IETF Logo Mail Archive

Re: [scim] [Technical Errata Reported] RFC7644 (4670)

Kelly Grizzle <kelly.grizzle@sailpoint.com> Wed, 11 May 2016 01:51 UTC

Return-Path: <kelly.grizzle@sailpoint.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AE5912D0E8 for <scim@ietfa.amsl.com>; Tue, 10 May 2016 18:51:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sailpoint.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sVnHaKxNsXW5 for <scim@ietfa.amsl.com>; Tue, 10 May 2016 18:51:21 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0117.outbound.protection.outlook.com [207.46.100.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B61F12B02E for <scim@ietf.org>; Tue, 10 May 2016 18:51:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sailpoint.onmicrosoft.com; s=selector1-sailpoint-com; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=/nHmo0z8vrg1qBKcq0Ds2a1jehsJnVrP6jYf3aHh6x4=; b=TIWws5uG14WFXTqzq2ZkTtnAqKmXjOyH9PF42Q366P8/3/SytypKA0CI6BAuIAmrl3psJ8o9Hq7JH7lNkbUfly06KmHtu8wcrpu/K0ubXG25M+j5TOy9TLDAS1PoHnErupi5gbF0EivMCJWblZP4/L7UDZuBT9IKGWa9uhRgt0s=
Received: from CY1PR04MB2363.namprd04.prod.outlook.com (10.167.10.143) by CY1PR04MB2361.namprd04.prod.outlook.com (10.167.10.141) with Microsoft SMTP Server (TLS) id 15.1.492.11; Wed, 11 May 2016 01:51:19 +0000
Received: from CY1PR04MB2363.namprd04.prod.outlook.com ([10.167.10.143]) by CY1PR04MB2363.namprd04.prod.outlook.com ([10.167.10.143]) with mapi id 15.01.0492.016; Wed, 11 May 2016 01:51:19 +0000
From: Kelly Grizzle <kelly.grizzle@sailpoint.com>
To: Leif Johansson <leifj@sunet.se>, Phil Hunt <phil.hunt@oracle.com>
Thread-Topic: [scim] [Technical Errata Reported] RFC7644 (4670)
Thread-Index: AQHRl1RPIlehiTER+EOZ6qVD4f2aqZ+ymkwAgAABRICAADNhEA==
Date: Wed, 11 May 2016 01:51:19 +0000
Message-ID: <CY1PR04MB236389514D2C4D2B6D7194E1E2720@CY1PR04MB2363.namprd04.prod.outlook.com>
References: <20160415202027.AC0E918000B@rfc-editor.org> <BEB12748-C591-4F76-9399-FC49DBB27876@oracle.com> <0F41C202-07AE-40CF-AEBB-74FB9AFB3B34@sunet.se>
In-Reply-To: <0F41C202-07AE-40CF-AEBB-74FB9AFB3B34@sunet.se>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: sunet.se; dkim=none (message not signed) header.d=none;sunet.se; dmarc=none action=none header.from=sailpoint.com;
x-originating-ip: [70.114.154.180]
x-ms-office365-filtering-correlation-id: 1148ca50-f935-41b6-680f-08d3793ebf7c
x-microsoft-exchange-diagnostics: 1; CY1PR04MB2361; 5:j2JVHO78X3Z2TYpZfOFNWRpSeph+9XDRkKSOBXAd7OlTysJHV4S5PyTV6RKTVs4mY3pW/RuB1EMMjlbylQIWlEj/1h07C/u8lL64W3kvH7lhdmPlAOCL9bNpqpkzqrKfJBKISWAmwIg7zfRn8A96bw==; 24:2HyhRMi8XtQXPE6i7f12THZ7uKnVfR/biMV3dWHJtzWpOe6FpuU8mo/EmOTihV4NHYYF7HzZrCx8fSk43g934mQQL915Isvi+xlvM9DsHcM=; 7:pgWp+crLHTo9xTbuKfJRzP6IG7YZhyIugaOzId9TrfaZ0fkQ9Mc9siRrlAdPmxYxRm2WGSkoTbTth5iQSdhZEE8AkWzuUyOayIfsf+AcWeKVDhBtS2GFBcY4A+tpoHzoeAmFASff0tHsgp7a+IRpy3ZFE+dN6HXcCEfNblCG5Iq1i5ud22/c3F//qA160ihX
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR04MB2361;
x-microsoft-antispam-prvs: <CY1PR04MB2361A73651A4CB76AAEAB411E2720@CY1PR04MB2361.namprd04.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(95692535739014);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046); SRVR:CY1PR04MB2361; BCL:0; PCL:0; RULEID:; SRVR:CY1PR04MB2361;
x-forefront-prvs: 0939529DE2
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(377454003)(24454002)(106116001)(19609705001)(19580405001)(33656002)(19580395003)(122556002)(2906002)(5003600100002)(790700001)(586003)(81166006)(76576001)(5001770100001)(3846002)(3280700002)(1220700001)(19617315012)(6116002)(4326007)(16601075003)(87936001)(5008740100001)(1680700002)(102836003)(5002640100001)(3660700001)(189998001)(2900100001)(2950100001)(92566002)(11100500001)(15188155005)(5004730100002)(77096005)(66066001)(86362001)(74316001)(10400500002)(15975445007)(8936002)(16236675004)(99286002)(76176999)(54356999)(19625215002)(9686002)(50986999)(16799955002)(19300405004)(7059030); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR04MB2361; H:CY1PR04MB2363.namprd04.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY1PR04MB236389514D2C4D2B6D7194E1E2720CY1PR04MB2363namp_"
MIME-Version: 1.0
X-OriginatorOrg: sailpoint.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 May 2016 01:51:19.5031 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9c848b2a-49ba-4c39-9749-118d06717a84
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR04MB2361
Archived-At: <http://mailarchive.ietf.org/arch/msg/scim/Lz072PRE276LCpGhXXO3JC2apdI>
X-Mailman-Approved-At: Wed, 11 May 2016 00:47:47 -0700
Cc: "ben@nostrum.com" <ben@nostrum.com>, "aamelnikov@fastmail.fm" <aamelnikov@fastmail.fm>, "morteza.ansari@cisco.com" <morteza.ansari@cisco.com>, "alissa@cooperw.in" <alissa@cooperw.in>, "zmeeagain@gmail.com" <zmeeagain@gmail.com>, "scim@ietf.org" <scim@ietf.org>, "erik.wahlstrom@nexusgroup.com" <erik.wahlstrom@nexusgroup.com>, Morteza Ansari <moransar@cisco.com>, Chuck Mortimore <cmortimore@salesforce.com>, RFC Errata System <rfc-editor@rfc-editor.org>
Subject: Re: [scim] [Technical Errata Reported] RFC7644 (4670)
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 May 2016 01:51:25 -0000

I’m happy with Phil’s suggestion.

From: Leif Johansson [mailto:leifj@sunet.se]
Sent: Tuesday, May 10, 2016 12:55 PM
To: Phil Hunt <phil.hunt@oracle.com>
Cc: RFC Errata System <rfc-editor@rfc-editor.org>; Kelly Grizzle <kelly.grizzle@sailpoint.com>; morteza.ansari@cisco.com; erik.wahlstrom@nexusgroup.com; Chuck Mortimore <cmortimore@salesforce.com>; ben@nostrum.com; alissa@cooperw.in; aamelnikov@fastmail.fm; Morteza Ansari <moransar@cisco.com>; scim@ietf.org; zmeeagain@gmail.com
Subject: Re: [scim] [Technical Errata Reported] RFC7644 (4670)

Others? Should we ask the rfc editor to submit the errata with phils text?

Skickat från min iPhone

10 maj 2016 kl. 19:51 skrev Phil Hunt <phil.hunt@oracle.com<mailto:phil.hunt@oracle.com>>:
After some review, I believe this errata report is valid, however the corrective text does not fully address the issue.

The original text mixed the notion of order or processing vs. order of precedence. I have simplified the introductory sentence and changed the order of items to reflect the text. I believe this correction reflects the way people have implemented the specification.

It should say:
-------
Filters MUST be evaluated using the following order of precedence:
1. Attribute operators (i.e. eq ne co sw ew pr gt ge lt le)
2. Grouping operators
3. Logical operators - where “not” takes precedence over “and”, and which takes precedence over “or”
-------
I have placed grouping operators ahead of logical operators and made attribute operators top priority. In SCIM you cannot use “not” in the middle of an attribute expression.  This processing makes expression like the following work:


filter=userType ne "Employee" and not (emails co "example.com<http://example.com>" or

  emails.value co "example.org<http://example.org>")


Phil

@independentid
www.independentid.com<http://www.independentid.com>
phil.hunt@oracle.com<mailto:phil.hunt@oracle.com>


On Apr 15, 2016, at 1:20 PM, RFC Errata System <rfc-editor@rfc-editor.org<mailto:rfc-editor@rfc-editor.org>> wrote:

The following errata report has been submitted for RFC7644,
"System for Cross-domain Identity Management: Protocol".

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata_search.php?rfc=7644&eid=4670

--------------------------------------
Type: Technical
Reported by: Vassilis Michalitsis <zmeeagain@gmail.com<mailto:zmeeagain@gmail.com>>

Section: 3.4.2.2

Original Text
-------------
Filters MUST be evaluated using the following order of operations, in
  order of precedence:

  1.  Grouping operators

  2.  Logical operators - where "not" takes precedence over "and",
      which takes precedence over "or"

  3.  Attribute operators

Corrected Text
--------------
Filters MUST be evaluated using the following order of operations, in
  order of precedence:

  1.  Grouping operators

  2.  Attribute operators

  3.  Logical operators - where "not" takes precedence over "and",
      which takes precedence over "or"

Notes
-----
It seems that the precedence of logical and attribute precedence is reversed? The filter filter=title sw "M" and userType eq "Employee" is meant to be interpreted as filter=(title sw "M") and (userType eq "Employee").
This is also the "expected" behaviour consistent with most other languages - with the notable exception of unary "or" which in SCIM is disambiguated as it can only apply to a parenthesized filter expression.

Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party (IESG)
can log in to change the status and edit the report, if necessary.

--------------------------------------
RFC7644 (draft-ietf-scim-api-19)
--------------------------------------
Title               : System for Cross-domain Identity Management: Protocol
Publication Date    : September 2015
Author(s)           : P. Hunt, Ed., K. Grizzle, M. Ansari, E. Wahlstroem, C. Mortimore
Category            : PROPOSED STANDARD
Source              : System for Cross-domain Identity Management
Area                : Applications and Real-Time
Stream              : IETF
Verifying Party     : IESG

_______________________________________________
scim mailing list
scim@ietf.org<mailto:scim@ietf.org>
https://www.ietf.org/mailman/listinfo/scim

v2.23.0 | Report a Bug | By Email