[scim] Filter ABNF Clarifications

Shelley <randomshelley@gmail.com> Thu, 13 August 2020 15:56 UTC

Return-Path: <randomshelley@gmail.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CBB03A0E25 for <scim@ietfa.amsl.com>; Thu, 13 Aug 2020 08:56:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PK3vi6V7mpI5 for <scim@ietfa.amsl.com>; Thu, 13 Aug 2020 08:56:44 -0700 (PDT)
Received: from mail-vs1-xe2b.google.com (mail-vs1-xe2b.google.com [IPv6:2607:f8b0:4864:20::e2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C13583A0E10 for <scim@ietf.org>; Thu, 13 Aug 2020 08:56:43 -0700 (PDT)
Received: by mail-vs1-xe2b.google.com with SMTP id k25so3141351vsm.11 for <scim@ietf.org>; Thu, 13 Aug 2020 08:56:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=1UDXva+ueJgDPGwq3ChEcoz7Ab3wqxkS37H9sWVseGI=; b=A6ArZGsmn2CMQIwbNqoRkti0Ce78vU/KHftRPlJYa+5qUm3K6RFWJzxVeqAKmxmWUU cdJwoLrj+p5xo18m8QqKYAbWPvDIjgpvc5d5hOApLjjH7CMt3O2sr5pX1aGZ1GMlXJqL 8WLM17a82+atMh6A78pqTw6IY0UXPknGsn2c3s286rQlg9f203x24ChT3fem3lNMrR+y rDyDhrEdevtojOKjTceOk8O3+7a8w03Z4G1CtN9CRK3iowNrcOTM+WnPyWfARA/RZ0xZ EFrXGQatrrkupYttuV8g3dJ4KaU5FMcxjlELs8yJFrC3kXRAbTaVDl3GzXMfChthBd3l spzQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=1UDXva+ueJgDPGwq3ChEcoz7Ab3wqxkS37H9sWVseGI=; b=czyY2K8OKXS6q0opkfvsBKyKFqCJIXWRzbGVW22d3tYnaFXBYLeKacfZ8eeo7mRFYU 20a+DloLjyighcQnKXni9IhahO4UCCOcn+PyAdFp0M4X5nEE9HxIl8grT9sGKBxn5Sm2 XxW/P7qXECNvATivWSfVxbsevY9NqIeTaXqc1J+h2ls/0bX5gGQSc9JZgeJjCuUj7udK ofwTTOQoREUKVoETa8RzchL4I7F2IU1U8nty39oEsVn7urtQQFuV5JM/lH4hi3HuyV7V LwmFGHzLAYx5Sg9YQWMYyQ931WDkWUcEHenMJFfjRQGGzA2yDSI4vfWy0CDhl9CDyv5f q92g==
X-Gm-Message-State: AOAM531kqH72rZXIiHv/IERi9R8Fn8//e3HHykphxuYAf1XDsctb9oMy KVWYesKbr5sOIkopMpKcpiszgo0UkBb6iEnQCKpera+B
X-Google-Smtp-Source: ABdhPJwf7T884OKWX8IlOFPlQ+xdklsIuIiBjGotgK/Fza4u/ViTg7ZjiFnnyFGHAbzLbl/vUAW2zGgRDckjOMVYD3M=
X-Received: by 2002:a67:68d2:: with SMTP id d201mr3866027vsc.186.1597334202442; Thu, 13 Aug 2020 08:56:42 -0700 (PDT)
MIME-Version: 1.0
From: Shelley <randomshelley@gmail.com>
Date: Thu, 13 Aug 2020 10:56:31 -0500
Message-ID: <CAGUsYPz7BYonmr0qXKWPAJFyQd9exV0mNcyZ38RhpsLqpg7Q4w@mail.gmail.com>
To: scim@ietf.org
Content-Type: multipart/alternative; boundary="000000000000b966c405acc4595f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/5pJgvCWEvAf5waVJveRXjSAufGg>
Subject: [scim] Filter ABNF Clarifications
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Aug 2020 15:56:46 -0000

While reviewing the SCIM 2.0 filter ABNF syntax [1], I found what appears
to be a couple of issues that I wanted to confirm before submitting errata.

Regarding the "not" filters:

     FILTER    = attrExp / logExp / valuePath / *1"not" "(" FILTER ")"

     valFilter = attrExp / logExp / *1"not" "(" valFilter ")"

Specifically, if I'm not mistaken:

   - there should be a space between "not" and "("
      - alternatively, the following example [2] *should not *include a
      space:
      not (emails co "example.com" or emails.value co "example.org")
   - the use of "*1" is not correct
      - this effectively makes the entire rule optional

As such, I think the above filters should be re-written as:

     FILTER    = attrExp / logExp / valuePath / "not" [SP] "(" FILTER ")"

     valFilter = attrExp / logExp / "not" [SP] "(" valFilter ")"

In case any SCIM clients/providers are relying on the existing ABNF which
does not define the space, the above syntax makes the space optional.

Please confirm whether I've misinterpreted anything, otherwise, I will
likely report this as errata.

[1] https://tools.ietf.org/html/rfc7644#page-21
[2] https://tools.ietf.org/html/rfc7644#page-23