IETF Logo Mail Archive

Re: [scim] [Technical Errata Reported] RFC7644 (7122)

"Murray S. Kucherawy" <superuser@gmail.com> Mon, 12 September 2022 15:14 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C265C14CF04 for <scim@ietfa.amsl.com>; Mon, 12 Sep 2022 08:14:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.104
X-Spam-Level:
X-Spam-Status: No, score=-6.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QCv9a_7GkIoL for <scim@ietfa.amsl.com>; Mon, 12 Sep 2022 08:14:50 -0700 (PDT)
Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3CE1DC14CE25 for <scim@ietf.org>; Mon, 12 Sep 2022 08:14:50 -0700 (PDT)
Received: by mail-ed1-x52e.google.com with SMTP id u6so13240009eda.12 for <scim@ietf.org>; Mon, 12 Sep 2022 08:14:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=eQ41HoUnzUwLPfGDS/Eg0Rjgsr17b+92k9m/F2NGegY=; b=pLKqtuZz8K9RNQW9CvJUi9iGE5Kpax+dcmsriOacI8ju6zpx+WgQ23bP9e2fC1ZPme GIeZH29wzAOnLHhqQBgyTO4UOVCtnqNb7INuFzCtBLEbk1uYl3nJVGvH9QyTELiSA5Dv 45LKYQXVOa59WdRCGAHtL9Fi6uANZKliY8y2FugUuYQyRiqzO9vCBPKLmF1TR9664Sem Go/99W7B8MD2+6UoiUpBxswQfmkxn0W3PuUr40o+J6RH82Ei+xxm4P8GTErTIMcl+TIl 18YOTsqCp1EJRgf9KdfVhPm+dTpcf8BpF3OONqZFMnBTTaXtVrm0V7/OMKHFp1rjKuMZ mucQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=eQ41HoUnzUwLPfGDS/Eg0Rjgsr17b+92k9m/F2NGegY=; b=vDNpfap2LwOshM/bpNKVjn3wmRRkHB7sLC6czjbO0aYMGj/5piocxKlsXURnCkLJcF TDqsHAPicFQJ7GSE0K7JqkV/U9XmJd5HNXzDHde94uYENIOPVn55O2y7Pg5aS4IDKZo9 N0LYtMN8nlbgq02nNpA63OubXtMMbIBiVTTTOd3Tvz8BAT18nVGcRaktJxs2gi/dXgPX 3KTinZg+6ZoxOk7fYxf52X3igz9I3JhhFYkfVLTKVkid8RJPjBpR1vp/vSoeTw53T14k bIh4jzN56JIS3qkznPZrFf+WCQ6tverh/wwZ23MK5m3GmYSkVfgm9qDlfj6bThvzQyPX gxyQ==
X-Gm-Message-State: ACgBeo39e7Dkb83ulEuwk3sNX09Y/Z7vi+gaj4w+pvco5g8vq6l6tKT+ T2VgnjqQ2YuT0iz2LJumj9bzNR0qGqveujQaTSU=
X-Google-Smtp-Source: AA6agR73QoPcWDmL4iBGsSarh0/wbxH3LxmkDK1xn0tFmpNFpvR1oR9uxiaR9UM8eOcParWysIItaY37vlsvq6/DBNQ=
X-Received: by 2002:a05:6402:5285:b0:44d:adf4:e943 with SMTP id en5-20020a056402528500b0044dadf4e943mr22228515edb.302.1662995687712; Mon, 12 Sep 2022 08:14:47 -0700 (PDT)
MIME-Version: 1.0
References: <20220908103346.D4F111D3D@rfcpa.amsl.com> <60B14532-1C26-43F0-B3ED-AF936957BCB9@independentid.com>
In-Reply-To: <60B14532-1C26-43F0-B3ED-AF936957BCB9@independentid.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Mon, 12 Sep 2022 08:14:37 -0700
Message-ID: <CAL0qLwbjM4vaJvmS6C-YfwKvUQ0vBdc2cFsmHtzuVjTOaVzgNQ@mail.gmail.com>
To: Phillip Hunt <phil.hunt@independentid.com>
Cc: RFC Errata System <rfc-editor@rfc-editor.org>, francesca.palombini@ericsson.com, Nancy Cam-Winget <ncamwing@cisco.com>, egil@assimilated.dk, SCIM WG <scim@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003aae4805e87c5be7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/JuT5pMlu8z8idehEwh3GqB-aAe8>
Subject: Re: [scim] [Technical Errata Reported] RFC7644 (7122)
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Sep 2022 15:14:54 -0000

These are the possible answers:

https://www.rfc-editor.org/errata-definitions/

I agree that we can't use "Verified" since the text of the RFC represents
the consensus at the time it was published.  We would normally verify an
erratum if what the community meant to publish and what actually got
published were not the same thing.

Perhaps "Hold For Document Update" is the appropriate response?

-MSK, ART AD

On Fri, Sep 9, 2022 at 12:33 PM Phillip Hunt <phil.hunt@independentid.com>
wrote:

>
> As one of the RFC authors (phil.hunt@yahoo.com), I think this probably
> has to be rejected because it introduces a normative change.
>
>
> Reason: The specified way to handle multi-valued attribute is to use a
> valuePath expression using “value” as the sub-attribute (even when the
> attribute is not complex) per:
>
>  o  If the target location is a multi-valued attribute and a complex
>       filter is specified comparing a "value", the values matched by the
>       filter are removed.  If no other values remain after removal of
>       the selected values, the multi-valued attribute SHALL be
>       considered unassigned.
>
>
> I agree the errata suggests an easier way that is likely supported in many
> implementations but still represents a normative change. There is also a
> side-effect if introducing new conditional logic on single valued attrubtes
> that were not originally intended.
>
> As to the example cited in the errata the correct way to specify per the
> paragraph above is:
> {
>  "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
>  "Operations":[{
>    "op":"remove",
>    "path":”schemas[value eq
> \"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User\]""
>  }]
> }
>
> With that said, I find myself sayinig why not?  The working group may wish
> to take this on in any SCIM 2.x discussions.
>
> Phillip Hunt
> @independentid
> phil.hunt@independentid.com
>
>
>
>
> On Sep 8, 2022, at 3:33 AM, RFC Errata System <rfc-editor@rfc-editor.org>
> wrote:
>
> The following errata report has been submitted for RFC7644,
> "System for Cross-domain Identity Management: Protocol".
>
> --------------------------------------
> You may review the report below and at:
> https://www.rfc-editor.org/errata/eid7122
>
> --------------------------------------
> Type: Technical
> Reported by: Egil Hansen <egil@assimilated.dk>
>
> Section: 3.5.2
>
> Original Text
> -------------
>   The "path" attribute is described by the following ABNF syntax rule:
>
>                   PATH = attrPath / valuePath [subAttr]
>
>                      Figure 7: SCIM PATCH PATH Rule
>
>   The ABNF rules "attrPath", "valuePath", and "subAttr" are defined in
>   Section 3.4.2.2.  The "valuePath" rule allows specific values of a
>   complex multi-valued attribute to be selected.
>
> Corrected Text
> --------------
>   The "path" attribute is described by the following ABNF syntax rule:
>
>                   PATH = attrPath / valuePath [subAttr] / attrExp
>
>                      Figure 7: SCIM PATCH PATH Rule
>
>   The ABNF rules "attrPath", "valuePath", "subAttr", and "attrExp" are
>   defined in Section 3.4.2.2. The "valuePath" rule allows specific
>   values of a complex multi-valued attribute to be selected.
>
> Notes
> -----
> In section 3.5.2.2. (Remove Operation), states:
>
> "If the target location is a multi-valued attribute and a complex
> filter is specified comparing a "value", the values matched by the
> filter are removed.  If no other values remain after removal of
> the selected values, the multi-valued attribute SHALL be
> considered unassigned."
>
> This means it should be possible to create a filter that selects a value
> from a multi-valued attribute that is not complex. Writing such a filter
> seems impossible without having "attrExp" as a possible legal PATH.
>
> In section 3.4.2.2.  (Filtering) there is an example that shows how such a
> filter could look for a multi-valued attribute, i.e.:
>
> filter=
> schemas eq "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
>
> This would also work for a path filter, e.g.:
>
> {
>  "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
>  "Operations":[{
>    "op":"remove",
>    "path":"schemas eq
> \"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User\""
>  }]
> }
>
> Instructions:
> -------------
> This erratum is currently posted as "Reported". If necessary, please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party
> can log in to change the status and edit the report, if necessary.
>
> --------------------------------------
> RFC7644 (draft-ietf-scim-api-19)
> --------------------------------------
> Title               : System for Cross-domain Identity Management: Protocol
> Publication Date    : September 2015
> Author(s)           : P. Hunt, Ed., K. Grizzle, M. Ansari, E. Wahlstroem,
> C. Mortimore
> Category            : PROPOSED STANDARD
> Source              : System for Cross-domain Identity Management
> Area                : Applications and Real-Time
> Stream              : IETF
> Verifying Party     : IESG
>
>
>

v2.23.0 | Report a Bug | By Email