Re: [scim] PATCH Multi-Valued Attribute Value Type
Phillip Hunt <phil.hunt@independentid.com> Thu, 01 October 2020 01:25 UTC
Return-Path: <phil.hunt@independentid.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 921F23A0412 for <scim@ietfa.amsl.com>; Wed, 30 Sep 2020 18:25:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Level:
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=independentid-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7dmIVsWjOnyc for <scim@ietfa.amsl.com>; Wed, 30 Sep 2020 18:25:32 -0700 (PDT)
Received: from mail-pf1-x443.google.com (mail-pf1-x443.google.com [IPv6:2607:f8b0:4864:20::443]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B8193A0414 for <scim@ietf.org>; Wed, 30 Sep 2020 18:25:32 -0700 (PDT)
Received: by mail-pf1-x443.google.com with SMTP id l126so2837877pfd.5 for <scim@ietf.org>; Wed, 30 Sep 2020 18:25:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=independentid-com.20150623.gappssmtp.com; s=20150623; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=24IPwT7+h3wQsQMK6xk3iZO1F/muXVpBTl16qBzHqXI=; b=RMjp3BzGIBX4PwEHLEeo5jeTmJqb+kSEulnwCueNrYDpvi1AbuXt/vtYkJlcsgB/yZ 9bvwCrjrnKPhAF7D1TEHGI0Tc26KRCnR9vsOfnT12DJBeQc4CtHLhPo0/Ry830xg9HTA 3qwVW/qwyD6lA9Blkz6hKk3wNKkq7nIyl4NR1dDoSGRKlpvEnXvWsBrVDPplLPyOmlhr UYgxJkWRouSG6auXNWOdaOirZzg7PA9sIESqKnSxVLLjfm5oRSkgEb2x2IHK/gF5ejN1 SwVh9liB0OkPjeO659rX4fkMJzEtvXiQbgkd7rmaCM6CkdORbtikt4YoizS9Rn1wL5Gz VS9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=24IPwT7+h3wQsQMK6xk3iZO1F/muXVpBTl16qBzHqXI=; b=kcQlipgg1npc0pMa2TWBJViBur+7ff4xqO6+Ba3144GvxdL49Mi6bhkBVIWlMl13kQ CV74vd10e0sqdiqlwf65XtmdzaiwA5ivbDP8COiGjKnRKgFdb8JJBIc9PpZ5WG+Qgr+6 IOknOdl2pIvTW7ohl79yM4FVS0oTM5k6bdJs6e/wYq4FRRiEQ3de1sWeLTZQujQIIIeX X7CZoAaTlYMImX1eVSco9hL//ZLcHGCceqQ5+gnmkYT1LHQ3b4uy+UR6RHF4q6fgubMY xnuMs4DeNq7mD+BMDg0Whxpmv0X2v2m9gGCgR8wsgWpGZ8MKw+CfmUucrq9zFJAfeYSN NLKA==
X-Gm-Message-State: AOAM533ScPmRJ8uAVQfQZspmQG3hHzXon+GgeLucfJWWv0T2N7ZdDHkl IO0NB92ThNUyr/fy8MhEHuUWvw==
X-Google-Smtp-Source: ABdhPJxdZsvZ9/xoVF6xQZrmmyykMnYy4baugbhTE4f1Hri+e7YXiztosxDfkIKO0BgtDu64ltU/0A==
X-Received: by 2002:a62:5bc2:0:b029:13e:d13d:a130 with SMTP id p185-20020a625bc20000b029013ed13da130mr5062306pfb.24.1601515531828; Wed, 30 Sep 2020 18:25:31 -0700 (PDT)
Received: from ?IPv6:2001:569:79bc:100:c53e:4fa9:99d3:589e? (node-1w7jr9qqo6k58apj75ju6p5zy.ipv6.telus.net. [2001:569:79bc:100:c53e:4fa9:99d3:589e]) by smtp.gmail.com with ESMTPSA id q16sm4276511pfj.117.2020.09.30.18.25.30 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 30 Sep 2020 18:25:31 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail-C662383D-1D09-47EF-8A64-B748BFD78E57"
Content-Transfer-Encoding: 7bit
From: Phillip Hunt <phil.hunt@independentid.com>
Mime-Version: 1.0 (1.0)
Date: Wed, 30 Sep 2020 18:25:30 -0700
Message-Id: <EA91DB7E-985F-47F2-BD44-A71FF911775A@independentid.com>
References: <89C877BA-9DF9-44A1-A1A9-5719D3665B76@amazon.com>
Cc: Shelley <randomshelley@gmail.com>, "scim@ietf.org" <scim@ietf.org>
In-Reply-To: <89C877BA-9DF9-44A1-A1A9-5719D3665B76@amazon.com>
To: "McAdams, Darin" <darinm=40amazon.com@dmarc.ietf.org>
X-Mailer: iPhone Mail (17H35)
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/iT6tnDwDr5ktPc8lWDs77QqGIIU>
Subject: Re: [scim] PATCH Multi-Valued Attribute Value Type
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Oct 2020 01:25:35 -0000
If the path is a simple attribute than the patch value is the actual simple assignment. If the path is a complex attribute than Patch value is the set of attributes that constitute a value. CMVA then follows that value is an array unless a [value path filter] was specified. The idea is that path can be either fine-grained or point to a whole object much like in the json patch spec. The big difference is scim uses a filter for multivalue arrays over indexing. Thus value of “value” depends on what path points to. Phil > On Sep 30, 2020, at 3:39 PM, McAdams, Darin <darinm=40amazon.com@dmarc.ietf.org> wrote: > > > I’m curious as well. We are proposing a SCIM interop profile in FastFed and now I’m hoping we got it right! > https://openid.net/specs/fastfed-scim-1_0-02.html#rfc.section.4.3.7 > > From: scim <scim-bounces@ietf.org> on behalf of Shelley <randomshelley@gmail.com> > Date: Wednesday, September 30, 2020 at 2:23 PM > To: "scim@ietf.org" <scim@ietf.org> > Subject: [EXTERNAL] [scim] PATCH Multi-Valued Attribute Value Type > > For "add" and "replace" PATCH operations that specify multi-valued attributes, is the content of the "value" attribute supposed to be an array containing the new/replaced element(s) or a single JSON object containing the new/replaced element? The RFC seems to contain examples for both, and I would like to better understand the difference. > > Add Operation "Value" Type for Multi-Valued Attributes > There is an "add" example on page 37 which specifies an array for a multi-valued attribute: > { > "op": "add", > "path": "members", > "value": [{ > "display": "Babs Jensen", > "$ref": "https://example.com/v2/Users/2819c223...413861904646", > "value": "2819c223-7f76-453a-919d-413861904646" > }] > } > > The description of "add", however, indicates that it contains "a "value" member whose content specifies the value to be added." In the case of "add", the value being added is the individual element, not an array. > > Also, the "add" description indicates that the "value MAY be a quoted value, or it may be a JSON object containing the sub-attributes" but does not seem to allow arrays (nor JSON literals, such as booleans or numbers, which is a separate question...). > > Is the description or the example incorrect? Should the operation "value" here be a JSON object or an array? > > Replace Operation "Value" Type for Multi-Valued Attributes > For "replace", there is an example on page 44 that specifies an array for the "value" of a multi-valued attribute: > { > "op": "replace", > "path": "members", > "value": [{ > "display": "Babs Jensen", > "$ref": "https://example.com/v2/Users/2819c223...413861904646", > "value": "2819c223...413861904646" > }, > { > "display": "James Smith", > "$ref": "https://example.com/v2/Users/08e1d05d...473d93df9210", > "value": "08e1d05d...473d93df9210" > } > ] > } > However, there is also a "replace" example on page 45 that specifies an object (not an array) for the "value" of a multi-valued attribute: > { > "op": "replace", > "path": "addresses[type eq \"work\"]", > "value": { > "type": "work", > "streetAddress": "911 Universal City Plaza", > "locality": "Hollywood", > "region": "CA", > "postalCode": "91608", > "country": "US", > "formatted": "911 Universal City Plaza\nHollywood, CA 91608 US", > "primary": true > } > } > > The use of the array for "replace" on "members" seems appropriate since it is replacing the entire attribute with one or more values. For the "addresses" value path, it's a little less clear to me. The use of an object seems to imply that even if multiple addresses are matched by the filter, only one new element may be specified to take it's/their place. Can someone provide clarification on when to use array vs. object here? > > Thank you! > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim