IETF Logo Mail Archive

Re: [scim] Error extensibility in SCIM - meeting follow up

Danny Zollner <Danny.Zollner@microsoft.com> Wed, 17 January 2024 17:02 UTC

Return-Path: <Danny.Zollner@microsoft.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B18FC14CE27 for <scim@ietfa.amsl.com>; Wed, 17 Jan 2024 09:02:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QMwrvjAvKh7v for <scim@ietfa.amsl.com>; Wed, 17 Jan 2024 09:02:36 -0800 (PST)
Received: from BN3PR00CU001.outbound.protection.outlook.com (mail-eastus2azon11020003.outbound.protection.outlook.com [52.101.56.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DFC9C1519BA for <scim@ietf.org>; Wed, 17 Jan 2024 09:02:27 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=klkNiCpBpN/DaFO9pJudSDarhLTa01GlQdm0BdKkxY09hfEwmMwpbzQOHgsMR2K6BHqZZ1dAhzisAVsWIfhcn0ars83dr/wHCdglF3Gftnkrzz3KD8YAhZpJHXpFATfM2qJpFIfMivVw/42EBSGbOENhR5Uc1QkJmwt7CvYTQJqpYmpCJrnhX0w79Rqf/1iB5I7r+l7M+WA4q8aEgSmBc0CxYAefNBVu1mJywpwpRgtkcuP0G+ESzUT3ovkc4c3SVtnvEj9tffQssVOJWKoHxZNJNpnIB4861y42wSmn2hYN0gitsIR6v8ZPRKjrXYYz3v+I5Ghm1D1zdhSvaVyd8A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UNhukYGSE2a9acec9YVWEqxkSlsL1RpDxRFA9iQ89/Q=; b=CpHteuKDAmGhCYrb+XG6BVDI8g5qmeQ7mUz+hQiJC//kAisIzmj7VfMgHqJLLdTDz+UoxhMgqLrW2PwpomFZzDJcTt8i19L+ud9FuUwUSvUmTU52THuPmplAbmJLlIso6o8E+2UMqq/aW90nG4WbC/HuA02WsTiu6EJisyyg+7g+3CsqqHpSDTUU0nD8z4nO5TzhkmXg2yHOQfCrjUPZ2c+cpYA6rmmqf09ruYz3yzIicKNdzhg8rbjr1qDY4Qt0WHHTJVeXgI2vrVJKFV1ej6iAGckzTznB9Rk869LR2g9Kxj7ceRjvz+RVevMe3yeL8OsmWxU46jjKzo/gn+zbsQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UNhukYGSE2a9acec9YVWEqxkSlsL1RpDxRFA9iQ89/Q=; b=WdhvgAiq0/SrARCXHbjVN5SIE9HDnaS8FF+ICANjRQ6G2T+9hjHuOYh3rtnTss7matvF7rA+699PFCgZjp3RWhaBYOhfPCihaenWs1ZAC0BcjqeGHPw+cJEbvxZnyshtI3d0Rkyrv2nqJ83U6dugpD5UpxFFnrxXbx9pRknazKs=
Received: from PH7PR00MB1621.namprd00.prod.outlook.com (2603:10b6:510:2e5::12) by PH0PR00MB1332.namprd00.prod.outlook.com (2603:10b6:510:10f::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7240.0; Wed, 17 Jan 2024 17:02:23 +0000
Received: from PH7PR00MB1621.namprd00.prod.outlook.com ([fe80::30c8:f2de:4f27:20dd]) by PH7PR00MB1621.namprd00.prod.outlook.com ([fe80::30c8:f2de:4f27:20dd%3]) with mapi id 15.20.7245.000; Wed, 17 Jan 2024 17:02:23 +0000
From: Danny Zollner <Danny.Zollner@microsoft.com>
To: Jennifer Schreiber <jennifer.winer=40workday.com@dmarc.ietf.org>, "scim@ietf.org" <scim@ietf.org>
Thread-Topic: Error extensibility in SCIM - meeting follow up
Thread-Index: AQHaSWFOrF9BhnktTEedJF5D2RzO6LDeOGyA
Date: Wed, 17 Jan 2024 17:02:23 +0000
Message-ID: <PH7PR00MB16217886228AF035305CDEF1FF722@PH7PR00MB1621.namprd00.prod.outlook.com>
References: <CY4PR06MB34132DAEE819AB18D45EC76996722@CY4PR06MB3413.namprd06.prod.outlook.com>
In-Reply-To: <CY4PR06MB34132DAEE819AB18D45EC76996722@CY4PR06MB3413.namprd06.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=67cfeff3-f7ee-4ac8-8bf4-3647b663cf6a; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2024-01-17T16:52:44Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH7PR00MB1621:EE_|PH0PR00MB1332:EE_
x-ms-office365-filtering-correlation-id: 6a21c805-66fc-4f17-4915-08dc177e1331
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: FGmHqvwCqJLd3wtPlx/pN4jOMKJLTsqgBhCpaVyby4RuEYc2wN+7mGx6+j33c+Im7+tZICUZmeG3ero4igh3u9SQRatDAWo4xDEJtgVIB+kY4HrhnLTV9z5crZuoZxCjD1DkCSOu3OvX4nxz6g0rDPViD/tTJQD/SaVpyubq3uf9Lp7jlNAZ1D4u5lRaabX5RexYFGDdip0Uuofg/vdYzR5D7IObcIxyx+bpDaE/dre1XXHNecz2fRgrcmUy33r+pcOas17QpOXqdgLlIDwasISZxv1zuRukZGbU4W16KgrmTD+1/eo9fneJ8Gd1kadtAGMBIVfsgw5pIHb+eYfeglpSpAli61DuzQv/Pf7EGXdyGCO3wN3IFvFW2BY/ZoARqUfMM2PEVQOUDYk91a7FC27DdjnW3aiAIzHkvQWQabORNPGpRDNZx+NA9/HurakaOzDI8UZTDZ2j0xMNjeKNGBl797qMNW8Nt/e3PeE8t83i3FzFueQMOuG6c2fA6GBcPAbvNwfZLCVT1+78kHH6BLNnr9oKAdQs/W2L+z1L7ovG1V/TsrWvvB0w8sMs/K0kscF3bEMGiBVrwfIKs8tYWPYf+DuFz//plE8Ic00EMZMIEuy7y7o65Vkym4q6vqSXn0I2gPZGQrN20FEXlbtY2Q==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH7PR00MB1621.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(39860400002)(376002)(346002)(136003)(366004)(396003)(230173577357003)(230922051799003)(230273577357003)(1800799012)(186009)(451199024)(64100799003)(66946007)(76116006)(55016003)(166002)(38100700002)(82960400001)(82950400001)(6506007)(7696005)(64756008)(71200400001)(9686003)(10290500003)(53546011)(38070700009)(5660300002)(52536014)(66556008)(110136005)(316002)(66446008)(66476007)(86362001)(478600001)(8676002)(26005)(83380400001)(8936002)(122000001)(33656002)(2906002)(41300700001)(8990500004); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: /GZ4PVOUXgusxssp/JnNyJY5uHT6zQ9zBd/IctBOdMNm1NbgkVy++fRmTlRGciRT+W+vzR/Ta5SQPy5/CTIOPxH58QTSnnFq+kGxl62cs5UncbYF3r7ObNka3vHyIcFM5rDtsBAbGDcbtXW5NmF4GomzerjN9bQs5G/+ZnpZf5e4oS3mLXQZRa+CLrods413wO+JO5xluEtVq7w38IixpZGrCgatpH4tJIhNwNLRlqYPl+vkSNMT1iIpRtV2XhQNUOMdAgfgjMyi+xdf7cCFTcayit4OChjDLu0lsbqGgGZEe+Apb8t2MbQgB+FcOWEim/tKp5bPKxNaXn480tp4jAGoR2vp1I2kMHH8YKEEJQrGTpSMrChqSsU9SwRc5i8stZAY3A6W7vTfi+X6rnud3jJCqemGgCYmqTD5kKE2j2RkB6f8zgtLyGAbZbpwtBIf7q2SwHb7SP6WOCIVz8QAZuDzYXVeXCjBM/ChNL7PipgdLI+CFcZMvLxvIYdYs7tP7FDLIarMCxWNzE83iLGvgkrKpCZDXDP3uG5zdevIButQEwPHe3M1hD5kscRmsK537wsGW7h9vWkwFNaGoxnSoXe31gMuSJMnmvCdAIyaWwniERbY/q7DVKEhRDKJ7Fx9uEJzaT82p7ciruwqfFjSFkowvPuJc//LdK1twf9O3LlllHcRaaJJcYqqtm525KSBOOP4NQg7F2OICxP8wsjVbj66bM/i9CWflFzvLopvXRNfz4wkBhGZHVbsfnOoDeNYNPIYAMvUI2Z1vExHXhjUKw1sYZ7m2c+l0ZlpHq10y57/azTyYHaIJGMiHvgx10k9DK1j0R4oCihN+HEvDWwaLeUzRmeNEp1joT2dEACimLyp0udM1VEPi6ZLFBWWLTgpeY7Y6BkvucyFVS2X7zVMotV/4u2zNqBomofjqVNVBp6k4V+MRxsJCQ+CyUlBEc5gk6cDoGYHzthjLnCk6Yioypuhmi8xyZaFoEW3vD2yVlqJnoWw8qhWa/o7lIDCopUE9STEjIsZgGLWsMZYZ0PaDk5JuT6Sdg9FokYVXUkCa4VGSPODz28iJm3Y+GqB9tyggJyZawtdD5e4uDYhEGIgnm36FArM7LtFJjXBAcr3E8+jQT0c0CfoLu/Ksk/EclfZOEgJ5lu8KeAHyZlMyhmIXBrht+ziBHB0fn3bTRYdnrdO+Z6ydzVX+VfrfNzKp+wMFc4O/d+YLCcPwJX3Mu2Q9mCc7Qmcmih05Mt+xte5Kg65BVNARUSGWol1owmPPSWffVM54CqNQhJEmlEcu9Q/78644UjfLNyMh18udJthSZz5DMOfL3pL5qvC37Q6joaRWVvTobvRPEhu0j3Ny8Nwx5XY2B81PXkw89iaI9rmvfFqyk1F5E6LoqI2aeaszAVSbtVPxgV3KlsM/c/B8nQoJEQ8YnyS0yNdO2vX1xewnd+rI7WcnyfQdkQn4fdKxpZ7J8xxtQXsIgYlhDWQ5KlEuZnHsHx7dlcd8w+yPMdVAjSKw6xI3PXz6Cdhdyl9JlrFO099pIY8golABmaKxVoKuHubdj4xF6trbSx7+6WhJNqNYESF8ypP1JvHFCvwZeKg
Content-Type: multipart/alternative; boundary="_000_PH7PR00MB16217886228AF035305CDEF1FF722PH7PR00MB1621namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH7PR00MB1621.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6a21c805-66fc-4f17-4915-08dc177e1331
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jan 2024 17:02:23.4695 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: pGOwcdp8Lu6adt3narKB800FCamalJ+y/NaNY/e1+6hmzNndwxI90cRiBTT1pPNsS9DiiEwYhir2uXQdP81/3Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR00MB1332
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/YV8F-GKo3h5x71exgdnGzhnJ_z8>
Subject: Re: [scim] Error extensibility in SCIM - meeting follow up
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jan 2024 17:02:37 -0000

I looked at the spec some months ago specifically to figure out a similar question on extending the schema of these urn:ietf:params:scim:api:.. responses with additional attributes. This snippet from 7644 section 3.1 served as my answer at the time:

'As SCIM protocol messages are fixed and defined by SCIM specifications and registered extensions, SCIM message schemas using the above prefix URN SHALL NOT be discoverable using the "/Schemas" endpoint.'

Since scimType is stated to be optional I think you're clear to return a status 400 and use the value of the detail attribute to pass additional information even if it doesn't align to a scimType / description in table 9 of 7644 (part of section 3.12). I'd be interested in further discussions on extending API messages, so I'll try to make it to the next few interim meetings.

Thanks,

Danny Zollner

From: scim <scim-bounces@ietf.org> On Behalf Of Jennifer Schreiber
Sent: Wednesday, January 17, 2024 10:30 AM
To: scim@ietf.org
Subject: [EXTERNAL] [scim] Error extensibility in SCIM - meeting follow up

Some people who received this message don't often get email from jennifer.winer=40workday.com@dmarc.ietf.org<mailto:jennifer.winer=40workday.com@dmarc.ietf.org>. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification>
Thanks everyone for a great discussion yesterday at the meeting. We discussed error handling as relevant to scim events draft and RFC 7644.

Mainly, the big question that came up:
Is there any extensibility method for the error messages ("urn:ietf:params:scim:api:messages:2.0:Error"), similar to Section 3.3 of RFC 7643<https://datatracker.ietf.org/doc/html/rfc7643#section-3.3>? Can error messages, as well as the other scim messages defined in Section 8.2 of RFC 7644<https://datatracker.ietf.org/doc/html/rfc7644#section-8.2> be extended?

Section 3.12 of RFC 7644<https://datatracker.ietf.org/doc/html/rfc7644#section-3.12> is a bit vague about the matter.

This came up for my internally, as the error message is not meeting my implementation needs. We're requiring an additional field, errorCode. Anjali also mentioned the need for an jsonPath field.

During the meeting, we talked through a couple ideas (that I will review in the next meeting) such as below, but we kept coming back to the same extensibility question. I wanted to open up the discussion here prior to the meeting.

```
   {
     "schemas": ["urn:ietf:params:scim:api:messages:2.0:Error", "urn:ietf:params:scim:api:extension:messages:2.0:AdvancedError"],
     "scimType":"mutability"
     "detail":"Attribute 'id' is readOnly",
     "status": "400"
     "urn:ietf:params:scim:api:extension:messages:2.0:AdvancedError": {
         "errorCode": "ABC-1235"
     }
   }
```

Thanks,
Jen

v2.23.0 | Report a Bug | By Email