IETF Logo Mail Archive

Re: [scim] Filter ABNF Clarifications

Phil Hunt <phil.hunt@independentid.com> Wed, 19 August 2020 17:20 UTC

Return-Path: <phil.hunt@independentid.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9BC923A08DC for <scim@ietfa.amsl.com>; Wed, 19 Aug 2020 10:20:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=independentid-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F8vrcWgz6X6H for <scim@ietfa.amsl.com>; Wed, 19 Aug 2020 10:20:49 -0700 (PDT)
Received: from mail-pl1-x634.google.com (mail-pl1-x634.google.com [IPv6:2607:f8b0:4864:20::634]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF1613A08C3 for <scim@ietf.org>; Wed, 19 Aug 2020 10:20:49 -0700 (PDT)
Received: by mail-pl1-x634.google.com with SMTP id r4so11144625pls.2 for <scim@ietf.org>; Wed, 19 Aug 2020 10:20:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=independentid-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=F9aUpyMqpZWHDtTAnjf132XJutX4qz/MsEb2lON8ks4=; b=cj4lQ1O8KonzYOGcLoNaGT2SShxVqF3wVABa6KdHqPd2DT+iG1l8/v2DzHkwgt0W8t YBVQhvbriA1F/WBebFjfT/Vo4YqsP/X1mILhMHEdHrY337pvhg1tgehVDYI0NjMv+KzE FwwJplixsWvvo0Xc+4eR/JouANYURf9h0OkX9p269y6z06o4uBjWrTl+KkdKOkwwc3op fNZ/ID274+5h9vxqnfQ89zZkunX3DHhbXYofhdh14D1MyTBkJxgngSuSJBQfK3WEfzoI cSP4gDPl8/17pxujscM9VHIfvF/rC1x92KGWuSlMvNaWS26ltPaHhY7IK++6bJk6thlk esag==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=F9aUpyMqpZWHDtTAnjf132XJutX4qz/MsEb2lON8ks4=; b=lptfZYqtSM95GnBiDhCLbqDt4F83BvgSQSVYiqlBGocrbEesnqejqskx9U7ErFsGkb eI8aV87uSHddBPgGNjPBApRtca4R2YEMNaQvEfkV06WfS0gedYAYb9vNEyWLM3TgvqTL ww3xsar3tKlksFW/lbFe2h2kYyFvvtbOxb3dl7G5Ax7BcRXdboAxtV0BAi0YrA/zK9C+ FZyJklcZngQ1AXlqjco+FKyjq0MfLKNyXlA4WDojoZ8D6cBoYaC3vbQSN70D0ux3GSt7 1ysQ0Tgj/oqKaYAHI/7/Md+z0zjPb+o2u2RpB57xiKoPzhqY1yOXNNQoZj2H2auuWugG EMMQ==
X-Gm-Message-State: AOAM530mgyzLK1SdzWm5lgfz+qhdUOzOpmBpni6c02ZvF4oi4d5zcCDA EXkTYMvoO5KNuniiRkikP4pOUg==
X-Google-Smtp-Source: ABdhPJwaaxqkNg0carCEajCo2WSpH7yEReVhZZfUaUGswcQ8Bzc446u7SGV57LRpdXQ43z9jrlbIqg==
X-Received: by 2002:a17:902:9349:: with SMTP id g9mr19786581plp.313.1597857649093; Wed, 19 Aug 2020 10:20:49 -0700 (PDT)
Received: from node-1w7jr9qrfoxx7w7mld969daxl.ipv6.telus.net (node-1w7jr9qrfoxx7w7mld969daxl.ipv6.telus.net. [2001:569:7a71:1d00:1856:3762:a36d:c999]) by smtp.gmail.com with ESMTPSA id s4sm28799049pfh.128.2020.08.19.10.20.48 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 19 Aug 2020 10:20:48 -0700 (PDT)
From: Phil Hunt <phil.hunt@independentid.com>
Message-Id: <C152B7BC-AB9B-429D-848E-2473632ABBB2@independentid.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_2472C4AF-2648-4507-B14B-705EFACC9909"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Date: Wed, 19 Aug 2020 10:20:47 -0700
In-Reply-To: <CAGUsYPxk2BXYr4yy6zbED9oXWnQArT-+YA0=dbbRwLpqxSVn1g@mail.gmail.com>
Cc: scim@ietf.org
To: Shelley <randomshelley@gmail.com>
References: <CAGUsYPz7BYonmr0qXKWPAJFyQd9exV0mNcyZ38RhpsLqpg7Q4w@mail.gmail.com> <9D2B20FF-64AB-4F6A-8893-9B2CEEE2D87A@independentid.com> <CAGUsYPwhLdafN-e1E-SSEdp8SuScYFx0uD_9f4kT9fN3yz-GkQ@mail.gmail.com> <7B069C74-315D-4CCF-8D49-3A6B1B48DF41@independentid.com> <CAGUsYPw-xZ+f3DtvGM_2XsX9eF4G7fs7b+JXt-LHm2j1rhYwkQ@mail.gmail.com> <CAGUsYPxk2BXYr4yy6zbED9oXWnQArT-+YA0=dbbRwLpqxSVn1g@mail.gmail.com>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/ICvbSUr-wYppadg2jDoxcxpOblk>
Subject: Re: [scim] Filter ABNF Clarifications
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Aug 2020 17:20:52 -0000

Shelley

Good catch. I would put in an errata for the filter ABNF.

Phillip Hunt
phil.hunt@independentid.com



> On Aug 19, 2020, at 7:47 AM, Shelley <randomshelley@gmail.com> wrote:
> 
> There also seems to be a slight discrepancy between the allowed characters in an attribute name between the SCIM Core Schema Specification [1] and the SCIM Protocol Specification [2].
> 
> Specifically, the Core Schema ABNF seems to allow "$" characters:
> 
>    ATTRNAME   = ALPHA *(nameChar)
>    nameChar   = "$" / "-" / "_" / DIGIT / ALPHA
> 
> whereas the SCIM filter ABNF does not seem to allow this character in attribute names:
> 
>    ATTRNAME  = ALPHA *(nameChar)
>    nameChar  = "-" / "_" / DIGIT / ALPHA
> 
> Was there any reasoning behind this discrepancy?
> 
> (In addition, if I'm not mistaken, the "$ref" attribute in the core schema [3] seems to violate the ABNF since it does not start with an ALPHA character. Please let me know if I'm misunderstanding something.)
> 
> [1] https://tools.ietf.org/html/rfc7643#section-2.1 <https://tools.ietf.org/html/rfc7643#section-2.1>
> [2] https://tools.ietf.org/html/rfc7644#page-21 <https://tools.ietf.org/html/rfc7644#page-21>
> [3] https://tools.ietf.org/html/rfc7643#page-12 <https://tools.ietf.org/html/rfc7643#page-12>
> On Thu, Aug 13, 2020 at 2:14 PM Shelley <randomshelley@gmail.com <mailto:randomshelley@gmail.com>> wrote:
> If adding the optional space to the ABNF is not feasible, then perhaps the non-normative example in Figure 2 that includes the space should be updated to remove it? This example [1] is not compliant with the ABNF syntax:
> not (emails co "example.com <http://example.com/>" or emails.value co "example.org <http://example.org/>")
> 
> Also, is there somewhere that changes like this are being tracked for a future SCIM spec?
> 
> Thanks for the discussion and clarification regardless
> 
> [1] https://tools.ietf.org/html/rfc7644#page-23 <https://tools.ietf.org/html/rfc7644#page-23>
> On Thu, Aug 13, 2020 at 1:02 PM Phil Hunt <phil.hunt@independentid.com <mailto:phil.hunt@independentid.com>> wrote:
> Shelley,
> 
> I agree, the ABNF you propose may have been a better way to express “not” filters. AFAIK, the iETF does not allow us to make this kind of RFC update as technically it is a normative change. 
> 
> IMO this would be a good item to address as a clarification item in a possible future SCIM 2.1 or 3 draft. 
> 
> Phillip Hunt
> phil.hunt@independentid.com <mailto:phil.hunt@independentid.com>
> 
> 
> 
>> On Aug 13, 2020, at 10:12 AM, Shelley <randomshelley@gmail.com <mailto:randomshelley@gmail.com>> wrote:
>> 
>> OK, thanks for the clarification. I think I better understand the intent behind the "*1" now; this also allows for optional parentheses around any filter expression. I presume the space should still be allowed between the "not" and open parenthesis "(", though? The following updated syntax includes an optional space following the "not", and also includes the recommended parentheses grouping [1] for clarification:
>> 
>>      FILTER    = attrExp / logExp / valuePath / ( ["not" *1SP] "(" FILTER ")" )
>> 
>>      valFilter = attrExp / logExp / ( ["not" *1SP] "(" valFilter ")" )
>> 
>> [1] https://tools.ietf.org/html/rfc5234#section-3.5 <https://tools.ietf.org/html/rfc5234#section-3.5>
>> 
>> 
>> On Thu, Aug 13, 2020 at 11:27 AM Phillip Hunt <phil.hunt@independentid.com <mailto:phil.hunt@independentid.com>> wrote:
>> Shelly
>> 
>> The “not” is itself optional to allow bracketing of sub filter expressions. 
>> 
>> (Filter) or not(filter)
>> 
>> Phil
>> 
>>> On Aug 13, 2020, at 8:56 AM, Shelley <randomshelley@gmail.com <mailto:randomshelley@gmail.com>> wrote:
>>> 
>>> 
>>> While reviewing the SCIM 2.0 filter ABNF syntax [1], I found what appears to be a couple of issues that I wanted to confirm before submitting errata.
>>> 
>>> Regarding the "not" filters:
>>>      FILTER    = attrExp / logExp / valuePath / *1"not" "(" FILTER ")"
>>> 
>>>      valFilter = attrExp / logExp / *1"not" "(" valFilter ")"
>>> Specifically, if I'm not mistaken:
>>> there should be a space between "not" and "("
>>> alternatively, the following example [2] should not include a space:
>>> not (emails co "example.com <http://example.com/>" or emails.value co "example.org <http://example.org/>")
>>> the use of "*1" is not correct
>>> this effectively makes the entire rule optional
>>> As such, I think the above filters should be re-written as:
>>> 
>>>      FILTER    = attrExp / logExp / valuePath / "not" [SP] "(" FILTER ")"
>>> 
>>>      valFilter = attrExp / logExp / "not" [SP] "(" valFilter ")"
>>> 
>>> In case any SCIM clients/providers are relying on the existing ABNF which does not define the space, the above syntax makes the space optional.
>>> 
>>> Please confirm whether I've misinterpreted anything, otherwise, I will likely report this as errata.
>>> 
>>> [1] https://tools.ietf.org/html/rfc7644#page-21 <https://tools.ietf.org/html/rfc7644#page-21>
>>> [2] https://tools.ietf.org/html/rfc7644#page-23 <https://tools.ietf.org/html/rfc7644#page-23>_______________________________________________
>>> scim mailing list
>>> scim@ietf.org <mailto:scim@ietf.org>
>>> https://www.ietf.org/mailman/listinfo/scim <https://www.ietf.org/mailman/listinfo/scim>
>

v2.23.0 | Report a Bug | By Email