WEKO3
アイテム
Developing the Flexible Conformance Test Execution Platform for OAuth 2.0-based Security Profiles
https://ipsj.ixsq.nii.ac.jp/records/242318
https://ipsj.ixsq.nii.ac.jp/records/2423180997caa0-f4e7-49e8-8d7e-8edc1cc228eb
名前 / ファイル | ライセンス | アクション |
---|---|---|
![]() |
Copyright (c) 2025 by the Information Processing Society of Japan
|
|
オープンアクセス |
Item type | Trans(1) | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
公開日 | 2025-01-15 | |||||||||||
タイトル | ||||||||||||
タイトル | Developing the Flexible Conformance Test Execution Platform for OAuth 2.0-based Security Profiles | |||||||||||
タイトル | ||||||||||||
言語 | en | |||||||||||
タイトル | Developing the Flexible Conformance Test Execution Platform for OAuth 2.0-based Security Profiles | |||||||||||
言語 | ||||||||||||
言語 | eng | |||||||||||
キーワード | ||||||||||||
主題Scheme | Other | |||||||||||
主題 | [一般投稿論文] conformance test, security profile, OAuth 2.0, Financial-grade API (FAPI), Keycloak | |||||||||||
資源タイプ | ||||||||||||
資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||||||
資源タイプ | journal article | |||||||||||
著者所属 | ||||||||||||
Hitachi, Ltd./Graduate School of Natural Science and Technology, Okayama University | ||||||||||||
著者所属 | ||||||||||||
Hitachi, Ltd. | ||||||||||||
著者所属 | ||||||||||||
Faculty of Environmental, Life, Natural Science and Technology, Okayama University | ||||||||||||
著者所属(英) | ||||||||||||
en | ||||||||||||
Hitachi, Ltd. / Graduate School of Natural Science and Technology, Okayama University | ||||||||||||
著者所属(英) | ||||||||||||
en | ||||||||||||
Hitachi, Ltd. | ||||||||||||
著者所属(英) | ||||||||||||
en | ||||||||||||
Faculty of Environmental, Life, Natural Science and Technology, Okayama University | ||||||||||||
著者名 |
Takashi, Norimatsu
× Takashi, Norimatsu
× Yuichi, Nakamura
× Toshihiro, Yamauchi
|
|||||||||||
著者名(英) |
Takashi, Norimatsu
× Takashi, Norimatsu
× Yuichi, Nakamura
× Toshihiro, Yamauchi
|
|||||||||||
論文抄録 | ||||||||||||
内容記述タイプ | Other | |||||||||||
内容記述 | Developers of OAuth 2.0's authorization server or OpenID Connect 1.0's OpenID provider software that support multiple OAuth 2.0-based security profiles need their products to pass conformance tests provided by the OpenID Foundation. However, they usually encounter several challenges. Specifically, they require extensive man-hours to create programs other than the product targeted for the conformance tests, provide support for execution of a new conformance test if required by a new security profile, and execute multiple conformance tests. Together with the Open-source Software community OAuth Special Interest Group, we developed a conformance test execution platform to resolve these issues, using Keycloak as the target for conformance tests. We evaluated the platform and confirmed that it resolves these issues. Using the platform, we executed conformance tests of the Financial-grade API (FAPI) and Open Banking security profiles to Keycloak and confirmed that Keycloak passed the conformance tests of these security profiles. This implies that Keycloak complies with their specifications. We confirmed by the evaluation of the platform that automating execution of a conformance test reduced its completion time by 56.8%, parallelizing execution of nine conformance tests reduced its completion time by 62.4% and lines of code of programs the developer needs to write was reduced by 85.7% by the platform. Finally, we published the platform on the GitHub repository for public use. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.33(2025) (online) ------------------------------ |
|||||||||||
論文抄録(英) | ||||||||||||
内容記述タイプ | Other | |||||||||||
内容記述 | Developers of OAuth 2.0's authorization server or OpenID Connect 1.0's OpenID provider software that support multiple OAuth 2.0-based security profiles need their products to pass conformance tests provided by the OpenID Foundation. However, they usually encounter several challenges. Specifically, they require extensive man-hours to create programs other than the product targeted for the conformance tests, provide support for execution of a new conformance test if required by a new security profile, and execute multiple conformance tests. Together with the Open-source Software community OAuth Special Interest Group, we developed a conformance test execution platform to resolve these issues, using Keycloak as the target for conformance tests. We evaluated the platform and confirmed that it resolves these issues. Using the platform, we executed conformance tests of the Financial-grade API (FAPI) and Open Banking security profiles to Keycloak and confirmed that Keycloak passed the conformance tests of these security profiles. This implies that Keycloak complies with their specifications. We confirmed by the evaluation of the platform that automating execution of a conformance test reduced its completion time by 56.8%, parallelizing execution of nine conformance tests reduced its completion time by 62.4% and lines of code of programs the developer needs to write was reduced by 85.7% by the platform. Finally, we published the platform on the GitHub repository for public use. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.33(2025) (online) ------------------------------ |
|||||||||||
書誌レコードID | ||||||||||||
収録物識別子タイプ | NCID | |||||||||||
収録物識別子 | AA12894091 | |||||||||||
書誌情報 |
情報処理学会論文誌デジタルプラクティス(TDP) 巻 6, 号 1, 発行日 2025-01-15 |
|||||||||||
ISSN | ||||||||||||
収録物識別子タイプ | ISSN | |||||||||||
収録物識別子 | 2435-6484 | |||||||||||
出版者 | ||||||||||||
言語 | ja | |||||||||||
出版者 | 情報処理学会 |