IETF Logo Mail Archive

Re: [scim] Proposed Detail Errors

Anthony Nadalin <tonynad@microsoft.com> Mon, 30 June 2014 19:24 UTC

Return-Path: <tonynad@microsoft.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FAEB1A037D for <scim@ietfa.amsl.com>; Mon, 30 Jun 2014 12:24:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[AC_DIV_BONANZA=0.001, BAYES_00=-1.9, HTML_MESSAGE=0.001, J_CHICKENPOX_37=0.6, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dXPJl_A6FMjy for <scim@ietfa.amsl.com>; Mon, 30 Jun 2014 12:24:17 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0208.outbound.protection.outlook.com [207.46.163.208]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8BFA1A0379 for <scim@ietf.org>; Mon, 30 Jun 2014 12:24:16 -0700 (PDT)
Received: from BLUPR03MB309.namprd03.prod.outlook.com (10.141.48.22) by BLUPR03MB309.namprd03.prod.outlook.com (10.141.48.22) with Microsoft SMTP Server (TLS) id 15.0.974.11; Mon, 30 Jun 2014 19:24:14 +0000
Received: from BLUPR03MB309.namprd03.prod.outlook.com ([10.141.48.22]) by BLUPR03MB309.namprd03.prod.outlook.com ([10.141.48.22]) with mapi id 15.00.0974.002; Mon, 30 Jun 2014 19:24:14 +0000
From: Anthony Nadalin <tonynad@microsoft.com>
To: Phil Hunt <phil.hunt@oracle.com>, Kelly Grizzle <kelly.grizzle@sailpoint.com>
Thread-Topic: [scim] Proposed Detail Errors
Thread-Index: AQHPkjhIzbP18zhaFUGCaYkX6dnJmZuIh7iAgAAE3ICAATM9AIAAE3GAgAAmcoCAABN/MA==
Date: Mon, 30 Jun 2014 19:24:14 +0000
Message-ID: <d6d14699caab45d98a7f660659a78e8d@BLUPR03MB309.namprd03.prod.outlook.com>
References: <348F75D5-7C0F-4B93-A7B7-88E0B2FFD4ED@oracle.com> <232fc398cb76462088c589f6244f3bf9@BN1PR04MB392.namprd04.prod.outlook.com> <42A78180-7AA1-40FD-B257-DD6ECF06784E@oracle.com> <9075316269e949418386ee90ebedee42@BN1PR04MB392.namprd04.prod.outlook.com> <A1CE5912-0C8B-4A2D-A1A3-FECF6189DD21@oracle.com> <BE5B1DCB-B1FD-428F-8A3F-3B5B8AA4F94C@oracle.com>
In-Reply-To: <BE5B1DCB-B1FD-428F-8A3F-3B5B8AA4F94C@oracle.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e0:ee43::2]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:
x-forefront-prvs: 0258E7CCD4
x-forefront-antispam-report: SFV:NSPM; SFS:(24454002)(199002)(189002)(51444003)(377454003)(19580405001)(83322001)(15975445006)(76176999)(54356999)(99396002)(19580395003)(64706001)(85306003)(50986999)(77982001)(76482001)(81542001)(80022001)(79102001)(81342001)(20776003)(16236675004)(46102001)(92566001)(16601075003)(107046002)(74502001)(31966008)(33646001)(21056001)(93886003)(74662001)(19625215002)(86362001)(4396001)(101416001)(15202345003)(95666004)(19300405004)(99286002)(85852003)(83072002)(87936001)(74316001)(76576001)(105586002)(106356001)(2656002)(106116001)(108616002)(42262001)(24736002); DIR:OUT; SFP:; SCL:1; SRVR:BLUPR03MB309; H:BLUPR03MB309.namprd03.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; MX:1; LANG:en;
Content-Type: multipart/alternative; boundary="_000_d6d14699caab45d98a7f660659a78e8dBLUPR03MB309namprd03pro_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/scim/yXWR8ttj7QdLbEBkKVE8BOJRtjM
Cc: Scim WG <scim@ietf.org>
Subject: Re: [scim] Proposed Detail Errors
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Jun 2014 19:24:22 -0000

Isn't this going to be a continued problems with IANA updates ?

From: scim [mailto:scim-bounces@ietf.org] On Behalf Of Phil Hunt
Sent: Monday, June 30, 2014 11:14 AM
To: Kelly Grizzle
Cc: Scim WG
Subject: Re: [scim] Proposed Detail Errors

After thinking about this a bit, I think URIs for scimType is the best way to go. While having a URI means a new IANA registry, it is probably simpler to implement and allows for the capability for SPs to extend errors as Kelly and David have requested.  It is also in line with: http://tools.ietf.org/html/draft-nottingham-http-problem-06

As many are off-line much of the week due to Canadian and US holidays, and the window for submissions for IETF90 closes Friday, I will start work amending the API draft to include the error codes listed at the start of this thread but with URIs and will add the IANA registry for errors.

Phil

@independentid
www.independentid.com<http://www.independentid.com>
phil.hunt@oracle.com<mailto:phil.hunt@oracle.com>



On Jun 30, 2014, at 8:56 AM, Phil Hunt <phil.hunt@oracle.com<mailto:phil.hunt@oracle.com>> wrote:


David had a similar comment.

What if there was a separate attribute: spCode that allows the service provider to indicate non-protocol errors?

Phil

On Jun 30, 2014, at 7:46, Kelly Grizzle <kelly.grizzle@sailpoint.com<mailto:kelly.grizzle@sailpoint.com>> wrote:
I remember that one of the initial drivers for this ticket was the ability for service providers to send back error codes that are specific to the service provider.

An example on a user creation might be "error 28738" ... "client has exceeded the maximum number of users in their organization".  Ideally the SP would be able to communicate back the general HTTP error code, a provider-specific error code, and a human readable description.

I think that scimType would allow for this if the list were extensible.

--Kelly

From: Phil Hunt [mailto:phil.hunt@oracle.com]
Sent: Sunday, June 29, 2014 3:27 PM
To: Kelly Grizzle
Cc: Scim WG
Subject: Re: [scim] Proposed Detail Errors

Could be if we use URIs for codes

Phil

On Jun 29, 2014, at 13:09, Kelly Grizzle <kelly.grizzle@sailpoint.com<mailto:kelly.grizzle@sailpoint.com>> wrote:
I like these, Phil.  Should this list of error codes be extensible?


From: scim [mailto:scim-bounces@ietf.org] On Behalf Of Phil Hunt
Sent: Friday, June 27, 2014 1:47 PM
To: Scim WG
Subject: [scim] Proposed Detail Errors

After reviewing the API and Schema docs, here is a first cut of the detailed error codes.


For HTTP Status 400 (Bad Request) responses, the following detail

   error types are defined:



+--------------+------------------------------+---------------------+

| scimType     | Description                  | Applicability       |

+--------------+------------------------------+---------------------+

| invalidFilte | The specified filter syntax  | GET(Section 3.2.2), |

| r            | was invalid (does not comply | POST (Search -      |

|              | with Figure 1) or the        | Section 3.2.3),     |

|              | specified attribute and      | PATCH (Path Filter  |

|              | filter comparison            | - Section 3.3.2)    |

|              | combination is not           |                     |

|              | supported.                   |                     |

| uniqueness   | One or more of attribute     | POST (Create -      |

|              | values is already in use or  | Section 3.1), PUT   |

|              | is reserved.                 | (Section 3.3.1),    |

|              |                              | PATCH (Section      |

|              |                              | 3.3.2)              |

| mutability   | The attempted modification   | PUT (Section        |

|              | is not compatible with the   | 3.3.1), PATCH       |

|              | target attributes mutability | (Section 3.3.2)     |

|              | or current state (e.g.       |                     |

|              | modification of an immutable |                     |

|              | attribute with an existing   |                     |

|              | value).                      |                     |

| invalidSynta | The request body message     | POST (Search -      |

| x            | structure was invalid or did | Section 3.2.2,      |

|              | not conform to the request   | Create - Section    |

|              | schema.                      | 3.1, Bulk - Section |

|              |                              | 3.5), PUT (Section  |

|              |                              | 3.3.1)              |

| invalidPath  | The path attribute was       | PATCH (Section      |

|              | invalid or malformed (see    | 3.3.2)              |

|              | Figure 4).                   |                     |

| noTarget     | The specified "path" did not | PATCH (Section      |

|              | yield an attribute or        | 3.3.2)              |

|              | attribute value that could   |                     |

|              | be operated on. This occurs  |                     |

|              | when the specified "path"    |                     |

|              | value contains a filter that |                     |

|              | yields no match.             |                     |

| invalidValue | A required value was         | GET (Section        |

|              | missing, or the value        | 3.2.2), POST        |

|              | specified was not compatible | (Create - Section   |

|              | with the operation or        | 3.1, Search -       |

|              | attribute type (see Section  | Section 3.2.2), PUT |

|              | 2.1 [I-D.ietf-scim-core-sche | (Section 3.3.1),    |

|              | ma]).                        | PATCH (Section      |

|              |                              | 3.3.2)              |

| invalidVers  | The specified API version is | GET (Section        |

|              | not supported (see Section   | 3.2.2), POST (ALL), |

|              | 3.11).                       | PUT (Section        |

|              |                              | 3.3.1), PATCH       |

|              |                              | (Section 3.3.2),    |

|              |                              | DELETE (Section     |

|              |                              | 3.4)                |

+--------------+------------------------------+---------------------+
I plan to put these into draft 07 of the API and will publish over the weekend.

As always, feedback welcome!

Phil

@independentid
www.independentid.com<http://www.independentid.com/>
phil.hunt@oracle.com<mailto:phil.hunt@oracle.com>



_______________________________________________
scim mailing list
scim@ietf.org<mailto:scim@ietf.org>
https://www.ietf.org/mailman/listinfo/scim
_______________________________________________
scim mailing list
scim@ietf.org<mailto:scim@ietf.org>
https://www.ietf.org/mailman/listinfo/scim
_______________________________________________
scim mailing list
scim@ietf.org<mailto:scim@ietf.org>
https://www.ietf.org/mailman/listinfo/scim

v2.23.0 | Report a Bug | By Email