[scim] [INPUT REQUESTED] Re: Detailed error and status codes
Phil Hunt <phil.hunt@oracle.com> Tue, 24 June 2014 23:30 UTC
Return-Path: <phil.hunt@oracle.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 599C81B29B9 for <scim@ietfa.amsl.com>; Tue, 24 Jun 2014 16:30:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.651
X-Spam-Level:
X-Spam-Status: No, score=-3.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, J_CHICKENPOX_38=0.6, J_CHICKENPOX_64=0.6, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FLcJZu8sMPyl for <scim@ietfa.amsl.com>; Tue, 24 Jun 2014 16:30:37 -0700 (PDT)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96ABA1B29B6 for <scim@ietf.org>; Tue, 24 Jun 2014 16:30:37 -0700 (PDT)
Received: from acsinet21.oracle.com (acsinet21.oracle.com [141.146.126.237]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id s5ONUXtf031267 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 24 Jun 2014 23:30:34 GMT
Received: from aserz7021.oracle.com (aserz7021.oracle.com [141.146.126.230]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s5ONUWnd010811 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 24 Jun 2014 23:30:33 GMT
Received: from abhmp0020.oracle.com (abhmp0020.oracle.com [141.146.116.26]) by aserz7021.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s5ONUWU3010795; Tue, 24 Jun 2014 23:30:32 GMT
Received: from [192.168.1.188] (/24.86.29.34) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 24 Jun 2014 16:30:32 -0700
Content-Type: multipart/alternative; boundary="Apple-Mail=_7BB12BEF-2C41-4D0A-B96C-456BE36F0FCB"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\))
From: Phil Hunt <phil.hunt@oracle.com>
In-Reply-To: <53A9D021.2060906@gmx.de>
Date: Tue, 24 Jun 2014 16:30:31 -0700
Message-Id: <71B45AEC-9B79-4F3F-A933-23B0C2AF868E@oracle.com>
References: <65922FF3-8637-4116-B336-C5424BF9BAAB@oracle.com> <53A9D021.2060906@gmx.de>
To: Julian Reschke <julian.reschke@gmx.de>
X-Mailer: Apple Mail (2.1878.2)
X-Source-IP: acsinet21.oracle.com [141.146.126.237]
Archived-At: http://mailarchive.ietf.org/arch/msg/scim/jBLKz9I6XG8Aw50oxd_ZNVGV97U
Cc: Scim WG <scim@ietf.org>
Subject: [scim] [INPUT REQUESTED] Re: Detailed error and status codes
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Jun 2014 23:30:40 -0000
Note: July 04 is the LAST day for us to potentially submit updates for the IETF90 meeting. This gives us about 1.5 weeks to close off the error issues and update the drafts. If you have a moment please take a look and comment as soon as possible...
Julian thanks for the suggestion. For the rest of the group’s benefit, the draft Julian referenced suggests the following attributes be returned in a standardized detailed error JSON body…
> A problem details object MAY have the following members:
>
> o "type" (string) - An absolute URI [RFC3986] that identifies the
> problem type. When dereferenced, it SHOULD provide human-readable
> documentation for the problem type (e.g., using HTML
> [W3C.REC-html401-19991224]). When this member is not present, its
> value is assumed to be "about:blank".
> o "title" (string) - A short, human-readable summary of the problem
> type. It SHOULD NOT change from occurrence to occurrence of the
> problem, except for purposes of localisation.
> o "status" (number) - The HTTP status code ([RFC2616], Section 6)
> generated by the origin server for this occurrence of the problem.
> o "detail" (string) - An human readable explanation specific to this
> occurrence of the problem.
> o "instance" (string) - An absolute URI that identifies the specific
> occurrence of the problem. It may or may not yield further
> information if dereferenced.
Here is the corresponding example error response:
> HTTP/1.1 403 Forbidden
> Content-Type: application/problem+json
> Content-Language: en
>
> {
> "type": "http://example.com/probs/out-of-credit",
> "title": "You do not have enough credit.",
> "detail": "Your current balance is 30, but that costs 50.",
> "instance": "http://example.net/account/12345/msgs/abc",
> "balance": 30,
> "accounts": ["http://example.net/account/12345",
> "http://example.net/account/67890"]
> }
Julian, what is the value of having “type” be a URI? Why not just have a SCIM specific attribute (scimType) and use simple keywords? (asking mainly for the WG’s benefit). I guess the strong case is that by standardizing HTTP responses, client code gets simplified. However, using standard attributes creates the namespace conflict issue. So we need URI based error codes.
The SCIM specs could adopt the “type”, “detail”, and “status”. We would register a namespace of urn:scim:error:apil:2.0 in the SCIM IANA section in addition to api:messages, schema:core, etc. This would give detail error types of:
urn:scim:error:api:2.0:mutability, urnscim:error:api:2.0:filter, etc.
The other items, like title, instance, etc could be optional or just omitted from SCIM spec. —> we would just indicate that clients should expect attributes within the JSON message other than those defined by the SCIM drafts.
IMPORTANT NOTE: the format suggested by Julian allows for only one error at a time. Erik had commented he prefers to return only one. I tend to agree. In the case of BULK requests, this is not really an issue since each BULK operation gets its own response block.
In the interests of time, any objections to using type (with URI based error codes), detail, status, per above and limiting to ONE per response?
I know these are normative changes….however I’m pretty sure we can’t avoid changes in the final document clean up whether or not we adopt the proposed standardized error response.
Cheers,
Phil
@independentid
www.independentid.com
phil.hunt@oracle.com
On Jun 24, 2014, at 12:23 PM, Julian Reschke <julian.reschke@gmx.de> wrote:
> On 2014-06-24 21:01, Phil Hunt wrote:
>> With regards to tickets 37, 46, 67, it looks like we will have some
>> normative changes required. I am also expecting new SCIM error codes as
>> we look at the possible reasons a server might return Bad Request or
>> other HTTP status codes.
>>
>> Currently, the example response from PATCH, we use “error” to indicate a
>> detailed error.
>>
>> * "error":"mutability"*
>>
>> From Response Codes Section, no detail error is defined:
>>
>> *HTTP/1.1 404 NOT FOUND*
>>
>> {
>> "schemas": ["urn:scim:api:messages:2.0:Error"],
>> "Errors":[
>> {
>> *"description":"Resource 2819c223-7f76-453a-919d-413861904646 not found",
>> "code":"404"*
>> }
>> ]
>> }
>>
>>
>> Doing a search around Twitter, AWS, and many others, I see that “code”
>> is often used to indicate a detailed error message (“mutability”) and
>> status is used to indicate HTTP status.
>>
>> In an attempt to bring consistency across the API document, I am
>> proposing we use http_status and scim_code. This will help make clear
>> what we are referring to and allow existing implementations to co-exist
>> for a while (by having different names).
>>
>> _Are there any objections to normalizing the spec around following
>> format and attributes?_
>>
>> Proposed example:
>>
>> *HTTP/1.1 400 Bad Request*
>>
>> Content-Type: application/scim+json;charset=UTF-8
>> Cache-Control: no-store
>> Pragma: no-cache
>>
>> {
>> "schemas": ["urn:scim:api:messages:2.0:Error"],
>> "Errors":[
>> {
>> *“scim_code":"mutability”,*
>>
>> * “http_status”:400,*
>> "error_description":"Attribute 'id' is readOnly."
>> },
>>
>> . . .
>>
>> ]
>>
>> }
>> ...
>
> You may want to read <http://tools.ietf.org/html/draft-nottingham-http-problem-06>...
>
> Best regards, Julian
>
> _______________________________________________
> scim mailing list
> scim@ietf.org
> https://www.ietf.org/mailman/listinfo/scim
- [scim] Detailed error and status codes Phil Hunt
- Re: [scim] Detailed error and status codes Julian Reschke
- Re: [scim] Detailed error and status codes Erik Wahlström
- [scim] [INPUT REQUESTED] Re: Detailed error and s… Phil Hunt
- Re: [scim] [INPUT REQUESTED] Re: Detailed error a… Erik Wahlström
- Re: [scim] [INPUT REQUESTED] Re: Detailed error a… Phil Hunt
- Re: [scim] [INPUT REQUESTED] Re: Detailed error a… Phil Hunt
- Re: [scim] [INPUT REQUESTED] Re: Detailed error a… David Möbius
- Re: [scim] [INPUT REQUESTED] Re: Detailed error a… Phil Hunt
- Re: [scim] [INPUT REQUESTED] Re: Detailed error a… David Möbius
- Re: [scim] [INPUT REQUESTED] Re: Detailed error a… Phil Hunt