RFC Errata
RFC 7644, "System for Cross-domain Identity Management: Protocol", September 2015
Source of RFC: scim (sec)
Errata ID: 4690
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Phil Hunt
Date Reported: 2016-05-10
Section 3.4.2.2 says:
valFilter = attrExp / logExp / *1"not" "(" valFilter ")"
It should say:
valFilter = attrExp / valLogExp / *1"not" "(" valFilter ")"
valLogExp = attrExp SP ("and" / "or") SP attrExp
Notes:
Figure 1 contains the ABNF for SCIM filters. The term "logExp" specifies "FILTER" as an option which unintentionally allows recursion. A valFilter should only allow simple sub-attribute expressions and simple logic. Nesting of valuePath (e.g. attr[a eq b and attr[c eq d]]) should not be possible.