Tests
Identity Signal
see also: 2008-08-20 meeting minutes
Identity 6.1.1 Identity Signal
- Observe whether identity signal is present, in primary or secondary UI, consistently reachable, is in consistent place
- Observe identity signal when identity information from untrusted source is presented, including URI. Enumerate conditions?
- Observe identity signal (including consistent position and consistent presentation) when interacting with different classes of web sites:
- plain http
- https with DV cert
- https with EV cert
- https with self-signed cert
- exercise TLS error conditions that permit display of page; see test cases there.
- [add material about "positive form of identity" once clarified]
- [last clause is forward reference to 7.4.1, deal with it there]
6.1.2 Identity Signal Content
Visit site unprotected page :
- Is information from untrusted source displayed to user in identity signal, if yes, noncompliant on 6.1.2 A,B
- Is any logotype rendered? if yes noncompliant on 6.1.2 B
Visit page that is secured using SSL/TLS with validated but not augmented certificate:
- Is information from untrusted source displayed to user in identity signal, if yes, noncompliant on 6.1.2 A,B
- Does identity signal contain human-readable information about the certificate subject or a petname?
- Does the identity signal include information that includes the issuer organization field, if no noncompliant on 6.1.2 H
- Is any logotype rendered? if yes noncompliant on 6.1.2 I (SHOULD)
- Does identity signal include a petname or applicable DNS name as specified, if no, noncompliant with 6.1.2 G
Visit page that is secured using SSL/TLS with augmented certificate:
- Is information from untrusted source displayed to user in identity signal, if yes, noncompliant on 6.1.2 A,B
- Does the identity signal include information that includes the issuer organization field, if no noncompliant on 6.1.2 H
- Does identity signal include a petname, human readable information about the certificate subject retreived from augmented certificate or applicable DNS name as specified, if no, noncompliant with 6.1.2 G
Visit page with mixed content, Examine identity signal:
- Is information from untrusted source displayed to user in identity signal, if yes, noncompliant on 6.1.2 A,B
- Does identity signal present positive indicata that exceed those for unprotected page? if yes noncompliant on 6.1.2 J
- Is any logotype rendered? if yes noncompliant on 6.1.2 L
If support for Petname is claimed:
- Visit page that is secured using SSL/TLS for which petname is defined
- Is petname displayed? If not, noncompliant opn 6.1.2 C
- Visit page that is secured using SSL/TLS for which petname is not defined
- Is petname displayed? If yes, noncompliant on 6.1.2 C
- use test cases for 6.2 to exercise; verify whether they exercise the necessary states
TLS secured web page |
Strongly protected |
AA cert |
all dependent validated |
cert subj |
pet name |