IETF Logo Mail Archive

Re: [scim] [INPUT REQUESTED] Re: Detailed error and status codes

David Möbius <d.moebius@tarent.de> Thu, 26 June 2014 09:10 UTC

Return-Path: <d.moebius@tarent.de>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BAE81B2F50 for <scim@ietfa.amsl.com>; Thu, 26 Jun 2014 02:10:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.2
X-Spam-Level: *
X-Spam-Status: No, score=1.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_38=0.6, J_CHICKENPOX_64=0.6, MANGLED_WANT=2.3, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fckNPEu_o1Fx for <scim@ietfa.amsl.com>; Thu, 26 Jun 2014 02:09:57 -0700 (PDT)
Received: from mail-we0-f179.google.com (mail-we0-f179.google.com [74.125.82.179]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06B641B2CED for <scim@ietf.org>; Thu, 26 Jun 2014 02:09:56 -0700 (PDT)
Received: by mail-we0-f179.google.com with SMTP id w62so3310085wes.10 for <scim@ietf.org>; Thu, 26 Jun 2014 02:09:54 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=7S+Nkzh0C5m4FZsJ+KKKC+vno6l9frB2AGF9o0+ZNqA=; b=Sx8ri5b3rzfbENMaM9RzfdXzZhSW7uG6+oaq9Pz+EGUJ8okup5ukvtRbRkSkmnTttY IKYdRd6eZEtVZ962r/B8f1ef9XKtebtPx16U6mxsgZS0HFbrqZSHBCcihgrRKfia724U xCkzH/QYyKUTQX9QY1kc8JZ8S+2DyBwg4dX/dYPgpvrKJ09fnpIXDzZ2/l4m7yoTEd/5 Bm6PRG69z0NkzQ6ql/OtQdvpV2xk0OaSmeENPXwU+vi7E5mRZNcBydwBS0KEzS1e1t4s ZPYiRpzp5BUfVnY+DlCJgbsYU7Vow7OABC3KT6cc13Jo3xft5QEyYDDDakVi0dVG5dPV bwjg==
X-Gm-Message-State: ALoCoQne+3TH0uBq1gpbbk25k0Y9/ngZrkgyO3rv8VVC2BS503PZgkx6d/8PgpLzuMTiGqnh6ULF
X-Received: by 10.180.10.168 with SMTP id j8mr2663877wib.73.1403773794185; Thu, 26 Jun 2014 02:09:54 -0700 (PDT)
Received: from [172.24.12.173] (fb-n15-11.unbelievable-machine.net. [94.198.62.204]) by mx.google.com with ESMTPSA id ub8sm22230914wib.0.2014.06.26.02.09.53 for <scim@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 26 Jun 2014 02:09:53 -0700 (PDT)
Message-ID: <53ABE35E.7030404@tarent.de>
Date: Thu, 26 Jun 2014 11:09:50 +0200
From: David Möbius <d.moebius@tarent.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: scim@ietf.org
References: <65922FF3-8637-4116-B336-C5424BF9BAAB@oracle.com> <53A9D021.2060906@gmx.de> <71B45AEC-9B79-4F3F-A933-23B0C2AF868E@oracle.com> <BE66EB70-40F3-4FC3-87DA-F828DDB300AD@nexusgroup.com> <C69F2063-B082-4ACC-A0B7-3FBF81083086@oracle.com>
In-Reply-To: <C69F2063-B082-4ACC-A0B7-3FBF81083086@oracle.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/scim/6s-bnUZe9kvH9AcVqsYunh9aTJ8
Subject: Re: [scim] [INPUT REQUESTED] Re: Detailed error and status codes
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jun 2014 09:10:00 -0000

Hello,

I would like to adjust to add a "error group" type to the error object.

Example:

{
  “schema”: "urn:scim:api:messages:2.0:Error”
  "scimGroupType" - "saving user"
  "scimDetailType" - "username allready taken"
  "status" - the HTTP status (should correspond to the response header)
  "detail" - "The username 'marissa' is already taken"
 }


The scimGroupType and the scimDetailType should never change if you do
the same mistage to make it machine readable.

Example and Reason:
I have a mask where the user can create an account. I have created my
html page the way that the user can't do "anything" wrong. The only
think the could do wrong is to use a existing username.

After I send the new user to the backend I get an exception. Since I
wan't to display the exception message in german or an other language I
need to know what type of exception was the problem.

I would like to give the User kind of messages:

1. The user used a given username: If this is the problem I can see it
with the help of the scimDetailType which will always be "username
already taken".

2. It is somethink wrong with the userdata (for example a email without
@ which I forget to check in my frontend). That something is wrong with
the userdata in generall I can see with the "scimGroupType"

3. Something else happens and I want to log the exception in my logs and
give an general message to the user

In my front end it could look like

if(scimException.getScimDetailType.equals("username allready taken")){

errorMessage = "in german: Your username is already taken. Plase use a
other one."
}else if(scimException.getScimGroupType.equals("saving user")){

errorMessage = "in german: Could not save your data. Please check your
given data.";
}else{

log.Error(scimException);
errorMessage= "in german: an error happen. Please try again later."
}

For this reason it would be good if we have 2 error codings in our error
json object. What do you think about this?

by David

Am 25.06.2014 21:07, schrieb Phil Hunt:
> On the call today (Erik, Bjorn, Morteza, and myself), we discussed the
> error issue.
> 
> The major concern with the draft suggested by Julian is really one of
> timing - we would prefer not to hold SCIM up. A good middle-ground
> approach is to align with the draft, but define the error fully within
> SCIM (using the SCIM mime type and schema namespace).
> 
> The proposal on the call is to SCIM mime/type of application/scim+json
> in error responses and include the SCIM error message schema declaration.  
> 
> {
>  “schema”: "urn:scim:api:messages:2.0:Error” (indicates the SCIM message
> type)
>  "scimType" - a keyword indicating the detail error (e.g.  “mutability”)
>  "status" - the HTTP status (should correspond to the response header)
>  "detail" - a detailed, human-readable message
> }
> 
> Servers MAY return additional attributes (e.g. ones from http-problem
> draft).  The only mandatory attributes are “schema” and “status”.  For
> example on anonymous self-registration scenarios, servers may be
> unwilling to give detail error responses for security reasons.
> 
> The reason for using scimType (instead of type) is to avoid any
> confusion with “type” from draft-nottingham-http-problem and its
> eventual use of “type”.
> 
> In a future update to SCIM we can then transition to align with the HTTP
> Problem draft by simply adding “type” in the way it defines. 
> 
> Phil
> 
> @independentid
> www.independentid.com <http://www.independentid.com>
> phil.hunt@oracle.com <mailto:phil.hunt@oracle.com>
> 
> 
> 
> On Jun 25, 2014, at 12:25 AM, Erik Wahlström
> <erik.wahlstrom@nexusgroup.com <mailto:erik.wahlstrom@nexusgroup.com>>
> wrote:
> 
>> So that would make it look like the following right?
>>
>> {
>>   "schemas": ["urn:scim:api:messages:2.0:Error"],
>>   "Error":
>>     {
>>       "type": "urn:scim:api:error:2.0:mutability",
>>       "title": “Attribute is readOnly.",
>>       "detail": “Attribute 'id' is readOnly and can’t be changed in a
>> PATCH request.",
>>       “status": 400  
>>     }
>> }
>>
>> I replaced Errors with Error.
>> Also replaced urn:scim:error:api:2.0:mutability with
>> urn:scim:api:error:2.0:mutability
>>
>> That works for me.
>> / Erik
>>
>>
>>
>> On 25 Jun 2014, at 01:30, Phil Hunt <phil.hunt@oracle.com
>> <mailto:phil.hunt@oracle.com>> wrote:
>>
>>> Note: July 04 is the LAST day for us to potentially submit updates
>>> for the IETF90 meeting.  This gives us about 1.5 weeks to close off
>>> the error issues and update the drafts.  If you have a moment please
>>> take a look and comment as soon as possible...
>>>
>>> Julian thanks for the suggestion.  For the rest of the group’s
>>> benefit, the draft Julian referenced suggests the following
>>> attributes be returned in a standardized detailed error JSON body…
>>>
>>>>    A problem details object MAY have the following members:
>>>>
>>>>    o  "type" (string) - An absolute URI [RFC3986 <http://tools.ietf.org/html/rfc3986>] that identifies the
>>>>       problem type.  When dereferenced, it SHOULD provide human-readable
>>>>       documentation for the problem type (e.g., using HTML
>>>>       [W3C.REC-html401-19991224 <http://tools.ietf.org/html/draft-nottingham-http-problem-06#ref-W3C.REC-html401-19991224>]).  When this member is not present, its
>>>>       value is assumed to be "about:blank".
>>>>    o  "title" (string) - A short, human-readable summary of the problem
>>>>       type.  It SHOULD NOT change from occurrence to occurrence of the
>>>>       problem, except for purposes of localisation.
>>>>    o  "status" (number) - The HTTP status code ([RFC2616], Section 6 <http://tools.ietf.org/html/rfc2616#section-6>)
>>>>       generated by the origin server for this occurrence of the problem.
>>>>    o  "detail" (string) - An human readable explanation specific to this
>>>>       occurrence of the problem.
>>>>    o  "instance" (string) - An absolute URI that identifies the specific
>>>>       occurrence of the problem.  It may or may not yield further
>>>>       information if dereferenced.
>>>
>>> Here is the corresponding example error response:
>>>>    HTTP/1.1 403 Forbidden
>>>>    Content-Type: application/problem+json
>>>>    Content-Language: en
>>>>
>>>>    {
>>>>     "type": "http://example.com/probs/out-of-credit",
>>>>     "title": "You do not have enough credit.",
>>>>     "detail": "Your current balance is 30, but that costs 50.",
>>>>     "instance": "http://example.net/account/12345/msgs/abc",
>>>>     "balance": 30,
>>>>     "accounts": ["http://example.net/account/12345",
>>>>                  "http://example.net/account/67890"]
>>>>    }
>>>
>>> Julian, what is the value of having “type” be a URI?  Why not just
>>> have a SCIM specific attribute (scimType) and use simple keywords?
>>> (asking mainly for the WG’s benefit). I guess the strong case is that
>>> by standardizing HTTP responses, client code gets simplified.
>>> However, using standard attributes creates the namespace conflict
>>> issue.  So we need URI based error codes.
>>>
>>> The SCIM specs could adopt the “type”, “detail”, and “status”. We
>>> would register a namespace of urn:scim:error:apil:2.0 in the SCIM
>>> IANA section in addition to api:messages, schema:core, etc.  This
>>> would give detail error types of:
>>>   urn:scim:error:api:2.0:mutability, urnscim:error:api:2.0:filter, etc.
>>>
>>> The other items, like title, instance, etc could be optional or just
>>> omitted from SCIM spec. —> we would just indicate that clients should
>>> expect attributes within the JSON message other than those defined by
>>> the SCIM drafts.
>>>
>>> IMPORTANT NOTE:  the format suggested by Julian allows for only one
>>> error at a time.  Erik had commented he prefers to return only one. I
>>> tend to agree. In the case of BULK requests, this is not really an
>>> issue since each BULK operation gets its own response block.
>>>
>>> *_In the interests of time, any objections to using type (with URI
>>> based error codes), detail, status, per above and limiting to ONE per
>>> response?  _*
>>>
>>> I know these are normative changes….however I’m pretty sure we can’t
>>> avoid changes in the final document clean up whether or not we adopt
>>> the proposed standardized error response.
>>>
>>> Cheers,
>>>
>>> Phil
>>>
>>> @independentid
>>> www.independentid.com <http://www.independentid.com/>
>>> phil.hunt@oracle.com <mailto:phil.hunt@oracle.com>
>>>
>>>
>>>
>>> On Jun 24, 2014, at 12:23 PM, Julian Reschke <julian.reschke@gmx.de
>>> <mailto:julian.reschke@gmx.de>> wrote:
>>>
>>>> On 2014-06-24 21:01, Phil Hunt wrote:
>>>>> With regards to tickets 37, 46, 67, it looks like we will have some
>>>>> normative changes required.  I am also expecting new SCIM error
>>>>> codes as
>>>>> we look at the possible reasons a server might return Bad Request or
>>>>> other HTTP status codes.
>>>>>
>>>>> Currently, the example response from PATCH, we use “error” to
>>>>> indicate a
>>>>> detailed error.
>>>>>
>>>>> * "error":"mutability"*
>>>>>
>>>>> From Response Codes Section, no detail error is defined:
>>>>>
>>>>> *HTTP/1.1 404 NOT FOUND*
>>>>>
>>>>> {
>>>>>   "schemas": ["urn:scim:api:messages:2.0:Error"],
>>>>>   "Errors":[
>>>>>     {
>>>>>       *"description":"Resource 2819c223-7f76-453a-919d-413861904646
>>>>> not found",
>>>>>       "code":"404"*
>>>>>     }
>>>>>   ]
>>>>> }
>>>>>
>>>>>
>>>>> Doing a search around Twitter, AWS, and many others, I see that “code”
>>>>> is often used to indicate a detailed error message (“mutability”) and
>>>>> status is used to indicate HTTP status.
>>>>>
>>>>> In an attempt to bring consistency across the API document, I am
>>>>> proposing we use http_status and scim_code. This will help make clear
>>>>> what we are referring to and allow existing implementations to co-exist
>>>>> for a while (by having different names).
>>>>>
>>>>> _Are there any objections to normalizing the spec around following
>>>>> format and attributes?_
>>>>>
>>>>> Proposed example:
>>>>>
>>>>> *HTTP/1.1 400 Bad Request*
>>>>>
>>>>>    Content-Type: application/scim+json;charset=UTF-8
>>>>>    Cache-Control: no-store
>>>>>    Pragma: no-cache
>>>>>
>>>>>    {
>>>>>      "schemas": ["urn:scim:api:messages:2.0:Error"],
>>>>>      "Errors":[
>>>>>        {
>>>>>          *“scim_code":"mutability”,*
>>>>>
>>>>> *          “http_status”:400,*
>>>>>          "error_description":"Attribute 'id' is readOnly."
>>>>>        },
>>>>>
>>>>>         . . .
>>>>>
>>>>>      ]
>>>>>
>>>>>    }
>>>>> ...
>>>>
>>>> You may want to read
>>>> <http://tools.ietf.org/html/draft-nottingham-http-problem-06>...
>>>>
>>>> Best regards, Julian
>>>>
>>>> _______________________________________________
>>>> scim mailing list
>>>> scim@ietf.org <mailto:scim@ietf.org>
>>>> https://www.ietf.org/mailman/listinfo/scim
>>>
>>> _______________________________________________
>>> scim mailing list
>>> scim@ietf.org <mailto:scim@ietf.org>
>>> https://www.ietf.org/mailman/listinfo/scim
>>
> 
> 
> 
> _______________________________________________
> scim mailing list
> scim@ietf.org
> https://www.ietf.org/mailman/listinfo/scim
>

v2.23.0 | Report a Bug | By Email