Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add security consideration on incomplete or incorrect implementation of the specification #373

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

add security consideration on incomplete or incorrect implementation of the specification #373

wants to merge 1 commit into from

Conversation

Sakurann
Copy link
Collaborator

there have been requests to mention conformance tests in the specification to make them more visible.

Modeling this PR after https://openid.net/specs/openid-financial-api-part-2-1_0.html#incomplete-or-incorrect-implementations-of-the-specifications

resolves #366.

paulbastian
paulbastian reviewed Jan 9, 2025
View reviewed changes
openid-4-verifiable-presentations-1_0.md
@@ -1614,6 +1614,14 @@ Implementations MUST follow [@!BCP195].

Whenever TLS is used, a TLS server certificate check MUST be performed, per [@!RFC6125].

## Incomplete or Incorrect Implementation of the Specifications and Conformance Testing

To achieve the full security benefits, it is important the implementation of this specification, and the underlying specifications, are both complete and correct.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
To achieve the full security benefits, it is important the implementation of this specification, and the underlying specifications, are both complete and correct.
To achieve the full security benefits, it is important that the implementation of this specification, and the underlying specifications, are both complete and correct.

c2bo
c2bo approved these changes Jan 10, 2025
View reviewed changes
openid-4-verifiable-presentations-1_0.md
@@ -1614,6 +1614,14 @@ Implementations MUST follow [@!BCP195].

Whenever TLS is used, a TLS server certificate check MUST be performed, per [@!RFC6125].

## Incomplete or Incorrect Implementation of the Specifications and Conformance Testing
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
## Incomplete or Incorrect Implementation of the Specifications and Conformance Testing
## Incomplete or Incorrect Implementations of the Specifications and Conformance Testing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paulbastian paulbastian paulbastian approved these changes

@c2bo c2bo c2bo approved these changes

@jogu jogu jogu approved these changes

@danielfett danielfett Awaiting requested review from danielfett

@tlodderstedt tlodderstedt Awaiting requested review from tlodderstedt

@selfissued selfissued Awaiting requested review from selfissued

@tplooker tplooker Awaiting requested review from tplooker

@awoie awoie Awaiting requested review from awoie

@bc-pi bc-pi Awaiting requested review from bc-pi

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

add explainer how to do conformance testing
4 participants
@Sakurann @jogu @c2bo @paulbastian