RFC Errata
RFC 7643, "System for Cross-domain Identity Management: Core Schema", September 2015
Source of RFC: scim (sec)
Errata ID: 8011
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Éloi Rivard
Date Reported: 2024-06-30
Section 8.7.2 says:
{ "name" : "authenticationSchemes", "type" : "complex", "multiValued" : true, "description" : "A complex type that specifies supported authentication scheme properties.", "required" : true, "returned" : "default", "mutability" : "readOnly", "subAttributes" : [ { "name" : "name", "type" : "string", "multiValued" : false, "description" : "The common authentication scheme name, e.g., HTTP Basic.", "required" : true, "caseExact" : false, "mutability" : "readOnly", "returned" : "default", "uniqueness" : "none" }, { "name" : "description", "type" : "string", "multiValued" : false, "description" : "A description of the authentication scheme.", "required" : true, "caseExact" : false, "mutability" : "readOnly", "returned" : "default", "uniqueness" : "none" }, { "name" : "specUri", "type" : "reference", "referenceTypes" : ["external"], "multiValued" : false, "description" : "An HTTP-addressable URL pointing to the authentication scheme's specification.", "required" : false, "caseExact" : false, "mutability" : "readOnly", "returned" : "default", "uniqueness" : "none" }, { "name" : "documentationUri", "type" : "reference", "referenceTypes" : ["external"], "multiValued" : false, "description" : "An HTTP-addressable URL pointing to the authentication scheme's usage documentation.", "required" : false, "caseExact" : false, "mutability" : "readOnly", "returned" : "default", "uniqueness" : "none" } ] }
It should say:
{ "name" : "authenticationSchemes", "type" : "complex", "multiValued" : true, "description" : "A complex type that specifies supported authentication scheme properties.", "required" : true, "returned" : "default", "mutability" : "readOnly", "subAttributes" : [ { "name" : "type", "type" : "string", "multiValued" : false, "description" : "The authentication scheme.", "required" : true, "caseExact" : false, "canonicalValues" : [ "oauth", "oauth2", "oauthbearertoken", "httpbasic", "httpdigest" ], "mutability" : "readOnly", "returned" : "default", "uniqueness" : "none" }, { "name" : "name", "type" : "string", "multiValued" : false, "description" : "The common authentication scheme name, e.g., HTTP Basic.", "required" : true, "caseExact" : false, "mutability" : "readOnly", "returned" : "default", "uniqueness" : "none" }, { "name" : "description", "type" : "string", "multiValued" : false, "description" : "A description of the authentication scheme.", "required" : true, "caseExact" : false, "mutability" : "readOnly", "returned" : "default", "uniqueness" : "none" }, { "name" : "specUri", "type" : "reference", "referenceTypes" : ["external"], "multiValued" : false, "description" : "An HTTP-addressable URL pointing to the authentication scheme's specification.", "required" : false, "caseExact" : false, "mutability" : "readOnly", "returned" : "default", "uniqueness" : "none" }, { "name" : "documentationUri", "type" : "reference", "referenceTypes" : ["external"], "multiValued" : false, "description" : "An HTTP-addressable URL pointing to the authentication scheme's usage documentation.", "required" : false, "caseExact" : false, "mutability" : "readOnly", "returned" : "default", "uniqueness" : "none" } ] }
Notes:
§5 explicitly defines a `type` attribute for ServiceProviderConfig, with canonical values ("oauth", "oauth2", "oauthbearertoken", "httpbasic", "httpdigest"). The canonical values should appear in the schema representation, thus the whole `type` attribute should be part of the schema representation.
In addition this would made the `readOnly` mutability explicit.