IETF Logo Mail Archive

Re: [scim] [Technical Errata Reported] RFC7644 (4690)

Phil Hunt <phil.hunt@yahoo.com> Wed, 11 May 2016 15:31 UTC

Return-Path: <phil.hunt@yahoo.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5AB4C12D19B for <scim@ietfa.amsl.com>; Wed, 11 May 2016 08:31:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.697
X-Spam-Level:
X-Spam-Status: No, score=-3.697 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4-eSNCbedOPi for <scim@ietfa.amsl.com>; Wed, 11 May 2016 08:31:54 -0700 (PDT)
Received: from nm26-vm5.bullet.mail.ne1.yahoo.com (nm26-vm5.bullet.mail.ne1.yahoo.com [98.138.91.248]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F127812D142 for <scim@ietf.org>; Wed, 11 May 2016 08:31:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1462980713; bh=rUO8U8jmV1Scd9StG9p/gLiXs8WD3Ub+sk7vXatZNcw=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From:Subject; b=oY4qzyCt3EyNtGcMtQOPQWzmyDiti78ba6m8Nco3bhKzvGC7ebTR0IrHkTFcYx2VovC21ULN9BLo0V306Sa6Ol/8zRGTxR9o3xKMeYKtrF/IZiZ2wqVjp99piPdeJoFy2B7V1hwmehqYQ1sPFjydgnJGlShjntC4ZanjhOirTSngZe0mH+iIaJ1jYXv3BeDeD8Iyi3vbUdmzAWU3br3t6HpKBGBJYRw8qqyuEB/u8Ys8yotzn7bt2JqXCg1tTpA/5M2b3zHcBxoiGTZ08kweFVGNXLBBg+DDvaq+UHuL5FzF9MAXWpefrbhLSrwljXhUye/gyvCRcfBfM5MpD84bBw==
Received: from [98.138.100.111] by nm26.bullet.mail.ne1.yahoo.com with NNFMP; 11 May 2016 15:31:53 -0000
Received: from [98.138.84.37] by tm100.bullet.mail.ne1.yahoo.com with NNFMP; 11 May 2016 15:31:53 -0000
Received: from [127.0.0.1] by smtp105.mail.ne1.yahoo.com with NNFMP; 11 May 2016 15:31:53 -0000
X-Yahoo-Newman-Id: 264297.41213.bm@smtp105.mail.ne1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: 65j64rEVM1m9Cqkkv1IzzFp3hLYE3OiADAbfq3PFyNHGpkl bORbVxpqT4q4BkAQpRyRmwsWlyLU3vi9IOgCtP3lHvvf_SqS4JKVlm4mFBLN YX6dxm.WYq5Bv9tBvq2lhb87NtWmgkBzA9bGjk.mW2pvkJz81TjCgDA64eqX e38JmkVqchKi3MclczfR7IiZ6KRcFgtl.KtCuT2d_WBqmh9zLOAQOKWiKHhm 5uDGqWs0kvU.Hm1eCTUE0DZ.cP8KqGH1C64bkSAjq7z6nevgF2JjsaXRfEA2 wGTk59C8nm7Ot6UpN3NKcyrc1bpFcO9uVRrs9J1SmevrPR6Qis4uN6mC5oQk mwAKrrqaHy4EI0eRN8eP8rP9tMcyoiJx5aMK_nboKR3NXU4NEj.gzeoxkESD 7oPe7F7srr9OA.cIz5KgbA4XG7qy.khqyCX8pZcpW1xHuq9zwExqzioX0B3L UYHoekag5fH00pjGiXaWH.Vsi990oQn3oODHzv8rZdi9wWQIdeEaXozOQkBr wZuEQDKjKK7QO_ZV1jM2WnELq.mymc59H
X-Yahoo-SMTP: 5ZG1WouswBA_I3TiUVQ.pojpE5jY8w--
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: Phil Hunt <phil.hunt@yahoo.com>
X-Mailer: iPhone Mail (13E238)
In-Reply-To: <1599821528.4999061.1462976900817.JavaMail.zimbra@psu.edu>
Date: Wed, 11 May 2016 08:31:52 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <6E286398-4F27-4082-BDA3-9FB84262CE5C@yahoo.com>
References: <20160510224750.BF421180004@rfc-editor.org> <1599821528.4999061.1462976900817.JavaMail.zimbra@psu.edu>
To: Christopher Harm <crh5255@psu.edu>
Archived-At: <http://mailarchive.ietf.org/arch/msg/scim/9COPQLE-lElKHO1VDaa9Kyz6Tkg>
X-Mailman-Approved-At: Wed, 11 May 2016 08:34:43 -0700
Cc: ben@nostrum.com, aamelnikov@fastmail.fm, morteza ansari <morteza.ansari@cisco.com>, alissa@cooperw.in, leifj@sunet.se, scim@ietf.org, kelly grizzle <kelly.grizzle@sailpoint.com>, erik wahlstrom <erik.wahlstrom@nexusgroup.com>, moransar@cisco.com, cmortimore@salesforce.com, RFC Errata System <rfc-editor@rfc-editor.org>
Subject: Re: [scim] [Technical Errata Reported] RFC7644 (4690)
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 May 2016 15:31:56 -0000

That is what valLogExp does. It allows another valFilter which could be another and or or clause. 

Phil

> On May 11, 2016, at 07:28, Christopher Harm <crh5255@psu.edu> wrote:
> 
> Phil,
> Doesn't the correction text prevent attr[a eq b and c eq d and e eq f].  valLogExp has no way to recurse back up and allow more than a simple logic expression. I presume that attr[a eq b and c eq d and e eq f] should be allowed.  I think that the valLogExp should refer back to the valFilter so that it can recurse back up and include another valLogExp if necessary.
> 
> Corrected Text
> --------------
> valFilter = attrExp / valLogExp / *1"not" "(" valFilter ")"
> 
> valLogExp = valFilter SP ("and" / "or") SP valFilter
> 
> 
> -Chris
> 
> 
> --
> Christopher Harm
> Penn State University
> 221 Technology Support Building
> 300 Science Park Road
> State College, PA 16803
> 814-863-3366
> 
> https://keybase.io/christopherharm
> 
> ----- Original Message -----
> From: "RFC Errata System" <rfc-editor@rfc-editor.org>
> To: "phil hunt" <phil.hunt@yahoo.com>, "kelly grizzle" <kelly.grizzle@sailpoint.com>, "morteza ansari" <morteza.ansari@cisco.com>, "erik wahlstrom" <erik.wahlstrom@nexusgroup.com>, cmortimore@salesforce.com, ben@nostrum.com, alissa@cooperw.in, aamelnikov@fastmail.fm, moransar@cisco.com, leifj@sunet.se
> Cc: scim@ietf.org, "phil hunt" <phil.hunt@yahoo.com>, rfc-editor@rfc-editor.org
> Sent: Tuesday, May 10, 2016 6:47:50 PM
> Subject: [scim] [Technical Errata Reported] RFC7644 (4690)
> 
> The following errata report has been submitted for RFC7644,
> "System for Cross-domain Identity Management: Protocol".
> 
> --------------------------------------
> You may review the report below and at:
> http://www.rfc-editor.org/errata_search.php?rfc=7644&eid=4690
> 
> --------------------------------------
> Type: Technical
> Reported by: Phil Hunt <phil.hunt@yahoo.com>
> 
> Section: 3.4.2.2
> 
> Original Text
> -------------
> valFilter = attrExp / logExp / *1"not" "(" valFilter ")"
> 
> Corrected Text
> --------------
> valFilter = attrExp / valLogExp / *1"not" "(" valFilter ")"
> 
> valLogExp = attrExp SP ("and" / "or") SP attrExp
> 
> Notes
> -----
> Figure 1 contains the ABNF for SCIM filters. The term "logExp" specifies "FILTER" as an option which unintentionally allows recursion. A valFilter should only allow simple sub-attribute expressions and simple logic.  Nesting of valuePath (e.g. attr[a eq b and attr[c eq d]]) should not be possible.
> 
> Instructions:
> -------------
> This erratum is currently posted as "Reported". If necessary, please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party (IESG)
> can log in to change the status and edit the report, if necessary. 
> 
> --------------------------------------
> RFC7644 (draft-ietf-scim-api-19)
> --------------------------------------
> Title               : System for Cross-domain Identity Management: Protocol
> Publication Date    : September 2015
> Author(s)           : P. Hunt, Ed., K. Grizzle, M. Ansari, E. Wahlstroem, C. Mortimore
> Category            : PROPOSED STANDARD
> Source              : System for Cross-domain Identity Management
> Area                : Applications and Real-Time
> Stream              : IETF
> Verifying Party     : IESG
> 
> _______________________________________________
> scim mailing list
> scim@ietf.org
> https://www.ietf.org/mailman/listinfo/scim

v2.23.0 | Report a Bug | By Email