Re: [scim] [Technical Errata Reported] RFC7643 (6001)

Phil Hunt <phil.hunt@yahoo.com> Wed, 11 March 2020 18:12 UTC

Return-Path: <phil.hunt@yahoo.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 042343A107C for <scim@ietfa.amsl.com>; Wed, 11 Mar 2020 11:12:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7adJF99FqRM4 for <scim@ietfa.amsl.com>; Wed, 11 Mar 2020 11:12:02 -0700 (PDT)
Received: from sonic305-21.consmr.mail.ne1.yahoo.com (sonic305-21.consmr.mail.ne1.yahoo.com [66.163.185.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE6C63A107E for <scim@ietf.org>; Wed, 11 Mar 2020 11:12:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1583950321; bh=iDmSMCH5tOghFJRZ60K2PRRzsVvr32BI4orLXBsxBfc=; h=From:Subject:Date:In-Reply-To:Cc:To:References:From:Subject; =?utf-8?q?b?= =?utf-8?q?=3Dt3qU0mSj0gNXmXqXpCfeaNQVgo47uS7iwyQMxZIupa1k3pUatGsxtnTkT9Q28p?= =?utf-8?q?MnLOOlzoP0Ox79hs149Mea4KRg7uP2qCUunKbKJBOrAtQIPRWhNY4Q5sGWyNSXDac?= =?utf-8?q?WMQgvQcPd1WNDveoeBq6eqlwbU8q12OcyRQ/8XzpBu3BJUDEXu5Pbj9Bfjkll+DfH?= =?utf-8?q?zTDGrFXVou3LFiYLN0Ql0RHcZtwSkPiGz8fqlrECaYVFBK3Zya7AFGkjjlQLDxE+E?= =?utf-8?q?z5ORg78dZ9CMg+9YqRYtktDO6CyAn68/8G/8IL/l7f8DLilSR3ZsE6YwspIjANqi3?= =?utf-8?q?8W0VJJJLiJL07GH59N1Q=3D=3D?=
X-YMail-OSG: rRs1b8YVM1lel97ravmY2WHi3f_CHzNgiOnnB2DL1Y5matqHxadZxu9mqObikBa mD_By2YbTiUntqujADr3S8kzarGUBsepS..qjeXpfGG64XhBnIUvsBT9qaCPoxYIv258_PW1xCdO z4jEiqe4NWiaRX1oEolb_KUV3fot70PeepN4H44Ltmz99HwjFfXJl0HHWfIW0HvxM_qdXw_O3fWT 0dB9EilshKafY4WMB5HhcPKq0emPqZDiFS2q_2kwMYVSGCqGaHqQjD.mFyoZbe5SaIu8mJtsJOQg 38xtrKDasi0ubS_VOPhFfsZAHc4ALr3ZgNppl.8o7yFssIWpZwtFa2J7YyDRYF2.bSLvjwXR36UJ uSJTljwOeZlqZft.gkl2dJ2W2al0Msx9qVYVYEfQtqC0Epv4H0P0TRkjaD3PoFc94eg0cCAPpa4e mmBcy83kjVrQNCtkqXp.gey6oxoUBHIs8UlIHGRvK8PHTUWEj5M37zFWgIoonAIPNq7iMJCIU6qR SGO8jfd0IEeWEsdPCyP17aTh.5siK8u1lvnlyz9MWnMAC9orAo0fYZ6m3NsFf7vMbJTLGK81NRYP wP4IuBYIbSGo2VxTu4.9JJAKWoKDn3reOgTrzwnDVye2J1nKsEpnay6HqJ5VQ8gFSqR088U3.AHw lhz4UOBrARPudGr9eLys0lL.10sRsodvtkEyCqxU4Mb0NmaAVw1GoO.BE3.jFWThFfCg31AkZfbn lFpjT.wYRFuwOM10gLjNCtPT.TCsOJHuCmfrrXcGaYJRqWDZDtB82FC.RzE_5jIvlphwcmUSh1a. BfliafkhizjFQ.G12XWcRivrdxo8D1XMRb1FTiOjWnto9ts.RQ9GKTWQQxNwe0ceWZLp0KjoEblA UY1n4BzjCE0u8TI09ALksO9..NhRIdzPNv3eiFocycm4DQHKQSPAsZ2RrA05a67IL56Ikho3B6No XA5ACongm7VRGvx8Uab9roTSx9Iu5TMeIyRylyYxn_.yTzSXsLx_dzcJA8IRSZVjUAgedGt6EnkU _wLnvJCtioq0jT54AvCBstTDzsroxS6kUpaINsx_4AsBa55Juq9dgtsD3xreZRfKj5PU2ia8lzrM eNV7AUbgO3JGGeXaDjOYzvkK_wKo0uiMZ.6YdrfEwpG8B3.cwb6Ug6rFokI73pZ7CMWY99i.5gY9 cwRtol7hwV9AMK5jBOa_h6PyqOd7PfeKy2KkOASJ0GwmBR5cogBylY7sSD1RTq3e2A9ZRNZJhftM EKJq5vFQQFr_TsRC29xtz7YgTyIDBfGNEIBZz4N1OhSuS_uOQrLvFc_tmeXFGN.Terdha6Dj7eCE oEBlfPUz0nRGlO1CAMDNKrmlk52dtZdN7f6Cl_7BF3mrxY98gK4KGnk2iVvScoqTznnAYKqBzvdy YEMyhgAaQwQ5d0LMBOUF8FA_E
Received: from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.ne1.yahoo.com with HTTP; Wed, 11 Mar 2020 18:12:01 +0000
Received: by smtp415.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 1a2d32141e12a49ba9f29e738d9b503d; Wed, 11 Mar 2020 18:11:57 +0000 (UTC)
From: Phil Hunt <phil.hunt@yahoo.com>
Message-Id: <47F56EB2-8472-49A1-BDC1-37B9F718C379@yahoo.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_259B415A-8C01-4AA6-A6B8-433F8766B994"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Wed, 11 Mar 2020 11:11:54 -0700
In-Reply-To: <CAGUsYPySaOViinu9D2E2tU6F=QsYxWOV2U-ZEDbeDY6ONsPSsg@mail.gmail.com>
Cc: Leif Johansson <leifj@mnt.se>, Adam Roach <adam@nostrum.com>, Alexey Melnikov <aamelnikov@fastmail.fm>, leifj@sunet.se, scim@ietf.org, Kelly Grizzle <kelly.grizzle@sailpoint.com>, Barry Leiba <barryleiba@computer.org>, Morteza Ansari <moransar@cisco.com>
To: Shelley <randomshelley@gmail.com>
References: <20200302171904.01B97F406D7@rfc-editor.org> <AD46B734-E936-4878-A133-78C8447AD0CA@yahoo.com> <CAGUsYPxPq0S1WQZCE4Di2GHmF2AED3zt0tasPZ7i8bs8G0dj4Q@mail.gmail.com> <8b371853-c39e-4f62-b224-2134aa586bd2@mnt.se> <CAGUsYPySaOViinu9D2E2tU6F=QsYxWOV2U-ZEDbeDY6ONsPSsg@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/05_K_y-V26EOfN2F7fuSO3DXoLw>
Subject: Re: [scim] [Technical Errata Reported] RFC7643 (6001)
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Mar 2020 18:12:04 -0000

Shelley,

I agree with Leif’s suggestion that this is the kind of stuff best deli with in a SCIMbis group.

SCIM is badly in need of a certification test that captures common implementation and normalizes behaviours and best practices. In and of itself would be a good feed back to any SCIMbis work.  I have been trying to lobby for this, but without a major sponsor and host organization, I fear this will not happen.

Phil Hunt
phil.hunt@yahoo.com



> On Mar 11, 2020, at 6:48 AM, Shelley <randomshelley@gmail.com> wrote:
> 
> The more I think about this, the more I am leaning towards the problem here being in Section 2.3.7, not 8.7.1.
> 
> As noted here [1], I have some general concerns with "caseExact," namely that there should be some separation of concerns between attribute characteristics and filtering capabilities. The fact that Section 2.3.7 requires all "reference" types to be "case exact" [2] seems overly-limiting.
> 
> URNs, for instance, are not entirely case-sensitive; they define a lexical equivalence, in which only some parts of the URN are case-sensitive [3]. For example, the following two URNs are lexically equivalent:
> urn:ietf:params:scim:schemas:core:2.0:User
> URN:IETF:params:scim:schemas:core:2.0:User
> 
> Given this, I would suggest that a filter for a URN attribute should match on either of the above. However, with the requirements outlined in Section 2.3.7, a client would need to provide the case-exact equivalent in order to match.
> 
> Therefore, perhaps Section 2.3.7's requirement that "A reference is case exact" could/should be removed (in which case my initially proposed change in Section 8.7.1 is optional)?
> 
> [1] https://mailarchive.ietf.org/arch/msg/scim/7ElDxpsgHZGRmQrXOTIR1jwuTts/ <https://mailarchive.ietf.org/arch/msg/scim/7ElDxpsgHZGRmQrXOTIR1jwuTts/>
> [2] https://tools.ietf.org/html/rfc7643#section-2.3.7 <https://tools.ietf.org/html/rfc7643#section-2.3.7>
> [3] https://tools.ietf.org/html/rfc8141#section-3 <https://tools.ietf.org/html/rfc8141#section-3>
> On Wed, Mar 11, 2020 at 4:05 AM Leif Johansson <leifj@mnt.se <mailto:leifj@mnt.se>> wrote:
> 
> 
> On 2020-03-10 21:00, Shelley wrote:
> >     it is allowed that the schema may be set to caseExact false 
> > 
> > 
> > Is Section 2.3.7 not normative? If not, perhaps that section should not prescribe a caseExact characteristic for references at all then.
> > 
> 
> I think Phil meant that the /examples/ are not normative.
> 
> I'm also supportive of going either way on this. There has been talk of a
> 'bis' process for SCIM and if that happens this would certainly get included.
> 
>         Cheers Leif