RFC Errata

Errata Search

Source of RFC  
Summary Table Full Records

RFC 7644, "System for Cross-domain Identity Management: Protocol", September 2015

Source of RFC: scim (art)

Errata ID: 4690
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Phil Hunt
Date Reported: 2016-05-10

Section says:

valFilter = attrExp / logExp / *1"not" "(" valFilter ")"

It should say:

valFilter = attrExp / valLogExp / *1"not" "(" valFilter ")"

valLogExp = attrExp SP ("and" / "or") SP attrExp


Figure 1 contains the ABNF for SCIM filters. The term "logExp" specifies "FILTER" as an option which unintentionally allows recursion. A valFilter should only allow simple sub-attribute expressions and simple logic. Nesting of valuePath (e.g. attr[a eq b and attr[c eq d]]) should not be possible.

Report New Errata

Advanced Search