Confirmed users
651
edits
Security/QA/TestPlans/Web Authentication: Difference between revisions
Jump to navigation
Jump to search
m
Security/QA/TestPlans/Web Authentication (view source)
Revision as of 21:53, 27 September 2017
, 27 September 2017Updated list of items
Mwobensmith (talk | contribs) m (→Ownership) |
Mwobensmith (talk | contribs) m (Updated list of items) |
||
| Line 56: | Line 56: | ||
== Scope of Testing == | == Scope of Testing == | ||
=== In Scope === | === In Scope === | ||
* Web Authentication, as well as U2F | * Web Authentication, as well as some U2F. | ||
* All JS APIs | * All JS APIs. | ||
* Fuzzing wherever possible | * Fuzzing wherever possible. | ||
* A range of scenario tests that mirror user interaction, including boundary and error cases | * A range of scenario tests that mirror user interaction, including boundary and error cases. | ||
* Some USB hardware, including Yubico keys and a few others given to us. | |||
=== Out of Scope === | === Out of Scope === | ||
* Yubico has provided us with some USB keys to test with, but the full range of keys plus hardware is not something we have available to us. | * Software token is unsupported, for now. | ||
* Yubico has provided us with some USB keys to test with, but the full range of keys plus hardware is not something we have available to us. | |||
* Other hardware vendors will need to certify their products on Firefox, as we cannot guarantee coverage on all third party USB tokens. | |||
* This feature is not currently supported on Fennec. | * This feature is not currently supported on Fennec. | ||
* We will not be shipping U2F on by default, therefore it will not be receiving the full set of tests that WebAuthN has. If that changes, we can easily apply existing WebAuthN test cases to U2F. | |||
= Requirements for testing = | = Requirements for testing = | ||