IETF Logo Mail Archive

Re: [scim] Filter ABNF Clarifications

Shelley <randomshelley@gmail.com> Wed, 19 August 2020 14:47 UTC

Return-Path: <randomshelley@gmail.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C35673A081C for <scim@ietfa.amsl.com>; Wed, 19 Aug 2020 07:47:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VKZcQKLjTs6U for <scim@ietfa.amsl.com>; Wed, 19 Aug 2020 07:47:54 -0700 (PDT)
Received: from mail-ua1-x92b.google.com (mail-ua1-x92b.google.com [IPv6:2607:f8b0:4864:20::92b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 820F93A0A6C for <scim@ietf.org>; Wed, 19 Aug 2020 07:47:39 -0700 (PDT)
Received: by mail-ua1-x92b.google.com with SMTP id g20so6952966uap.8 for <scim@ietf.org>; Wed, 19 Aug 2020 07:47:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ZujnMWlbgsxUIUJSpyBSX7h35DU1TRGRFBBXPMlAOtw=; b=OuJi1BDBFjbr4K3NBU3fuChKzw49u2KeGMy9Z9928tkMs7fvIyYDGBeFtC/Mb/Eca6 yW6yLCkjLAfEVTtClmxVjvg2MKjGDXZ0nFSpaTrMdUl7EPphlNTAiIHLa7Rzai48EIVw bnYJcyb93mcqX0xPm5TG/8Z8qOVqxYNSF2idrea29fIiwenj6+jIH9FCVO4D776whGpM PqtoXE8h5aZ87xDXiaqCXZW+XzsJNN40hzwqc6wU1ZYDAmz18YSKAcLm+JN04nybyOo0 X7UMXJ4ncupVMcyQ0OTpG4EdgVmB6KoZ7QwO5FAiiy97acOG2exIBX1PtvF4mCh5s7R0 NLOg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ZujnMWlbgsxUIUJSpyBSX7h35DU1TRGRFBBXPMlAOtw=; b=qhrw21IkvaNKK6Qu4lkbMXHnSrBERGr1cuJfqt9m0DTOM7SFonVkA4RHI1nbaozwrs IMrJVcWhpVK0ryTygicX5Sr2xdY8MqCF8JhydhZGlCJsnzVz7JrXaIotKthi0kNv0480 60rb4adMUnkcAHESmFyfIzjbPNLEk+LJH6vYbnbEeiWu4wu/ctt05r9147yL9gbYrZn8 FkQlUBvOUdNnDLyWn+hyrMcYcp0/uNYnBEkyCSsk75xgEcLU/Va4twWRT/aK9YSTaTzP TPGNiDuthDo6NksqmMjdC4nnMkTyhBcqRrpAyYgFWr4k+9KUPgvD610eb8StEu+7wNds Vtwg==
X-Gm-Message-State: AOAM531fsiPxVsuSiE7tm3+IgwcTMT9pImbqm549vL9afM7nE996afKL xPOo2erJgfOBkfa3rohD8TvABdd2u4WtGJyYH218UUEEXOg=
X-Google-Smtp-Source: ABdhPJzeoQHppBm74ZpATDdfO7ff89zfvVr5TnblxKlbqopsb/4Ylp1A6pJW05zKpM0IzW1mfzqwpgt+fnzpqJupwT4=
X-Received: by 2002:ab0:c3:: with SMTP id 61mr14032219uaj.106.1597848458507; Wed, 19 Aug 2020 07:47:38 -0700 (PDT)
MIME-Version: 1.0
References: <CAGUsYPz7BYonmr0qXKWPAJFyQd9exV0mNcyZ38RhpsLqpg7Q4w@mail.gmail.com> <9D2B20FF-64AB-4F6A-8893-9B2CEEE2D87A@independentid.com> <CAGUsYPwhLdafN-e1E-SSEdp8SuScYFx0uD_9f4kT9fN3yz-GkQ@mail.gmail.com> <7B069C74-315D-4CCF-8D49-3A6B1B48DF41@independentid.com> <CAGUsYPw-xZ+f3DtvGM_2XsX9eF4G7fs7b+JXt-LHm2j1rhYwkQ@mail.gmail.com>
In-Reply-To: <CAGUsYPw-xZ+f3DtvGM_2XsX9eF4G7fs7b+JXt-LHm2j1rhYwkQ@mail.gmail.com>
From: Shelley <randomshelley@gmail.com>
Date: Wed, 19 Aug 2020 09:47:27 -0500
Message-ID: <CAGUsYPxk2BXYr4yy6zbED9oXWnQArT-+YA0=dbbRwLpqxSVn1g@mail.gmail.com>
To: Phil Hunt <phil.hunt@independentid.com>
Cc: scim@ietf.org
Content-Type: multipart/alternative; boundary="000000000000c63c4a05ad3c155f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/urcIERfPvncv6GMveXe6Npbj-Qg>
Subject: Re: [scim] Filter ABNF Clarifications
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Aug 2020 14:47:56 -0000

There also seems to be a slight discrepancy between the allowed characters
in an attribute name between the SCIM Core Schema Specification [1] and the
SCIM Protocol Specification [2].

Specifically, the Core Schema ABNF seems to allow "$" characters:

   ATTRNAME   = ALPHA *(nameChar)
   nameChar   = "$" / "-" / "_" / DIGIT / ALPHA

whereas the SCIM filter ABNF does not seem to allow this character in
attribute names:

   ATTRNAME  = ALPHA *(nameChar)
   nameChar  = "-" / "_" / DIGIT / ALPHA

Was there any reasoning behind this discrepancy?

(In addition, if I'm not mistaken, the "$ref" attribute in the core schema
[3] seems to violate the ABNF since it does not start with an ALPHA
character. Please let me know if I'm misunderstanding something.)

[1] https://tools.ietf.org/html/rfc7643#section-2.1
[2] https://tools.ietf.org/html/rfc7644#page-21
[3] https://tools.ietf.org/html/rfc7643#page-12

On Thu, Aug 13, 2020 at 2:14 PM Shelley <randomshelley@gmail.com> wrote:

> If adding the optional space to the ABNF is not feasible, then perhaps the
> non-normative example in Figure 2 that includes the space should be updated
> to remove it? This example [1] is not compliant with the ABNF syntax:
> not (emails co "example.com" or emails.value co "example.org")
>
> Also, is there somewhere that changes like this are being tracked for a
> future SCIM spec?
>
> Thanks for the discussion and clarification regardless
>
> [1] https://tools.ietf.org/html/rfc7644#page-23
>
> On Thu, Aug 13, 2020 at 1:02 PM Phil Hunt <phil.hunt@independentid.com>
> wrote:
>
>> Shelley,
>>
>> I agree, the ABNF you propose may have been a better way to express “not”
>> filters. AFAIK, the iETF does not allow us to make this kind of RFC update
>> as technically it is a normative change.
>>
>> IMO this would be a good item to address as a clarification item in a
>> possible future SCIM 2.1 or 3 draft.
>>
>> Phillip Hunt
>> phil.hunt@independentid.com
>>
>>
>>
>> On Aug 13, 2020, at 10:12 AM, Shelley <randomshelley@gmail.com> wrote:
>>
>> OK, thanks for the clarification. I think I better understand the intent
>> behind the "*1" now; this also allows for optional parentheses around any
>> filter expression. I presume the space should still be allowed between the
>> "not" and open parenthesis "(", though? The following updated syntax
>> includes an optional space following the "not", and also includes the
>> recommended parentheses grouping [1] for clarification:
>>
>>      FILTER    = attrExp / logExp / valuePath / ( ["not" *1SP] "(" FILTER
>> ")" )
>>
>>      valFilter = attrExp / logExp / ( ["not" *1SP] "(" valFilter ")" )
>>
>> [1] https://tools.ietf.org/html/rfc5234#section-3.5
>>
>>
>> On Thu, Aug 13, 2020 at 11:27 AM Phillip Hunt <
>> phil.hunt@independentid.com> wrote:
>>
>>> Shelly
>>>
>>> The “not” is itself optional to allow bracketing of sub filter
>>> expressions.
>>>
>>> (Filter) or not(filter)
>>>
>>> Phil
>>>
>>> On Aug 13, 2020, at 8:56 AM, Shelley <randomshelley@gmail.com> wrote:
>>>
>>> 
>>> While reviewing the SCIM 2.0 filter ABNF syntax [1], I found what
>>> appears to be a couple of issues that I wanted to confirm before submitting
>>> errata.
>>>
>>> Regarding the "not" filters:
>>>
>>>      FILTER    = attrExp / logExp / valuePath / *1"not" "(" FILTER ")"
>>>
>>>      valFilter = attrExp / logExp / *1"not" "(" valFilter ")"
>>>
>>> Specifically, if I'm not mistaken:
>>>
>>>    - there should be a space between "not" and "("
>>>       - alternatively, the following example [2] *should not *include a
>>>       space:
>>>       not (emails co "example.com" or emails.value co "example.org")
>>>    - the use of "*1" is not correct
>>>       - this effectively makes the entire rule optional
>>>
>>> As such, I think the above filters should be re-written as:
>>>
>>>      FILTER    = attrExp / logExp / valuePath / "not" [SP] "(" FILTER ")"
>>>
>>>      valFilter = attrExp / logExp / "not" [SP] "(" valFilter ")"
>>>
>>> In case any SCIM clients/providers are relying on the existing ABNF
>>> which does not define the space, the above syntax makes the space optional.
>>>
>>> Please confirm whether I've misinterpreted anything, otherwise, I will
>>> likely report this as errata.
>>>
>>> [1] https://tools.ietf.org/html/rfc7644#page-21
>>> [2] https://tools.ietf.org/html/rfc7644#page-23
>>> _______________________________________________
>>> scim mailing list
>>> scim@ietf.org
>>> https://www.ietf.org/mailman/listinfo/scim
>>>
>>>
>>

v2.23.0 | Report a Bug | By Email