{"id":24752026,"url":"https://github.com/inferno-framework/udap-security-test-kit","last_synced_at":"2025-10-10T22:32:24.812Z","repository":{"id":252996001,"uuid":"835856069","full_name":"inferno-framework/udap-security-test-kit","owner":"inferno-framework","description":"Conformance Testing for the Security for Scalable Registration, Authentication, and Authorization IG","archived":false,"fork":false,"pushed_at":"2025-07-29T14:08:37.000Z","size":669,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-08-01T11:54:24.602Z","etag":null,"topics":["inferno","udap"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/inferno-framework.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-07-30T17:02:31.000Z","updated_at":"2025-07-29T14:08:42.000Z","dependencies_parsed_at":"2024-08-13T22:14:11.276Z","dependency_job_id":"8c845376-50c3-47d2-84f6-ae97d019d102","html_url":"https://github.com/inferno-framework/udap-security-test-kit","commit_stats":null,"previous_names":["inferno-framework/udap-security-test-kit"],"tags_count":14,"template":false,"template_full_name":null,"purl":"pkg:github/inferno-framework/udap-security-test-kit","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/inferno-framework%2Fudap-security-test-kit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/inferno-framework%2Fudap-security-test-kit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/inferno-framework%2Fudap-security-test-kit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/inferno-framework%2Fudap-security-test-kit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/inferno-framework","download_url":"https://codeload.github.com/inferno-framework/udap-security-test-kit/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/inferno-framework%2Fudap-security-test-kit/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279002303,"owners_count":26083342,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-09T02:00:07.460Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["inferno","udap"],"created_at":"2025-01-28T10:34:30.234Z","updated_at":"2025-10-10T22:32:24.442Z","avatar_url":"https://github.com/inferno-framework.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Inferno UDAP Security IG Test Kit \n\nThis is a collection of tests to verify server conformance to the [HL7 UDAP Security\nSTU 1.0 IG](https://hl7.org/fhir/us/udap-security/STU1/index.html). \nSpecifically, this test\nkit assesses the required capabilities from the following sections:\n- [JSON Web Token (JWT) Requirements](https://hl7.org/fhir/us/udap-security/STU1/index.html)\n- [Discovery](https://hl7.org/fhir/us/udap-security/STU1/discovery.html)\n- [Dynamic Client Registration](https://hl7.org/fhir/us/udap-security/STU1/registration.html)\n- [Consumer-Facing Authorization \u0026 Authentication](https://hl7.org/fhir/us/udap-security/STU1/consumer.html)\n- [Business-to-Business (B2B) Authorization \u0026 Authentication](https://hl7.org/fhir/us/udap-security/STU1/b2b.html)\n\n[Tiered OAuth for User\nAuthentication](https://hl7.org/fhir/us/udap-security/STU1/user.html) is not a\nrequired capability and is not assessed. \nThis test kit also does not assess client conformance.\n\n## Instructions\n\n- Clone this repo.\n- Run `setup.sh` in this repo\n- Run `run.sh` in this repo.\n- Navigate to `http://localhost`. The UDAP test suite will be available.\n- Prior to running Dynamic Client Registration tests or Authorization tests, the\n  authorization server under test MUST be configured to trust the signing\n  certificate that issues and signs the client certificates. See the following\n  section for more details. \n\n### Certificate Setup for Running Tests\n\nRunning UDAP Dynamic Client Registration and Authorization tests requires the\nuse of X.509 certificates that are trusted by the authorization server under\ntest.  There are two categories of certificates for this test kit:\n- Client certificates: represent the logical instance of a UDAP client interfacing\n  with the authorization server.  This test\n  kit supports multiple logical clients, and a new logical client is needed for each instance of\n  testing Dynamic Client Registration. \n- Signing certificate: the certificate used to issue and sign the client\n  certificates.\n\nTesters must provide their own client certificate(s) via the\ntest inputs.  Currently, the certificates available in `lib/udap_security_test_kit/certs`\nare for unit testing only.\n\nIn order for tests to pass, register your own signing certificate as a trust anchor with\nthe authorization server under tests. \n\n\n## License\n\nLicensed under the Apache License, Version 2.0 (the \"License\"); you may not use\nthis file except in compliance with the License. You may obtain a copy of the\nLicense at\n```\nhttp://www.apache.org/licenses/LICENSE-2.0\n```\nUnless required by applicable law or agreed to in writing, software distributed\nunder the License is distributed on an \"AS IS\" BASIS, WITHOUT WARRANTIES OR\nCONDITIONS OF ANY KIND, either express or implied. See the License for the\nspecific language governing permissions and limitations under the License.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finferno-framework%2Fudap-security-test-kit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Finferno-framework%2Fudap-security-test-kit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finferno-framework%2Fudap-security-test-kit/lists"}