Re: [scim] [Technical Errata Reported] RFC7643 (6001)

Barry Leiba <barryleiba@computer.org> Wed, 11 March 2020 18:49 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0CA13A1140 for <scim@ietfa.amsl.com>; Wed, 11 Mar 2020 11:49:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.111
X-Spam-Level:
X-Spam-Status: No, score=-3.111 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_MSPIKE_H2=-1.463, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4yS5mmv7iZH7 for <scim@ietfa.amsl.com>; Wed, 11 Mar 2020 11:49:45 -0700 (PDT)
Received: from mail-il1-f169.google.com (mail-il1-f169.google.com [209.85.166.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0D833A1143 for <scim@ietf.org>; Wed, 11 Mar 2020 11:49:44 -0700 (PDT)
Received: by mail-il1-f169.google.com with SMTP id d14so2517129ilq.10 for <scim@ietf.org>; Wed, 11 Mar 2020 11:49:44 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=F92TdezWv80m3WzlhYKhueawXGKSlc68f0AmYEYdi/k=; b=VzRV7IZNvPKMc7C037mSk2+09oT1QjRLPy4Sac5UrUttdNZgU/wXVMWuAZB5Ou5Bpy AepHCpHwuQP9hLBbXiRk8IG4phHLNdcwwNPt9vap1Gs7ntnez0th271FamYMs1Itxgig gpCyMgrNIp3FEoVspR9bmRvEo4zdxQBzZqXGb/1G6F0HncCixB1wzIiPYflf/RSFOW1S 9lL3qwsgWGfrMlsSa1n7HoUAcbwQksDsHke91LwlIHb0fPgMGObWq32zvX3hxWXnJlJm MDnZeRCFRZ+QzuaFP9R0xJVqDRj5HjUFUWBDPc9dYF7tberjMRdPkkn1lvGPGFjYq4BB MI6g==
X-Gm-Message-State: ANhLgQ1e9Dk67qdnKfCbFq8uUk4TexSBMwwE7cyl9H1n+qRFneSz+MI+ 41CLU5Hy8+OyL8THPPcrVCuRwDykdr76Ksooy2Y=
X-Google-Smtp-Source: =?utf-8?q?ADFU+vsdXsXc1KLnubBw0OZmBMLRRaAXkgfOCtnmRwH7?= =?utf-8?q?T3Dg+f/D5B6IC+zl+Qlbswa7h1FudBof1uqug3DMdMFhM7A=3D?=
X-Received: by 2002:a92:d60a:: with SMTP id w10mr4604782ilm.107.1583952583462; Wed, 11 Mar 2020 11:49:43 -0700 (PDT)
MIME-Version: 1.0
References: <20200302171904.01B97F406D7@rfc-editor.org> <AD46B734-E936-4878-A133-78C8447AD0CA@yahoo.com> <CAGUsYPxPq0S1WQZCE4Di2GHmF2AED3zt0tasPZ7i8bs8G0dj4Q@mail.gmail.com> <8b371853-c39e-4f62-b224-2134aa586bd2@mnt.se> <CAGUsYPySaOViinu9D2E2tU6F=QsYxWOV2U-ZEDbeDY6ONsPSsg@mail.gmail.com> <47F56EB2-8472-49A1-BDC1-37B9F718C379@yahoo.com>
In-Reply-To: <47F56EB2-8472-49A1-BDC1-37B9F718C379@yahoo.com>
From: Barry Leiba <barryleiba@computer.org>
Date: Wed, 11 Mar 2020 14:49:32 -0400
Message-ID: <CALaySJJVZ7qB=9brHL6HGKbm+FS3qsQSrkvT03Zttp_5KVZbMg@mail.gmail.com>
To: Phil Hunt <phil.hunt@yahoo.com>
Cc: Shelley <randomshelley@gmail.com>, Leif Johansson <leifj@mnt.se>, Adam Roach <adam@nostrum.com>, Alexey Melnikov <aamelnikov@fastmail.fm>, Leif Johansson <leifj@sunet.se>, scim@ietf.org, Kelly Grizzle <kelly.grizzle@sailpoint.com>, Morteza Ansari <moransar@cisco.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/C4CKLsDWGFDf1_Hde4gV39KEjoE>
Subject: Re: [scim] [Technical Errata Reported] RFC7643 (6001)
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Mar 2020 18:49:47 -0000

Should this then go to "held for document update", rather than "verified"?

Barry

On Wed, Mar 11, 2020 at 2:12 PM Phil Hunt <phil.hunt@yahoo.com> wrote:
>
> Shelley,
>
> I agree with Leif’s suggestion that this is the kind of stuff best deli with in a SCIMbis group.
>
> SCIM is badly in need of a certification test that captures common implementation and normalizes behaviours and best practices. In and of itself would be a good feed back to any SCIMbis work.  I have been trying to lobby for this, but without a major sponsor and host organization, I fear this will not happen.
>
> Phil Hunt
> phil.hunt@yahoo.com
>
>
>
> On Mar 11, 2020, at 6:48 AM, Shelley <randomshelley@gmail.com> wrote:
>
> The more I think about this, the more I am leaning towards the problem here being in Section 2.3.7, not 8.7.1.
>
> As noted here [1], I have some general concerns with "caseExact," namely that there should be some separation of concerns between attribute characteristics and filtering capabilities. The fact that Section 2.3.7 requires all "reference" types to be "case exact" [2] seems overly-limiting.
>
> URNs, for instance, are not entirely case-sensitive; they define a lexical equivalence, in which only some parts of the URN are case-sensitive [3]. For example, the following two URNs are lexically equivalent:
>
> urn:ietf:params:scim:schemas:core:2.0:User
> URN:IETF:params:scim:schemas:core:2.0:User
>
>
> Given this, I would suggest that a filter for a URN attribute should match on either of the above. However, with the requirements outlined in Section 2.3.7, a client would need to provide the case-exact equivalent in order to match.
>
> Therefore, perhaps Section 2.3.7's requirement that "A reference is case exact" could/should be removed (in which case my initially proposed change in Section 8.7.1 is optional)?
>
> [1] https://mailarchive.ietf.org/arch/msg/scim/7ElDxpsgHZGRmQrXOTIR1jwuTts/
> [2] https://tools.ietf.org/html/rfc7643#section-2.3.7
> [3] https://tools.ietf.org/html/rfc8141#section-3
>
> On Wed, Mar 11, 2020 at 4:05 AM Leif Johansson <leifj@mnt.se> wrote:
>>
>>
>>
>> On 2020-03-10 21:00, Shelley wrote:
>> >     it is allowed that the schema may be set to caseExact false
>> >
>> >
>> > Is Section 2.3.7 not normative? If not, perhaps that section should not prescribe a caseExact characteristic for references at all then.
>> >
>>
>> I think Phil meant that the /examples/ are not normative.
>>
>> I'm also supportive of going either way on this. There has been talk of a
>> 'bis' process for SCIM and if that happens this would certainly get included.
>>
>>         Cheers Leif
>
>