RFC Errata
RFC 7644, "System for Cross-domain Identity Management: Protocol", September 2015
Source of RFC: scim (sec)
Errata ID: 8097
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Siqing Zheng
Date Reported: 2024-09-08
Section 3.5.2.1 says:
o If the target location does not exist, the attribute and value are added. o If the target location specifies a complex attribute, a set of sub-attributes SHALL be specified in the "value" parameter. o If the target location specifies a multi-valued attribute, a new value is added to the attribute.
It should say:
N/A Please see Notes.
Notes:
Looks Microsoft Azure had a different understanding about the patch 'add' operation, in which they add an additional element to the multi-value attribute by the filter in the path.
For example,
{
...
"op":"add",
"path":"emails[type eq \"work\"].value"
"value":"example@email.com"
...
}
Microsoft Azure expects to add a new email with value "example@email.com" and type "work".
However, I think it's a pretty hacky way to do it and may not be the RFC intent. I also found there was a discussion about it, which they claim the RFC is not very clear about the patch 'add' part.
Link to discussion on Microsoft platform: https://learn.microsoft.com/en-us/answers/questions/708183/scim-patch-of-complex-multi-valued-attribute-inclu#:~:text=are%20relevant%20here%3A-,If%20the%20target%20location%20does%20not%20exist,-%2C%20the%20attribute%20and
Could we please clarify if such 'add' patch by filter is expected or not? or may be add an extra example?
Thanks!