Re: [scim] [Technical Errata Reported] RFC7644 (4670)
Phil Hunt <phil.hunt@oracle.com> Tue, 10 May 2016 17:51 UTC
Return-Path: <phil.hunt@oracle.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51BDD12D581 for <scim@ietfa.amsl.com>; Tue, 10 May 2016 10:51:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.216
X-Spam-Level:
X-Spam-Status: No, score=-5.216 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UBMi3vh-zE6o for <scim@ietfa.amsl.com>; Tue, 10 May 2016 10:51:02 -0700 (PDT)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE6A112D58B for <scim@ietf.org>; Tue, 10 May 2016 10:51:02 -0700 (PDT)
Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u4AHosie032483 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 10 May 2016 17:50:55 GMT
Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by userv0021.oracle.com (8.13.8/8.13.8) with ESMTP id u4AHorKi022082 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 10 May 2016 17:50:53 GMT
Received: from abhmp0004.oracle.com (abhmp0004.oracle.com [141.146.116.10]) by userv0121.oracle.com (8.13.8/8.13.8) with ESMTP id u4AHooD2003034; Tue, 10 May 2016 17:50:51 GMT
Received: from [10.0.1.21] (/24.86.216.17) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 10 May 2016 10:50:49 -0700
Content-Type: multipart/alternative; boundary="Apple-Mail=_563943A1-5EEA-4285-B0C9-D603530A90D3"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Phil Hunt <phil.hunt@oracle.com>
In-Reply-To: <20160415202027.AC0E918000B@rfc-editor.org>
Date: Tue, 10 May 2016 10:50:46 -0700
Message-Id: <BEB12748-C591-4F76-9399-FC49DBB27876@oracle.com>
References: <20160415202027.AC0E918000B@rfc-editor.org>
To: RFC Errata System <rfc-editor@rfc-editor.org>
X-Mailer: Apple Mail (2.3124)
X-Source-IP: userv0021.oracle.com [156.151.31.71]
Archived-At: <http://mailarchive.ietf.org/arch/msg/scim/VvGUWLf7TJtfJrZksyeAmNP83eA>
X-Mailman-Approved-At: Tue, 10 May 2016 12:46:07 -0700
Cc: ben@nostrum.com, aamelnikov@fastmail.fm, morteza.ansari@cisco.com, alissa@cooperw.in, leifj@sunet.se, scim@ietf.org, Kelly Grizzle <kelly.grizzle@sailpoint.com>, zmeeagain@gmail.com, erik.wahlstrom@nexusgroup.com, Morteza Ansari <moransar@cisco.com>, Chuck Mortimore <cmortimore@salesforce.com>
Subject: Re: [scim] [Technical Errata Reported] RFC7644 (4670)
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 May 2016 17:51:05 -0000
After some review, I believe this errata report is valid, however the corrective text does not fully address the issue. The original text mixed the notion of order or processing vs. order of precedence. I have simplified the introductory sentence and changed the order of items to reflect the text. I believe this correction reflects the way people have implemented the specification. It should say: ------- Filters MUST be evaluated using the following order of precedence: 1. Attribute operators (i.e. eq ne co sw ew pr gt ge lt le) 2. Grouping operators 3. Logical operators - where “not” takes precedence over “and”, and which takes precedence over “or” ------- I have placed grouping operators ahead of logical operators and made attribute operators top priority. In SCIM you cannot use “not” in the middle of an attribute expression. This processing makes expression like the following work: filter=userType ne "Employee" and not (emails co "example.com" or emails.value co "example.org") Phil @independentid www.independentid.com <http://www.independentid.com/>phil.hunt@oracle.com <mailto:phil.hunt@oracle.com> > On Apr 15, 2016, at 1:20 PM, RFC Errata System <rfc-editor@rfc-editor.org> wrote: > > The following errata report has been submitted for RFC7644, > "System for Cross-domain Identity Management: Protocol". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata_search.php?rfc=7644&eid=4670 > > -------------------------------------- > Type: Technical > Reported by: Vassilis Michalitsis <zmeeagain@gmail.com> > > Section: 3.4.2.2 > > Original Text > ------------- > Filters MUST be evaluated using the following order of operations, in > order of precedence: > > 1. Grouping operators > > 2. Logical operators - where "not" takes precedence over "and", > which takes precedence over "or" > > 3. Attribute operators > > Corrected Text > -------------- > Filters MUST be evaluated using the following order of operations, in > order of precedence: > > 1. Grouping operators > > 2. Attribute operators > > 3. Logical operators - where "not" takes precedence over "and", > which takes precedence over "or" > > Notes > ----- > It seems that the precedence of logical and attribute precedence is reversed? The filter filter=title sw "M" and userType eq "Employee" is meant to be interpreted as filter=(title sw "M") and (userType eq "Employee"). > This is also the "expected" behaviour consistent with most other languages - with the notable exception of unary "or" which in SCIM is disambiguated as it can only apply to a parenthesized filter expression. > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party (IESG) > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC7644 (draft-ietf-scim-api-19) > -------------------------------------- > Title : System for Cross-domain Identity Management: Protocol > Publication Date : September 2015 > Author(s) : P. Hunt, Ed., K. Grizzle, M. Ansari, E. Wahlstroem, C. Mortimore > Category : PROPOSED STANDARD > Source : System for Cross-domain Identity Management > Area : Applications and Real-Time > Stream : IETF > Verifying Party : IESG > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim
- [scim] [Technical Errata Reported] RFC7644 (4670) RFC Errata System
- Re: [scim] [Technical Errata Reported] RFC7644 (4… Leif Johansson
- Re: [scim] [Technical Errata Reported] RFC7644 (4… Phil Hunt
- Re: [scim] [Technical Errata Reported] RFC7644 (4… Phil Hunt
- Re: [scim] [Technical Errata Reported] RFC7644 (4… Phil Hunt
- Re: [scim] [Technical Errata Reported] RFC7644 (4… Leif Johansson
- Re: [scim] [Technical Errata Reported] RFC7644 (4… Kelly Grizzle
- Re: [scim] [Technical Errata Reported] RFC7644 (4… Steve Moyer