Skip to main content
Inferno on HealthIT.gov is for demonstration only. Not for use with is not for use with sensitive data or Protected Health Information (PHI). Data periodically removed.

UDAP Security Test Kit

Test Kit Version: 0.10.1
Maturity: Low
UDAP

The UDAP Security Test Kit is a collection of tests for the Security for Scalable Registration, Authentication, and Authorization IG.

Status

These tests are a DRAFT intended to allow UDAP implementers to perform preliminary checks of their implementations. Future versions of these tests may validate other requirements and may change how these are tested.

At this time, the test kit only supports testing server conformance to STU 1.0 of the HL7 UDAP IG, specifically requirements from the following sections:

Tiered OAuth for User Authentication is not a required capability and is not assessed.

This test kit also does not assess any client-side requirements.

Certificate Setup for Running Tests

Running UDAP Dynamic Client Registration and Authorization tests requires the use of X.509 certificates that are trusted by the authorization server under test. There are two categories of certificates for this test kit:

  • Client certificates: represent the logical instance of a UDAP client interfacing with the authorization server. This test kit supports multiple logical clients, and a new logical client is needed for each instance of testing Dynamic Client Registration.
  • Signing certificate: the certificate used to issue and sign the client certificates.

Testers must provide their own client certificate(s) via the test inputs.

In order for tests to pass, register your own signing certificate as a trust anchor with the authorization server under tests.

Reporting Issues

Please report any issues with this set of tests in the GitHub Issues section of the open-source code repository.

Start Testing

Create Test Session
Your Recent Sessions

    No recent test sessions have been run from this browser.

    If you run tests using Inferno on HealthIT.gov, links to the 5 most recent test sessions will be shown here.