IETF Logo Mail Archive

Re: [scim] unknown attribute type in attribute selection parameter

Dale Olds <olds@vmware.com> Fri, 11 May 2018 02:34 UTC

Return-Path: <olds@vmware.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50DD512D80F for <scim@ietfa.amsl.com>; Thu, 10 May 2018 19:34:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.92
X-Spam-Level:
X-Spam-Status: No, score=-2.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=onevmw.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yd_ZKRdgcgwi for <scim@ietfa.amsl.com>; Thu, 10 May 2018 19:34:21 -0700 (PDT)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on0051.outbound.protection.outlook.com [104.47.36.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B99B12D80E for <scim@ietf.org>; Thu, 10 May 2018 19:34:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=onevmw.onmicrosoft.com; s=selector1-vmware-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=HKhiDswTf9brQJDQDCNJZg9chJCekPzxgpc+Mc25mBw=; b=CbUsWfrG+ySdFfbfIG7QuYhz+/r0sgmfVVE+GdDAG17qAOn/bCUlUgTv9ORRciokPKi1VlhorTurRanIJQ6f3oeRCnFi/wQYLoqULAIRjxHE9Sjg0PDTwkvq89mFi/8gqUXLFE2SHk5YbHS95EIvYusfxMJF4MUc5L8xvo9UclY=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=olds@vmware.com;
Received: from [IPv6:2601:646:c103:10ff:21cf:ef2f:8885:d67] (2601:646:c103:10ff:21cf:ef2f:8885:d67) by DM5PR05MB3658.namprd05.prod.outlook.com (2603:10b6:4:3d::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.776.4; Fri, 11 May 2018 02:34:19 +0000
To: Phil Hunt <phil.hunt@oracle.com>
Cc: scim@ietf.org
References: <546bd659-175a-f036-4fa2-0d2575091336@vmware.com> <9F5709A3-FC58-481C-A909-DB526D12D1D7@oracle.com>
From: Dale Olds <olds@vmware.com>
Message-ID: <8d8688e2-cbcd-d6ac-cf45-703794a30354@vmware.com>
Date: Thu, 10 May 2018 19:34:15 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <9F5709A3-FC58-481C-A909-DB526D12D1D7@oracle.com>
Content-Type: multipart/alternative; boundary="------------F152A866F07CA0D1F31056A4"
Content-Language: en-US
X-Originating-IP: [2601:646:c103:10ff:21cf:ef2f:8885:d67]
X-ClientProxiedBy: BYAPR03CA0035.namprd03.prod.outlook.com (2603:10b6:a02:a8::48) To DM5PR05MB3658.namprd05.prod.outlook.com (2603:10b6:4:3d::27)
X-MS-PublicTrafficType: Email
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(2017052603328)(7153060)(7193020); SRVR:DM5PR05MB3658;
X-Microsoft-Exchange-Diagnostics: 1; DM5PR05MB3658; 3:EsN50GEUzqFUuXXiwCYDNAbJyvMFMIURCErZ3Wsu7V9zSEvjo8EY98ZWgRBPBDyCyQXsiD7NEP+Bm4YIVj+Cq10xReDpfLm2mbjopM8WkqF+PQhPS+l9wKRXnS6TgnbT+5FKKuQswU0K+V72TdBW3kTfrX+RsviSFoy8uQmYNtY4PLVHR1lDZBW/SHt4BLEc8sqDOP692xcwc0dH8dI3kF8rdD1LxMGHwY01NFGzE/L4brsb6GTFaAbrP1107XDH; 25:HWhP/Rs0Ns0Yf6dCHqveHnvmdX0hyNyjGerftDAnEAWgeCHLitbSzGfMy9yUnXXNQTvYlveMuJD61cDfEel9XPCAol+bFvTYwLGzzX71xv2nNdftX7NNye7CiqyGhj2k5l8V2upbNJZJtWQdctJ0IUz+9k0lw9IxX834EjjJUwzEjrt4ytofyHp72EbRUcPl4n0pzbJbk8jpRjNcItM1S3y5UutdeqgS4KqF0WswUIovwl8PxSJBIAckUITbPy44vFxURfCmc+hr3ZXbFBbTZKRkRH1g3ZlJWXjPv4Gk9PJzS0wcQhnpc0yL7rvNQ9YjmIGEtVuzaHwdYkWnuNEwCg==; 31:nenAwYRJp/XavjO/E4Z5RDnsTrzDBQhv/QZiQd2fRM3ZWwIEaCmGIicAx3pCQIopmhq7o4LX72fdMKnjmBBVH0aIpFjvaZiJ8Op+qQYWaGJIqfBwIj+Bus79t3bqJ0x3VdB1KnQGDjGXLbCP6XGO+6rQSKdEBoV1z838NJAk+Vv1yoU0EFAmn+J7sd8IDRI/cvB0morzWbw/tEgcpqKm1dfHSeY6OMrMguM1kV91c9o=
X-MS-TrafficTypeDiagnostic: DM5PR05MB3658:
X-Microsoft-Exchange-Diagnostics: 1; DM5PR05MB3658; 20:FkoMZT2nETsjTWH6+pyR7BvTcFetXtx7wn5XAYp2tFW78STXy3V/1VKMan/FAmAY/Ot5EGIQkQ4OKttnIuXe+3xAeVLJhf3IHEdBWrDlOB0BcUY9gXkRGq45MsPvvZyH3Gk+O6+rnkdJ4d4eiJ8TankbJjIoqKcwsbnrt59A7Dr5dhAfxNWgYh/D8bxklg8TUcicFat+aiYZ67d+BV8pBmOI7fcszv2w1goMkzDdO/AlA89gIsKToTw/ZXQM3JPWBIsyq44O1fIgTTePn9OuPicMSHyiUIz6Xq0lC8hbUGo8NZ0qKBMo0Uk316AwqWjZn6W4oI+hLg4+9KElMPyeYy7lHGgdI1/oW7PtUG7RsPNxbgIG7bz3wHahvd4apdH0XElhpCoIigm3T5sVLdAt4Y7M0yJScSEK1cMt0JpS3owozAKOONC0iMBafe+mjTUtVpqqmpHRqgABS9miRdpx+vpjZx/djbiYxrLN+pJB8n7TG/X8d0BrVADee2T/4CbW; 4:lnpGhlajXV/1oJiX927uimbM2VApxlW9uzVAs+0Gu8WTxOtA49NLjMy5E5z2oujnttgDzl70vVAh6bPN60lwzgv+jmDRyTLKo3GI9JLgc0XAvJ296nm3RRKg7ZZIUetv6NeixxMaMfPYOb+qydhOUxf2kqIK1XL/PV77TnbwFcXs7lHVwVvs/QZrMih+HCEOqebcplIpByZNXKz0+Jk3Szr7LZdi07lj6DsXgy6RokSNLaKoierYl6OWQkpt7G0dy18FX6rpYY5Hn2uTLcJnlcrFliSnvqF6f2H2zJJJai10Q9dj3Y4pHpj7OsUeVbj3PtYCHFTsypZ8l7zf5sXat9X77hADG1YKbUNXA4bD+gPhOfl/l7gyjc6GZU0TDXejcO/SOBVXrd5lf8QYjRS1HUp6ND0gjPul2zYgQD1qBG4=
X-Microsoft-Antispam-PRVS: <DM5PR05MB3658CEF53319CDA31DF0AC33BB9F0@DM5PR05MB3658.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(61668805478150)(158342451672863)(10436049006162)(146099531331640);
X-MS-Exchange-SenderADCheck: 1
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(10201501046)(3231254)(944501410)(52105095)(149027)(150027)(6041310)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:DM5PR05MB3658; BCL:0; PCL:0; RULEID:; SRVR:DM5PR05MB3658;
X-Forefront-PRVS: 06691A4183
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(396003)(39380400002)(39860400002)(346002)(366004)(376002)(199004)(189003)(86362001)(966005)(575784001)(31696002)(59450400001)(65806001)(65956001)(386003)(68736007)(33964004)(76176011)(52116002)(53546011)(52396003)(31686004)(7736002)(606006)(6116002)(64126003)(106356001)(105586002)(1706002)(486006)(316002)(11346002)(2906002)(84326002)(6306002)(54896002)(476003)(2616005)(270700001)(236005)(4326008)(53936002)(6246003)(5660300001)(81156014)(58126008)(46003)(478600001)(97736004)(81166006)(446003)(25786009)(8936002)(8676002)(65826007)(36756003)(6916009)(6666003)(186003)(37036004)(229853002)(6486002)(16586007)(16526019); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR05MB3658; H:[IPv6:2601:646:c103:10ff:21cf:ef2f:8885:d67]; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
Received-SPF: None (protection.outlook.com: vmware.com does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1; DM5PR05MB3658; 23:c1Addo5ZvplI4y6RPYkIpbghKfhX5tSg3gpqqUM3vP6nUOyAhTQSPfSsxtyirOGzUuMf939ZjowFWV7IRss1CU98qC4q4TMGzTK+t6dkYHa7Tr2ep3oPnFjTxm2BGvh8ELjta03YRmfYbwsLVGLkQ/UAtRWnH55oskpdcWXWeJJ5gb0DM24xcL1NXQb9kJkz9bGJBvbCs7Tw86ILmWow3nz6KD4aIc4oNph5cnRBld8u1Ir374XXia045ujuA8OhmRjywL3gWonYqQuBRkXCkcUgTP+nP+gMsSi/4aEMPl3bEnQ6ClSyUaqviaSQz7WcPq9EyegysqEq3t93dS/VE/ON3N0a/yfaBlqbgi9l0MH6BGtOyCAapatV49t+inYYrDMnC65y1itFiapNOd+B5DCyiI+BcWiIUJg3CGgFA8E00GFX0/rf02yueJX+JPWeeVPkrEPZvImttr/BiQQXqJugHAlGq5KeHornOdeNKHob//JgFSLZYuVlv41HrX3FYtHODGSA0XPaiNjWuoWxQHlBIYH4GAiO7Lgy7jUbmi/tHwxKn+dSr3Cgghc4pFddJKooNFyUDsqFA9OQ0PqU2aBpyX++0mkQX+CiFpu4EHB7turCj82iDWmyJYzDwjYCoFme7UmbpqyIUJBZfit3d0Bb78VTm/XGVGyHMnHSkYSPc12/zZd4bY4Zy8Le+Gqgx+Jw527YRsy6dGxuyWYuxENQhXK7w9+4sbzdB6Uu7IBeOnSQ5r5rrz56jo0PCD8FllOks6/1q3kmYHIYgvGlaBN4QjaY+1cYZlUWZF3WxO3r/MBhgXNfdEYoCAKzwjKk6swSiSOAcvvZvufD5JoUHLUGXX3U+3SPlRkEDrL+wya8+5oLf8shUehPnfXHG+lLEukrWKTQKxnKfTpkZPMd1gaEzvTkSz0RzLQYH3TBM6rUBfIe3KiaWI//qSGTEoB0Srk3ShoixjwOke7JXoAce/m8r+56TIEWzVIpMzXsuR+SlYesen+d0akkwKOiZo9AyRAK45NoQLfTLuOVfuivJ1wcYybNaplD3K5yerDB3slZs+xzP+mx4PfUmAq2cNX4z8/qJHIofadJYfbG97q4Qu2BqAsIULvZkUXk+yjkmYnAGQAMb6jvK3klTqpBq5Q/0TtHT2Ap4NJ8NC6+4S/wEool3Bu5nU2CJB8OrgrRj7DE5Ud4y2JlE+OoBEqluldzI0YCcVAWrsQPDZrTaJ9Ok7aPhNCoWWnfLYPxTJ1089tnKqo1/2XWllcQPtkhjVN9rJZiiG/Kt46H4jwWkqNV+pDKs11rbBB54XywQql+6IYNun1YEQDFbYB96ooYpplNy2AXo14AxZYqwDCZvT+2j2lMUyNc50aYJ0szZdr5SmZsXHlU9tXPrP6BmWfyZ/yhGCCprnff+KNhyJWez110l26pHP+WroAGZElKANztNDo=
X-Microsoft-Antispam-Message-Info: lVs4DTFPR2aojaa7tvpRDMrwT1WHNQb7+g7efg04zUUlwmx4ccnPDhmnoB1sHFjryNZn008K7RwRlvKdMFNBJnabagYSrs6v8LT7ad25sBs3IddVlsHGyhn+OiK5Z8rSLZfiZ0WjIaXsnEmyUpun7ra1uYyZzXUNvku/ER+jiwiLsevTDHH0Jm5QkU+ytLeG
X-Microsoft-Exchange-Diagnostics: 1; DM5PR05MB3658; 6:w/rFEFVzZxbFrsyTgZi6NX6KyyxWbf1pKNaLfFo/x95bQQB6sXNkYLfYLeOnAdQ1P/q0LMOg/Au79awSWcBLnCt+plZdRrXPLRZ+goEfh4B008anoCUEAF2kMTvRPkM67ZOSvwy3rswsswXvjhL+freBPw+os6nwT1JFNt4jhjZtoXLkPJ/rcAiVoHSdPruA3Orviuh30Tdi3zuSNG+wxpNVwK30PFPOLPoB62n8uR6stoj0VuiQoG5FrCUWXgE3BNpTWYNa/Dj4Gi3vCMCMNtCVo3cqyJjGJ+s3jfaBxrA8vRYqEYD7mVc/LAgBB+qqIOu38zmSJ36e6UCbqtw0qDcVYDj0NEqIUoT3cfQpkKVzfxH4v8D7kWUoIB/rn6jIXhGd9LpquFdEy2ErhYURxcYEMQ45UCzR/xUC8dnlo2/8IKwzcihqtOaLLPSrX6VPe7p/lv3R3CXeryTv5//+8Q==; 5:/FRih+cHQ9ppD3Xqi0sa4meI4V2w+MpUtvdfhgQrP5ru7nw7j3CT9Bw2OLAmxCs42RAgSUjZbjTcc7aSY5njD3gAYn4bbIc1+fXli/Cpmf351RT8bpgOBjTIgHPl6ah7hezp6K0IrF0E6ga4C+OaCX9zoBxiJXCxOjE7Oq7G8Fg=; 24:n2oVugbIsbfMZdeWW8LMWkdImDmIP40vUVGY6MTnVhgSrvx4SLg5C2zcsVf+T69z7uNsAmZUGRg7V8Nk/7oU/4xRkw1Gyd0GII6RGAIcx7E=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; DM5PR05MB3658; 7:bfSqV14jF4tgAC8k44Py/9HHXogQMh6n4ihP5v4CSErB/KdPFPV2Gmbq/KbykYhrJx/kwpzefFCEuM1InKyAgxG6KWZVnfEHZMxcw7Ci3F5H6b66UIzbmrQDjDEeBioT7Lrx1wcLYd5dVZq4DBsPNi4HsPNz5mxrDziLb/Zsy4LTO6sulhybLnFN/MMTBZuEwL+9e5RuPN3VR2q8kBFkFW4XTFS101W3UkrPrrK445IB8dsP+QjwbAdriyxa+YuI; 20:VvbHrVP6jZDaqZ3OB1Aw17/9zai/7FdKQiEL/1M9NxQTiu8zosQhpEXhqKNsVG7gdTP5N+Jjj0QfR6B8oX8AYkbOyR6QrVi2sjzDInx1Tq6KIGXksMMX3CmsRFJONm1A+tx0Q8nL82RTW7pR5uEDRT3ebw/e8xzv0r+X7zeu/hg=
X-MS-Office365-Filtering-Correlation-Id: 14af9f8e-fded-4449-75c8-08d5b6e7b2eb
X-OriginatorOrg: vmware.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 May 2018 02:34:19.5947 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 14af9f8e-fded-4449-75c8-08d5b6e7b2eb
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: b39138ca-3cee-4b4a-a4d6-cd83d9dd62f0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR05MB3658
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/e2jQHcV8xaq52XVrmb5UhUCeVP0>
Subject: Re: [scim] unknown attribute type in attribute selection parameter
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2018 02:34:24 -0000

Thanks, Phil. I agree that the behavior should be consistent with filter 
rules, but I didn't see where the Filtering section mentioned undefined 
attributes. By searching for "undefined" I see what you describe is 
there, in the Query Endpoints section. Odd, but good enough. Thanks again.

--Dale

On 05/10/2018 07:19 PM, Phil Hunt wrote:
> Dale
>
> I believe your view is correct.
>
> The spec is a bit weak on the processing rules for the attributes parameter.
>
> One would expect behavior consistent with the filter rules which say undefined attributes can be evaluated as null or false etc.
>
> Phil
>
>> On May 9, 2018, at 2:52 PM, Dale Olds <olds@vmware.com> wrote:
>>
>> I have a question regarding how a SCIM server should handle unknown attribute names in an attribute selection parameter. The SCIM 2.0 spec, section 3.9, defines the "attributes" parameter. We're seeing an implementation that returns an error if one of the given attribute types is unknown to that server.
>>
>>  From previous experience working with directory services it was very important that servers not return an error, but simply ignore that attribute since resources will not contain a value for it. This allowed for requests to be coded in a more portable fashion. If an app really needed to know what schema was supported, it could query the schema.
>>
>> However, in looking over the SCIM 2.0 spec, I can't find anything that would directly address this case. It is somewhat indirectly addressed in that I can't find an error defined for invalid or undefined attribute type.
>>
>> Is there an expected behavior for this situation or is it up to the server implementation?
>>
>> --Dale Olds
>> _______________________________________________
>> scim mailing list
>> scim@ietf.org
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_scim&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=na5FVzBTWmanqWNy4DpctyXPpuYqPkAI1aLcLN4KZNA&m=pb0U4X3Kl2WACP79HHA7FmtCfg6YoFmk97APnIwAGrM&s=9BqVUKO4TTZGgD7H4U1tHHM7ZvxspP3xipmcFjyfWaE&e=

v2.23.0 | Report a Bug | By Email