RFC Errata

Errata Search
RFC Number:		Errata ID:

Source of RFC		Status:
Area Acronym:		Type:
WG Acronym:		Submitter Name:
Other:		Date Submitted:
Summary Table Full Records

RFC 7644, "System for Cross-domain Identity Management: Protocol", September 2015

Note: This RFC has been updated by RFC 9865, RFC 9967

Source of RFC: scim (sec)

Errata ID: 4690
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Phil Hunt
Date Reported: 2016-05-10
Held for Document Update by: Deb Cooley
Date Held: 2025-10-28

Section 3.4.2.2 says:

valFilter = attrExp / logExp / *1"not" "(" valFilter ")"

It should say:

valFilter = attrExp / valLogExp / *1"not" "(" valFilter ")"

valLogExp = attrExp SP ("and" / "or") SP attrExp

Notes:

Figure 1 contains the ABNF for SCIM filters. The term "logExp" specifies "FILTER" as an option which unintentionally allows recursion. A valFilter should only allow simple sub-attribute expressions and simple logic. Nesting of valuePath (e.g. attr[a eq b and attr[c eq d]]) should not be possible.

Report New Errata

Search RFCs

RFC Editor

The Series

For Authors

Sponsor

RFC Errata

Errata Search

RFC 7644, "System for Cross-domain Identity Management: Protocol", September 2015