[scim] HTTP Status Code 501
Shelley <randomshelley@gmail.com> Tue, 25 February 2020 20:09 UTC
Return-Path: <randomshelley@gmail.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AEF73A11A0 for <scim@ietfa.amsl.com>; Tue, 25 Feb 2020 12:09:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VbsUaCud7lB3 for <scim@ietfa.amsl.com>; Tue, 25 Feb 2020 12:09:44 -0800 (PST)
Received: from mail-vs1-xe34.google.com (mail-vs1-xe34.google.com [IPv6:2607:f8b0:4864:20::e34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13E5F3A1138 for <scim@ietf.org>; Tue, 25 Feb 2020 12:09:43 -0800 (PST)
Received: by mail-vs1-xe34.google.com with SMTP id c18so288605vsq.7 for <scim@ietf.org>; Tue, 25 Feb 2020 12:09:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=q5jPF11xNyaN3p62rbNywNsC+eLqrvON+Ci2ktrIHJc=; b=ZEcAwoLFCxDnHabUaZyvD6GoilaX+jYLPvlZPWJRgjv6DwL9B2kC7+dY0yYeEjUTcK VG2pxiOCbs2114ZAfGe8N16oSIdHZxIX8Mr5GOcHlJGmunLPE/TajLsMtpGJ+69etzYJ AfGhS24cHFGc1s/QwthKp4GQOYN8rAVHdF/xLEdaS8kWEfPVBulVt9rXeF86d4Qvw0g3 8J109nrYmDXjeAEuRmecjbfvuhavloA4BdL6DB+DDZTPSyDqvxlg8V6YtoOJY8zDRrJp Z9aP4bY3J6qFsudQ0VqLzcfKnL/x8sSasl5yrASjKeLJf26LoMA5Ufo7wK9cjo7CPmpK bJdg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=q5jPF11xNyaN3p62rbNywNsC+eLqrvON+Ci2ktrIHJc=; b=XtrceW3Ao3FtOtB9dqVIygePzqGzaxQjO9pMCOJ4nn0PyvTWwlPNu3jfQ2RwgATFhh b5SDMmX0qlPKaYDRc3bQM08AGuC1/jbqU6X4E0rJYu0ZhyOxilXbX/Bb9wXi3G8X2ZVZ aWZL0nTqOa1SADU9xd0FatElCCuGHA2Br529jhk9Zov6O3fDOB0gxeO8fXyYF+qhcHeC wfCEBJMK8C3FwabDJY25KkPWcywcL1a05wdfmnEt7uMi+vvlrn2eCnyV/M0d9SEvFxzH gErbnaizAGNtJp2GaLGpDW8I5FV7rOfQoOtoBoFDh8iSoFvGNdVqR5jR79MftZNTDR/a L4zg==
X-Gm-Message-State: APjAAAX+358LQebK8NBuCNoKh71+kPCXC4CtTS3tZDembKPz3U4/Jrt+ uJo6cAL/dq56W7CUg/qyFAxp/os+BzM65QO8XUg7ll+G
X-Google-Smtp-Source: APXvYqxjKNGO9GThHWQ8BilojWo/SES/hIuPACzh59dMBJP6zKezH4YGvct1OXAEd+OsJUPJiqEjJdVvwCJLfKpZEDg=
X-Received: by 2002:a05:6102:190:: with SMTP id r16mr732174vsq.215.1582661382026; Tue, 25 Feb 2020 12:09:42 -0800 (PST)
MIME-Version: 1.0
From: Shelley <randomshelley@gmail.com>
Date: Tue, 25 Feb 2020 14:09:30 -0600
Message-ID: <CAGUsYPw+rekBBjQ1WrPHejcOx=VGnPJrY44r6myVQ3PGYk30XA@mail.gmail.com>
To: scim@ietf.org
Content-Type: multipart/alternative; boundary="00000000000079b864059f6c1138"
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/5Y-aOJ0XKhkyI7oQhpBljPLGvq0>
Subject: [scim] HTTP Status Code 501
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Feb 2020 20:09:46 -0000
*/Me Endpoint Support* The SCIM 2 specification indicates that if a service provider does not support the "/Me" endpoint, it should respond with HTTP 501 [1]. This doesn't seem inline with the HTTP specification, which indicates that 501 is used when the server *does not recognize the request method* [2]. In the case of the "/Me" endpoint, however, the server *does *recognize the *method* (GET), but simply does not support a representation for the requested resource, which seems more inline with a *404* [3]. What was the reasoning behind the 501? Given the requirement is a "SHOULD" recommendation, I'm inclined to return the HTTP standard 404 in my service provider implementation, instead of the SCIM recommended 501. *PATCH Operation Support* The SCIM 1.1 and 2.0 specifications also imply that 501 should be returned when PATCH is not supported [4]. This also seems to violate the HTTP spec, if the server recognizes the PATCH method, but simply does not support this method for the requested resource. Instead, a *405* (Method Not Allowed) [5] seems more appropriate. [1] https://tools.ietf.org/html/rfc7644#section-3.11 [2] https://tools.ietf.org/html/rfc7231#section-6.6.2 [3] https://tools.ietf.org/html/rfc7231#section-6.5.4 [4] https://tools.ietf.org/html/rfc7644#section-3.12 [5] https://tools.ietf.org/html/rfc7231#section-6.5.5
- [scim] HTTP Status Code 501 Shelley
- Re: [scim] HTTP Status Code 501 Phillip Hunt