IETF Logo Mail Archive

Re: [scim] Filter ABNF Clarifications

Phil Hunt <phil.hunt@independentid.com> Thu, 13 August 2020 18:02 UTC

Return-Path: <phil.hunt@independentid.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 022C23A1027 for <scim@ietfa.amsl.com>; Thu, 13 Aug 2020 11:02:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=independentid-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0BkWDDtwFAG7 for <scim@ietfa.amsl.com>; Thu, 13 Aug 2020 11:02:33 -0700 (PDT)
Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 163B03A1025 for <scim@ietf.org>; Thu, 13 Aug 2020 11:02:32 -0700 (PDT)
Received: by mail-pl1-x62a.google.com with SMTP id bh1so2948493plb.12 for <scim@ietf.org>; Thu, 13 Aug 2020 11:02:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=independentid-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=/BhnHorCkH9ertJgXfdnSWYzFruBJ4Mi1ocAAKltAp0=; b=rfG9SOK9Kn6fhI6UpuQvU5MCoyUz/Hu2jE86SiL60vWBnlOr8FhbkvvyRnSVN4/l3K 3631yx7rNOS3vUNL7ykRZlnmJv3YnTIDml0a8M8emYqfSkjnsLBN8Q605SY4aQIjxgjB Qeqrvad7IiiKjsHtnnfG8zvWex0m0bJAhJ/reNP6OIhCkMwXA5Ay+SGSklIBjX0SdYOg 1mAEv3dq2HpQWJdpRNV0AZ5pq9To5QD06806GtE6GxmBKGjvi0SuoInJstloylnM16ju qVsdRKNnuIb1uVTo72Vw770FEg84EVEtLZPqZYmvX3wWXxeYUQ+XQG9TKFxLq+PQH7hT AOtw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=/BhnHorCkH9ertJgXfdnSWYzFruBJ4Mi1ocAAKltAp0=; b=nDCjhfx/9NRRB7Zi/lZxU1U92N2bjpYap+inmqfLyfEKkIE5VvEsh6bLCnQlAP5CnN tmhdOwruMjpc1eOYZ8KKerpa8ix5YJ4z890m3gjkl345G5fwqKVd/v0Cxd9TZIjNKOfD itmpORjqekPaPq77cRm+L6pYMqjTO0m8TlxCzX05KgsHUNdVDybQNVgDftb897d/aO5a N4C/3wvmKASlM0eIPzyF59HRw5lz3wVXg574QTijUhSyhUd2Ys/q/1nLCsPZvBKP/VrW Utig9d7y7i8s106JE+BuEUWormc2DxBc2E7W712eZOEqNDO9sKvTwA3ma3l+XuoABcDr uanQ==
X-Gm-Message-State: AOAM531RtJr7ZB/zZhOspHza6G3sgKQVjY1MFeEsgWr+pdN6d241dWOx 9MjZ45p+W8nJMDRyIjUGA6OJHQ==
X-Google-Smtp-Source: ABdhPJzT1DgcfaViMWkVZK8qpX8AaO7xbrrOVH2x14izK7TQf38VR5GGMD8vdDCphsf6CzSs5zt1Xg==
X-Received: by 2002:a17:90a:ff92:: with SMTP id hf18mr6431988pjb.107.1597341752051; Thu, 13 Aug 2020 11:02:32 -0700 (PDT)
Received: from node-1w7jr9qrfoxxag5dq472g9k2j.ipv6.telus.net (node-1w7jr9qrfoxxag5dq472g9k2j.ipv6.telus.net. [2001:569:7a71:1d00:c045:8c07:ef46:95db]) by smtp.gmail.com with ESMTPSA id b22sm6924221pfb.213.2020.08.13.11.02.30 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 13 Aug 2020 11:02:31 -0700 (PDT)
From: Phil Hunt <phil.hunt@independentid.com>
Message-Id: <7B069C74-315D-4CCF-8D49-3A6B1B48DF41@independentid.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_388D9653-002E-46ED-A7A5-04A17252B0FB"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Date: Thu, 13 Aug 2020 11:02:30 -0700
In-Reply-To: <CAGUsYPwhLdafN-e1E-SSEdp8SuScYFx0uD_9f4kT9fN3yz-GkQ@mail.gmail.com>
Cc: scim@ietf.org
To: Shelley <randomshelley@gmail.com>
References: <CAGUsYPz7BYonmr0qXKWPAJFyQd9exV0mNcyZ38RhpsLqpg7Q4w@mail.gmail.com> <9D2B20FF-64AB-4F6A-8893-9B2CEEE2D87A@independentid.com> <CAGUsYPwhLdafN-e1E-SSEdp8SuScYFx0uD_9f4kT9fN3yz-GkQ@mail.gmail.com>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/kw2oJyZ2xRCSzaO6EGzqVYT-QIo>
Subject: Re: [scim] Filter ABNF Clarifications
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Aug 2020 18:02:35 -0000

Shelley,

I agree, the ABNF you propose may have been a better way to express “not” filters. AFAIK, the iETF does not allow us to make this kind of RFC update as technically it is a normative change. 

IMO this would be a good item to address as a clarification item in a possible future SCIM 2.1 or 3 draft. 

Phillip Hunt
phil.hunt@independentid.com



> On Aug 13, 2020, at 10:12 AM, Shelley <randomshelley@gmail.com> wrote:
> 
> OK, thanks for the clarification. I think I better understand the intent behind the "*1" now; this also allows for optional parentheses around any filter expression. I presume the space should still be allowed between the "not" and open parenthesis "(", though? The following updated syntax includes an optional space following the "not", and also includes the recommended parentheses grouping [1] for clarification:
> 
>      FILTER    = attrExp / logExp / valuePath / ( ["not" *1SP] "(" FILTER ")" )
> 
>      valFilter = attrExp / logExp / ( ["not" *1SP] "(" valFilter ")" )
> 
> [1] https://tools.ietf.org/html/rfc5234#section-3.5 <https://tools.ietf.org/html/rfc5234#section-3.5>
> 
> 
> On Thu, Aug 13, 2020 at 11:27 AM Phillip Hunt <phil.hunt@independentid.com <mailto:phil.hunt@independentid.com>> wrote:
> Shelly
> 
> The “not” is itself optional to allow bracketing of sub filter expressions. 
> 
> (Filter) or not(filter)
> 
> Phil
> 
>> On Aug 13, 2020, at 8:56 AM, Shelley <randomshelley@gmail.com <mailto:randomshelley@gmail.com>> wrote:
>> 
>> 
>> While reviewing the SCIM 2.0 filter ABNF syntax [1], I found what appears to be a couple of issues that I wanted to confirm before submitting errata.
>> 
>> Regarding the "not" filters:
>>      FILTER    = attrExp / logExp / valuePath / *1"not" "(" FILTER ")"
>> 
>>      valFilter = attrExp / logExp / *1"not" "(" valFilter ")"
>> Specifically, if I'm not mistaken:
>> there should be a space between "not" and "("
>> alternatively, the following example [2] should not include a space:
>> not (emails co "example.com <http://example.com/>" or emails.value co "example.org <http://example.org/>")
>> the use of "*1" is not correct
>> this effectively makes the entire rule optional
>> As such, I think the above filters should be re-written as:
>> 
>>      FILTER    = attrExp / logExp / valuePath / "not" [SP] "(" FILTER ")"
>> 
>>      valFilter = attrExp / logExp / "not" [SP] "(" valFilter ")"
>> 
>> In case any SCIM clients/providers are relying on the existing ABNF which does not define the space, the above syntax makes the space optional.
>> 
>> Please confirm whether I've misinterpreted anything, otherwise, I will likely report this as errata.
>> 
>> [1] https://tools.ietf.org/html/rfc7644#page-21 <https://tools.ietf.org/html/rfc7644#page-21>
>> [2] https://tools.ietf.org/html/rfc7644#page-23 <https://tools.ietf.org/html/rfc7644#page-23>_______________________________________________
>> scim mailing list
>> scim@ietf.org <mailto:scim@ietf.org>
>> https://www.ietf.org/mailman/listinfo/scim <https://www.ietf.org/mailman/listinfo/scim>

v2.23.0 | Report a Bug | By Email