity information that is displayed in this fashion MUST use a mechanism that
+ cannot be spoofed by content.
+
+ [RTCPeerConnection-peerIdentity]
+ If identity validation fails, the peerIdentity promise is rejected with a newly
+ created OperationError.
+
+ [RTCPeerConnection-peerIdentity]
+ If identity validation fails and there is a target peer identity for the
+ RTCPeerConnection, the promise returned by setRemoteDescription MUST be rejected
+ with the same DOMException.
+
+9.5. IdP Error Handling
+ [RTCPeerConnection-getIdentityAssertion]
+ - A RTCPeerConnection might be configured with an identity provider, but loading of
+ the IdP URI fails. Any procedure that attempts to invoke such an identity provider
+ and cannot load the URI fails with an RTCError with errorDetail set to
+ "idp-load-failure" and the httpRequestStatusCode attribute of the error set to the
+ HTTP status code of the response.
+
+ [Untestable]
+ - If the IdP loads fails due to the TLS certificate used for the HTTPS connection not
+ being trusted, it fails with an RTCError with errorDetail set to "idp-tls-failure".
+ This typically happens when the IdP uses certificate pinning and an intermediary
+ such as an enterprise firewall has intercepted the TLS connection.
+
+ [RTCPeerConnection-getIdentityAssertion]
+ - If the script loaded from the identity provider is not valid JavaScript or does not
+ implement the correct interfaces, it causes an IdP failure with an RTCError with
+ errorDetail set to "idp-bad-script-failure".
+
+ [TODO]
+ - An apparently valid identity provider might fail in several ways.
+
+ If the IdP token has expired, then the IdP MUST fail with an RTCError with
+ errorDetail set to "idp-token-expired".
+
+ If the IdP token is not valid, then the IdP MUST fail with an RTCError with
+ errorDetail set to "idp-token-invalid".
+
+ [Untestable]
+ - The user agent SHOULD limit the time that it allows for an IdP to 15 seconds.
+ This includes both the loading of the IdP proxy and the identity assertion
+ generation or validation. Failure to do so potentially causes the corresponding
+ operation to take an indefinite amount of time. This timer can be cancelled when
+ the IdP proxy produces a response. Expiration of this timer cases an IdP failure
+ with an RTCError with errorDetail set to "idp-timeout".
+
+ [RTCPeerConnection-getIdentityAssertion]
+ - If the identity provider requires the user to login, the operation will fail
+ RTCError with errorDetail set to "idp-need-login" and the idpLoginUrl attribute
+ of the error set to the URL that can be used to login.
+
+ [RTCPeerConnection-peerIdentity]
+ - Even when the IdP proxy produces a positive result, the procedure that uses this
+ information might still fail. Additional validation of a RTCIdentityValidationResult
+ value is still necessary. The procedure for validation of identity assertions
+ describes additional steps that are required to successfully validate the output
+ of the IdP proxy.
+
+
+Coverage Report
+
+ Tested 29
+ Not Tested 2
+ Untestable 4
+
+ Total 35