Massachusetts Institute of Technology Touchstone Performance Test Plan  

Abstract

This test plan is intended to prescribe the scope, approach, types of performance testing, resources and high-level schedule of the testing activities to be performed in the Touchstone project.  This plan will identify the use cases, data, and related systems to be included in the testing process.

1.0 Document identifiers

1.1 References

The following documents were used as sources of information for this test plan:

• Questcon Technologies, The Questcon Test Management Methodology; 01/07/2005; (Test Management Methodology Release 4.0.doc).
• Questcon Technologies, MIT SOW Testing Touchstone; 04/04/2007; (MIT SOW Testing April 07.doc).

2.0 INTRODUCTION

2.1 Purpose

The objective of this test plan is to outline the performance testing effort to be undertaken for the Touchstone project.

2.1.1 Project Description

MIT Touchstone is a new suite of technologies for authenticating a variety of web applications, being introduced by IS&T. MIT Touchstone does provide a single sign-on solution for applications that have been coded and configured to use the system. Within the context of Touchstone enabled applications, users will be able to seamlessly transition between systems without being prompted for additional authentication information.
The intended audience of this document includes all IT personnel involved in the development, testing, and support of Touchstone.

2.1.2 Project Technologies

MIT Touchstone utilizes/integrates with the following technologies:

• Stanford's WebAuth
• Internet 2's Shibboleth
• SAML (the Security Assertion Markup Language)
• A new account management system for some users outside of the traditional MIT community
• HTTP/S (extensive redirects)
• SSL
• MIT X.509 certificates
• Kerberos (via the HTTP/SPNEGO protocol)
• TLS
• OpenID
• Web Services
• MySQL (including replication)
• Apache
• Tomcat
• IDP High Availability Package
• LDAP
• KDC
• DNS load balancing

2.2 Scope

2.2.1 Items To Be Tested

Each of the following business processes (user flows) will be tested under load:

• CAMS Account Creation
• CAMS Account Authentication
• CAMS Account Association (OpenID)
• Authenticated Kerberos user access
• Kerberos user id and password authentication
• Authenticated OpenID user access

2.2.2 Items Not To Be Tested

The following modules and types of tests are considered to be outside the scope of this test effort and will not be tested by Questcon:

• MIT X.509 certificate access
• Kerberos (HTTP/SPNEGO) access
• CAMS Account Association (Kerberos (HTTP/SPNEGO))

2.3 Risks & Contingencies

3.0 Approach

3.1 Testing Strategy

3.2 Tools

3.3 Environmental Needs