RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 22 records.

Status: Verified (2)

RFC 7643, "System for Cross-domain Identity Management: Core Schema", September 2015

Source of RFC: scim (sec)

Errata ID: 5990
Status: Verified
Type: Editorial
Publication Format(s) : TEXT

Reported By: Shelley Baker
Date Reported: 2020-02-26
Verifier Name: Barry Leiba
Date Verified: 2020-02-26

Section 8.2 says:

  "addresses": [
    {
      "type": "work",
      "streetAddress": "100 Universal City Plaza",
      "locality": "Hollywood",
      "region": "CA",
      "postalCode": "91608",
      "country": "USA",
      "formatted": "100 Universal City Plaza\nHollywood, CA 91608 USA",
      "primary": true
    },
    {
      "type": "home",
      "streetAddress": "456 Hollywood Blvd",
      "locality": "Hollywood",
      "region": "CA",
      "postalCode": "91608",
      "country": "USA",
      "formatted": "456 Hollywood Blvd\nHollywood, CA 91608 USA"
    }
  ],

It should say:

  "addresses": [
    {
      "type": "work",
      "streetAddress": "100 Universal City Plaza",
      "locality": "Hollywood",
      "region": "CA",
      "postalCode": "91608",
      "country": "US",
      "formatted": "100 Universal City Plaza\nHollywood, CA 91608 USA",
      "primary": true
    },
    {
      "type": "home",
      "streetAddress": "456 Hollywood Blvd",
      "locality": "Hollywood",
      "region": "CA",
      "postalCode": "91608",
      "country": "US",
      "formatted": "456 Hollywood Blvd\nHollywood, CA 91608 USA"
    }
  ],

Notes:

Section 4.1.2 requires the use of the ISO 3166-1 "alpha-2" code format for the "country" attribute; however, sections 8.2 and 8.3 incorrectly specify "USA" instead of "US" for the "country" attribute.

Errata ID: 5991
Status: Verified
Type: Editorial
Publication Format(s) : TEXT

Reported By: Shelley Baker
Date Reported: 2020-02-26
Verifier Name: Barry Leiba
Date Verified: 2020-02-26

Section 8.3 says:

  "addresses": [
    {
      "streetAddress": "100 Universal City Plaza",
      "locality": "Hollywood",
      "region": "CA",
      "postalCode": "91608",
      "country": "USA",
      "formatted": "100 Universal City Plaza\nHollywood, CA 91608 USA",
      "type": "work",
      "primary": true
    },
    {
      "streetAddress": "456 Hollywood Blvd",
      "locality": "Hollywood",
      "region": "CA",
      "postalCode": "91608",
      "country": "USA",
      "formatted": "456 Hollywood Blvd\nHollywood, CA 91608 USA",
      "type": "home"
     }
  ],

It should say:

  "addresses": [
    {
      "streetAddress": "100 Universal City Plaza",
      "locality": "Hollywood",
      "region": "CA",
      "postalCode": "91608",
      "country": "US",
      "formatted": "100 Universal City Plaza\nHollywood, CA 91608 USA",
      "type": "work",
      "primary": true
    },
    {
      "streetAddress": "456 Hollywood Blvd",
      "locality": "Hollywood",
      "region": "CA",
      "postalCode": "91608",
      "country": "US",
      "formatted": "456 Hollywood Blvd\nHollywood, CA 91608 USA",
      "type": "home"
     }
  ],

Notes:

Section 4.1.2 requires the use of the ISO 3166-1 "alpha-2" code format for the "country" attribute; however, sections 8.2 and 8.3 incorrectly specify "USA" instead of "US" for the "country" attribute.

Status: Reported (18)

RFC 7643, "System for Cross-domain Identity Management: Core Schema", September 2015

Source of RFC: scim (sec)

Errata ID: 4979
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: asgs
Date Reported: 2017-03-24

Section 8.5 says:

"location": "https://example.com/v2/ServiceProviderConfig",

It should say:

"location": "https://example.com/v2/ServiceProviderConfigs"

Notes:

Per the details provided on the SCIM website http://www.simplecloud.info/#overview, the endpoint should be /ServiceProviderConfigs. A trailing "s" is missing. The SCIM implementations of major service providers like Facebook, Salesforce, Slack implement /ServiceProviderConfigs

Also, it would be better to replace all occurrences of the word "ServiceProviderConfig" with "ServiceProviderConfigs" wherever applicable, so as to remain sync with the endpoint.

Errata ID: 5368
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Brendan McCollam
Date Reported: 2018-05-24

Section 8.7.1 says:

  {
    "id" : "urn:ietf:params:scim:schemas:core:2.0:Group",
    "name" : "Group",
    "description" : "Group",
    "attributes" : [
      {
        "name" : "displayName",
        "type" : "string",
        "multiValued" : false,
        "description" : "A human-readable name for the Group.
REQUIRED.",
        "required" : false,
        "caseExact" : false,
        "mutability" : "readWrite",
        "returned" : "default",
        "uniqueness" : "none"
      },

It should say:

  {
    "id" : "urn:ietf:params:scim:schemas:core:2.0:Group",
    "name" : "Group",
    "description" : "Group",
    "attributes" : [
      {
        "name" : "displayName",
        "type" : "string",
        "multiValued" : false,
        "description" : "A human-readable name for the Group.
REQUIRED.",
        "required" : true,
        "caseExact" : false,
        "mutability" : "readWrite",
        "returned" : "default",
        "uniqueness" : "none"
      },

Notes:

On page 68, in the JSON example schema for the Group resource, the displayName attribute is highlighted as REQUIRED in the "description" but the value of the "required" field is false. Given that section 4.2 also indicates displayName is a required attribute for Group resources, I believe the conflict in section 8.7.1 is best corrected by changing the value of the "required" attribute to true.

Errata ID: 5606
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Takashi Kato
Date Reported: 2019-01-16

Section 8.7.1 says:

          {
            "name" : "type",
            "type" : "string",
            "multiValued" : false,
            "description" : "The attribute's data type.
              Valid values include 'string', 'complex', 'boolean',
              'decimal', 'integer', 'dateTime', 'reference'.",
            "required" : true,
            "canonicalValues" : [
              "string",
              "complex",
              "boolean",
              "decimal",
              "integer",
              "dateTime",
              "reference"
            ],
            "caseExact" : false,
            "mutability" : "readOnly",
            "returned" : "default",
            "uniqueness" : "none"
          },

It should say:

          {
            "name" : "type",
            "type" : "string",
            "multiValued" : false,
            "description" : "The attribute's data type.
              Valid values include 'string', 'complex', 'boolean',
              'decimal', 'integer', 'dateTime', 'reference', 'binary'.",
            "required" : true,
            "canonicalValues" : [
              "string",
              "complex",
              "boolean",
              "decimal",
              "integer",
              "dateTime",
              "reference",
              "binary"
            ],
            "caseExact" : false,
            "mutability" : "readOnly",
            "returned" : "default",
            "uniqueness" : "none"
          },

Notes:

On page 83, the "canonicalValues" definition of "type" attribute missing "binary".

Errata ID: 5607
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Takashi Kato
Date Reported: 2019-01-16

Section 8.7.2 says:

              {
                "name" : "referenceTypes",
                "type" : "string",
                "multiValued" : false,
                "description" : "Used only with an attribute of type
                  'reference'.  Specifies a SCIM resourceType that a
                  reference attribute MAY refer to, e.g., 'User'.",
                "required" : false,
                "caseExact" : true,
                "mutability" : "readOnly",
                "returned" : "default",
                "uniqueness" : "none"
              }

It should say:

              {
                "name" : "referenceTypes",
                "type" : "string",
                "multiValued" : true,
                "description" : "Used only with an attribute of type
                  'reference'.  Specifies a SCIM resourceType that a
                  reference attribute MAY refer to, e.g., 'User'.",
                "required" : false,
                "caseExact" : true,
                "mutability" : "readOnly",
                "returned" : "default",
                "uniqueness" : "none"
              }

Notes:

On page 90, the multiValued of resourceTypes should be true.

Errata ID: 5999
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Shelley Baker
Date Reported: 2020-03-02

Section 8.7.1 says:

"id" : "urn:ietf:params:scim:schemas:core:2.0:User",
"name" : "User",
"description" : "User Account",

"id" : "urn:ietf:params:scim:schemas:core:2.0:Group",
"name" : "Group",
"description" : "Group",

"id" : "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
"name" : "EnterpriseUser",
"description" : "Enterprise User"

It should say:

"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Schema"],
"id" : "urn:ietf:params:scim:schemas:core:2.0:User",
"name" : "User",
"description" : "User Account",

"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Schema"],
"id" : "urn:ietf:params:scim:schemas:core:2.0:Group",
"name" : "Group",
"description" : "Group",

"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Schema"],
"id" : "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
"name" : "EnterpriseUser",
"description" : "Enterprise User"

Notes:

The "schemas" attribute is missing from the example JSON representation schema resources. According to Sections 2.1 and Section 3, the "schemas" attribute is a REQUIRED and MUST be provided.

Errata ID: 6000
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Shelley Baker
Date Reported: 2020-03-02

Section 8.7.1 says:

      {
        "name" : "x509Certificates",
        "type" : "complex",
        "multiValued" : true,
        "description" : "A list of certificates issued to the User.",
        "required" : false,
        "caseExact" : false,
        "subAttributes" : [
          {
            "name" : "value",
            "type" : "binary",
            "multiValued" : false,
            "description" : "The value of an X.509 certificate.",
            "required" : false,
            "caseExact" : false,
            "mutability" : "readWrite",
            "returned" : "default",
            "uniqueness" : "none"
          },

It should say:

      {
        "name" : "x509Certificates",
        "type" : "complex",
        "multiValued" : true,
        "description" : "A list of certificates issued to the User.",
        "required" : false,
        "caseExact" : false,
        "subAttributes" : [
          {
            "name" : "value",
            "type" : "binary",
            "multiValued" : false,
            "description" : "The value of an X.509 certificate.",
            "required" : false,
            "caseExact" : true,
            "mutability" : "readWrite",
            "returned" : "default",
            "uniqueness" : "none"
          },

Notes:

Section 2.3.6 indicates that "binary is case exact." The "x509Certificates" binary "value" subattribute's "caseExact" characteristic is currently listed as "false", but should be "true".

Errata ID: 6001
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Shelley Baker
Date Reported: 2020-03-02

Section 8.7.1 says:

      {
        "name" : "profileUrl",
        "type" : "reference",
        "referenceTypes" : ["external"],
        "multiValued" : false,
        "description" : "A fully qualified URL pointing to a page representing the User's online profile.",
        "required" : false,
        "caseExact" : false,
        "mutability" : "readWrite",
        "returned" : "default",
        "uniqueness" : "none"
      },


      {
        "name" : "photos",
        "type" : "complex",
        "multiValued" : true,
        "description" : "URLs of photos of the User.",
        "required" : false,
        "subAttributes" : [
          {
            "name" : "value",
            "type" : "reference",
            "referenceTypes" : ["external"],
            "multiValued" : false,
            "description" : "URL of a photo of the User.",
            "required" : false,
            "caseExact" : false,
            "mutability" : "readWrite",
            "returned" : "default",
            "uniqueness" : "none"
          },


          {
            "name" : "$ref",
            "type" : "reference",
            "referenceTypes" : [
              "User",
              "Group"
            ],
            "multiValued" : false,
            "description" : "The URI of the corresponding 'Group' resource to which the user belongs.",
            "required" : false,
            "caseExact" : false,
            "mutability" : "readOnly",
            "returned" : "default",
            "uniqueness" : "none"
          },

It should say:

      {
        "name" : "profileUrl",
        "type" : "reference",
        "referenceTypes" : ["external"],
        "multiValued" : false,
        "description" : "A fully qualified URL pointing to a page representing the User's online profile.",
        "required" : false,
        "caseExact" : true,
        "mutability" : "readWrite",
        "returned" : "default",
        "uniqueness" : "none"
      },


      {
        "name" : "photos",
        "type" : "complex",
        "multiValued" : true,
        "description" : "URLs of photos of the User.",
        "required" : false,
        "subAttributes" : [
          {
            "name" : "value",
            "type" : "reference",
            "referenceTypes" : ["external"],
            "multiValued" : false,
            "description" : "URL of a photo of the User.",
            "required" : false,
            "caseExact" : true,
            "mutability" : "readWrite",
            "returned" : "default",
            "uniqueness" : "none"
          },


          {
            "name" : "$ref",
            "type" : "reference",
            "referenceTypes" : [
              "User",
              "Group"
            ],
            "multiValued" : false,
            "description" : "The URI of the corresponding 'Group' resource to which the user belongs.",
            "required" : false,
            "caseExact" : true,
            "mutability" : "readOnly",
            "returned" : "default",
            "uniqueness" : "none"
          },

Notes:

Section 2.3.7 indicates that "A reference is case exact." Section 8.7.1 defines a number of "reference" attributes that incorrectly have the "caseExact" characteristic set to "false"; these should instead be "true."

Errata ID: 6004
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Shelley Baker
Date Reported: 2020-03-03

Section 8.7.1 says:

      {
        "name" : "name",
        "type" : "complex",
        ...
        "uniqueness" : "none"
      },
      ...
      {
        "name" : "emails",
        "type" : "complex",
        ...
        "uniqueness" : "none"
      },
      ...
      {
        "name" : "addresses",
        "type" : "complex",
        ...
        "uniqueness" : "none"
      },

It should say:

      {
        "name" : "name",
        "type" : "complex",
        ...
      },
      ...
      {
        "name" : "emails",
        "type" : "complex",
        ...
      },
      ...
      {
        "name" : "addresses",
        "type" : "complex",
        ...
      },

Notes:

The "emails", "name", and "addresses" complex user attributes have a "uniqueness" characteristic defined. According to Section 2.3.8, complex attributes have no uniqueness. No other complex attributes in Section 8.7.1 specify a "uniqueness" characteristic. For compliance with Section 2.3.8 and consistency with other attribute definitions, the "uniqueness" sub-attribute for these complex attributes should be removed.

Errata ID: 6007
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Shelley Baker
Date Reported: 2020-03-04

Section 8.7.1 says:

      {
        "name" : "preferredLanguage",
        "type" : "string",
        "multiValued" : false,
        "description" : "Indicates the User's preferred written or
spoken language.  Generally used for selecting a localized user
interface; e.g., 'en_US' specifies the language English and country
US.",
        "required" : false,
        "caseExact" : false,
        "mutability" : "readWrite",
        "returned" : "default",
        "uniqueness" : "none"
      },

It should say:

      {
        "name" : "preferredLanguage",
        "type" : "string",
        "multiValued" : false,
        "description" : "Indicates the User's preferred written or
spoken language.  Generally used for selecting a localized user
interface; e.g., 'en-US' specifies the language English and country
US.",
        "required" : false,
        "caseExact" : false,
        "mutability" : "readWrite",
        "returned" : "default",
        "uniqueness" : "none"
      },

Notes:

The "preferredLanguage" attribute, as defined in Section 4.1.1, follows RFC 7231's "Accept-Language" format, where "en_US" would not be syntactically valid, since language tags are separated by hyphens, not underscores.

Errata ID: 6011
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Shelley Baker
Date Reported: 2020-03-09

Section 8.7.1 says:

      {
        "name" : "members",
        "type" : "complex",
        "multiValued" : true,
        "description" : "A list of members of the Group.",
        "required" : false,
        "subAttributes" : [
          {
            "name" : "value",
            "type" : "string",
            "multiValued" : false,
            "description" : "Identifier of the member of this Group.",
            "required" : false,
            "caseExact" : false,
            "mutability" : "immutable",
            "returned" : "default",
            "uniqueness" : "none"
          },
          {
            "name" : "$ref",
            "type" : "reference",
            "referenceTypes" : [
              "User",
              "Group"
            ],
            "multiValued" : false,
            "description" : "The URI corresponding to a SCIM resource
that is a member of this Group.",
            "required" : false,
            "caseExact" : false,
            "mutability" : "immutable",
            "returned" : "default",
            "uniqueness" : "none"
          },
          {
            "name" : "type",
            "type" : "string",
            "multiValued" : false,
            "description" : "A label indicating the type of resource,
e.g., 'User' or 'Group'.",
            "required" : false,
            "caseExact" : false,
            "canonicalValues" : [
              "User",
              "Group"
            ],
            "mutability" : "immutable",
            "returned" : "default",
            "uniqueness" : "none"
          }
        ],
        "mutability" : "readWrite",
        "returned" : "default"
      }

It should say:

      {
        "name" : "members",
        "type" : "complex",
        "multiValued" : true,
        "description" : "A list of members of the Group.",
        "required" : false,
        "subAttributes" : [
          {
            "name" : "value",
            "type" : "string",
            "multiValued" : false,
            "description" : "Identifier of the member of this Group.",
            "required" : false,
            "caseExact" : false,
            "mutability" : "immutable",
            "returned" : "default",
            "uniqueness" : "none"
          },
          {
            "name" : "$ref",
            "type" : "reference",
            "referenceTypes" : [
              "User",
              "Group"
            ],
            "multiValued" : false,
            "description" : "The URI corresponding to a SCIM resource
that is a member of this Group.",
            "required" : false,
            "caseExact" : false,
            "mutability" : "immutable",
            "returned" : "default",
            "uniqueness" : "none"
          },
          {
            "name" : "type",
            "type" : "string",
            "multiValued" : false,
            "description" : "A label indicating the type of resource,
e.g., 'User' or 'Group'.",
            "required" : false,
            "caseExact" : false,
            "canonicalValues" : [
              "User",
              "Group"
            ],
            "mutability" : "immutable",
            "returned" : "default",
            "uniqueness" : "none"
          },
          {
            "name": "display",
            "type": "string",
            "multiValued": false,
            "description": "A human-readable name for the group member, primarily used for display purposes.",
            "required": false,
            "caseExact": false,
            "mutability": "readOnly",
            "returned": "default",
            "uniqueness": "none"
          }
        ],
        "mutability" : "readWrite",
        "returned" : "default"
      }

Notes:

The group "members" attribute should define a "display" sub-attribute.

* Section 2.4 defines a standard multi-valued read-only attribute of "display".
* The Group Representation example in Section 8.4 also includes the "members.display" sub-attribute.
* This discussion in the SCIM mailing list [1] also indicates that this should be fixed.

[1] https://mailarchive.ietf.org/arch/msg/scim/EH99Gxn-hDluihMNtWLIekuFCs8/

Errata ID: 6403
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Andrew Webb
Date Reported: 2021-01-21

Section 4.3 says:

      value  The "id" of the SCIM resource representing the user's
         manager.  RECOMMENDED.

      $ref  The URI of the SCIM resource representing the User's
         manager.  RECOMMENDED.

It should say:

      value  The "id" of the SCIM resource representing the user's
         manager.  REQUIRED.

      $ref  The URI of the SCIM resource representing the User's
         manager.  REQUIRED.

Notes:

The descriptions of the sub-attributes "value" and "$ref" on pages 71 and 72 indicate that these two are required, not recommended.

E.g. "The id of the SCIM resource representing
the User's manager. REQUIRED."

Given that no other value in the RFC is RECOMMENDED, it would seem likely that these two sub-sttributes should be REQUIRED and not RECOMMENDED.

Errata ID: 7522
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Leonardo Speranzon
Date Reported: 2023-05-23

Section 8.7.2 says:

{
        "name" : "schemaExtensions",
        "type" : "complex",
        "multiValued" : false,
        "description" : "A list of URIs of the resource type's schema
          extensions.",
        "required" : true,
        "mutability" : "readOnly",
        "returned" : "default",
        "subAttributes" : [
          {
            "name" : "schema",
            "type" : "reference",
            "referenceTypes" : ["uri"],
            "multiValued" : false,
            "description" : "The URI of a schema extension.",
            "required" : true,
            "caseExact" : true,
            "mutability" : "readOnly",
            "returned" : "default",
            "uniqueness" : "none"
          },

It should say:

{
        "name" : "schemaExtensions",
        "type" : "complex",
        "multiValued" : true,
        "description" : "A list of URIs of the resource type's schema
          extensions.",
        "required" : true,
        "mutability" : "readOnly",
        "returned" : "default",
        "subAttributes" : [
          {
            "name" : "schema",
            "type" : "reference",
            "referenceTypes" : ["uri"],
            "multiValued" : false,
            "description" : "The URI of a schema extension.",
            "required" : true,
            "caseExact" : true,
            "mutability" : "readOnly",
            "returned" : "default",
            "uniqueness" : "none"
          },

Notes:

The description of "schemaExtensions" say that it is a list and also its name is plural. This contradict the value of "multiValued" setted to false. I believe that the "multiValued" attribute should be setted to "true".

Errata ID: 8011
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Éloi Rivard
Date Reported: 2024-06-30

Section 8.7.2 says:

      {
        "name" : "authenticationSchemes",
        "type" : "complex",
        "multiValued" : true,
        "description" : "A complex type that specifies supported
          authentication scheme properties.",
        "required" : true,
        "returned" : "default",
        "mutability" : "readOnly",
        "subAttributes" : [
          {
            "name" : "name",
            "type" : "string",
            "multiValued" : false,
            "description" : "The common authentication scheme name,
              e.g., HTTP Basic.",
            "required" : true,
            "caseExact" : false,
            "mutability" : "readOnly",
            "returned" : "default",
            "uniqueness" : "none"
          },
          {
            "name" : "description",
            "type" : "string",
            "multiValued" : false,
            "description" : "A description of the authentication
              scheme.",
            "required" : true,
            "caseExact" : false,
            "mutability" : "readOnly",
            "returned" : "default",
            "uniqueness" : "none"
          },
          {
            "name" : "specUri",
            "type" : "reference",
            "referenceTypes" : ["external"],
            "multiValued" : false,
            "description" : "An HTTP-addressable URL pointing to the
              authentication scheme's specification.",
            "required" : false,
            "caseExact" : false,
            "mutability" : "readOnly",
            "returned" : "default",
            "uniqueness" : "none"
          },
          {
            "name" : "documentationUri",
            "type" : "reference",
            "referenceTypes" : ["external"],
            "multiValued" : false,
            "description" : "An HTTP-addressable URL pointing to the
              authentication scheme's usage documentation.",
            "required" : false,
            "caseExact" : false,
            "mutability" : "readOnly",
            "returned" : "default",
            "uniqueness" : "none"
          }
        ]
      }

It should say:

      {
        "name" : "authenticationSchemes",
        "type" : "complex",
        "multiValued" : true,
        "description" : "A complex type that specifies supported
          authentication scheme properties.",
        "required" : true,
        "returned" : "default",
        "mutability" : "readOnly",
        "subAttributes" : [
          {
            "name" : "type",
            "type" : "string",
            "multiValued" : false,
            "description" : "The authentication scheme.",
            "required" : true,
            "caseExact" : false,
            "canonicalValues" : [
              "oauth",
              "oauth2",
              "oauthbearertoken",
              "httpbasic",
              "httpdigest"
            ],
            "mutability" : "readOnly",
            "returned" : "default",
            "uniqueness" : "none"
          },
          {
            "name" : "name",
            "type" : "string",
            "multiValued" : false,
            "description" : "The common authentication scheme name,
              e.g., HTTP Basic.",
            "required" : true,
            "caseExact" : false,
            "mutability" : "readOnly",
            "returned" : "default",
            "uniqueness" : "none"
          },
          {
            "name" : "description",
            "type" : "string",
            "multiValued" : false,
            "description" : "A description of the authentication
              scheme.",
            "required" : true,
            "caseExact" : false,
            "mutability" : "readOnly",
            "returned" : "default",
            "uniqueness" : "none"
          },
          {
            "name" : "specUri",
            "type" : "reference",
            "referenceTypes" : ["external"],
            "multiValued" : false,
            "description" : "An HTTP-addressable URL pointing to the
              authentication scheme's specification.",
            "required" : false,
            "caseExact" : false,
            "mutability" : "readOnly",
            "returned" : "default",
            "uniqueness" : "none"
          },
          {
            "name" : "documentationUri",
            "type" : "reference",
            "referenceTypes" : ["external"],
            "multiValued" : false,
            "description" : "An HTTP-addressable URL pointing to the
              authentication scheme's usage documentation.",
            "required" : false,
            "caseExact" : false,
            "mutability" : "readOnly",
            "returned" : "default",
            "uniqueness" : "none"
          }
        ]
      }

Notes:

§5 explicitly defines a `type` attribute for ServiceProviderConfig, with canonical values ("oauth", "oauth2", "oauthbearertoken", "httpbasic", "httpdigest"). The canonical values should appear in the schema representation, thus the whole `type` attribute should be part of the schema representation.

In addition this would made the `readOnly` mutability explicit.

Errata ID: 8281
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Matthias Winter
Date Reported: 2025-02-05

Section 7 says:


      required  A Boolean value that specifies whether or not the
         attribute is required.

It should say:


      required  A Boolean value that specifies whether or not the
         attribute is required. If an attribute is "required", 
         clients MUST specify the attribute in the PUT request, 
         see section 3.5.1 of RFC7644.

Notes:

The definition of the "required" characteristic is recursive and has no explanatory value. A reference to RFC7644 makes it much clearer.

Errata ID: 8279
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Matthias Winter
Date Reported: 2025-02-05

Section 7 says:

         server  The value SHOULD be unique within the context of the
            current SCIM endpoint (or tenancy) and MAY be globally
            unique (e.g., a "username", email address, or other
            server-generated key or counter).  No two resources on the
            same server SHOULD possess the same value.

It should say:

         server  The value for the attribute SHOULD be different from 
            all other values for the attribute in any resource on the 
            same server which use the same schema definition. Uniqueness 
            MAY be restricted to resources accessible to the same tenant.

Notes:

The definition is highly ambiguous. Assume a service provider offering the two endpoints /Users and /BusinessUsers. Assume that both resource types use the schema "urn:ietf:params:scim:schemas:core:2.0:User". Further, assume that the service provider serves two tenants, each having access to only a fraction of the resources.

Uniqueness within the context of the SCIM endpoint means that a User and a BusinessUser *can* have the same "userName", but two Users *cannot* exist on the server with the same "userName".
Uniqueness within the context of the tenancy means that a User and a BusinessUser *cannot* have the same "userName" if accessible to the same tenant, but two Users *can* exist on the server with the same "userName" if they are not accessible to the same tenant.
Finally, the uniqueness in the sense of the second sentence means that a User and a BusinessUser *cannot* have the same "userName" and two Users *cannot* exist on the server with the same "userName" irrespective of the tenancy.

Because the option is named "server" and not "endpoint", I assume it is not intended to be restricted endpoints, but rather applies to all resource types using the schema. I also assume a restriction to tenancy is intended. Without this restriction it would be possible for a tenant to determine values of not accessible resources by a brute-force attack.

Let me note that the usage of SHOULD instead of MUST does not make much sense here, because a service provider offering the schema to clients will always know for sure if it enforces uniqueness or not. On the other hand, changing SHOULD to MUST is beyond the scope of errata.

Errata ID: 8280
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Matthias Winter
Date Reported: 2025-02-05

Section 1.1 says:

---- Section 1.1 ----
   The key words "REQUIRED" and "OPTIONAL" are used throughout this
   document to indicate whether an attribute or schema element is
   required or optional.  These key words may be used alone (e.g.,
   "REQUIRED.") or in a sentence.  If not specified, an attribute is
   considered to be optional.

---- Section 2.2 ----
   o  "required" is "false" (i.e., not REQUIRED),

It should say:

---- Section 1.1 ----
   The key words "REQUIRED" and "OPTIONAL" are used throughout this
   document to indicate whether an attribute or schema element is
   required to have a value or not.  These key words may be used alone (e.g.,
   "REQUIRED.") or in a sentence.  If not specified, an attribute value is
   considered to be optional.

---- Section 2.2 ----
   o  "required" is "false",

Notes:

There are three ways in which an attribute can be required. The correction makes clear which one is meant.

1) Support is REQUIRED: It must be possible that the attribute has a value, i.e. it cannot be omitted from the schema.
2) A value is REQUIRED: The server must make sure that the attribute always has a value.
3) The attribute characteristic "required" is set to "true": If an attribute is "required", clients MUST specify the attribute in the PUT request. [RFC7644]

Analogous interpretations are possible for OPTIONAL.

While almost all usages of REQUIRED and OPTIONAL are compatible to the second interpretation, one usage in section 2.2 clearly refers to the third one and should be removed.

Errata ID: 6005
Status: Reported
Type: Editorial
Publication Format(s) : TEXT

Reported By: Shelley Baker
Date Reported: 2020-03-03

Section 8.7.1 says:

      {
        "name" : "addresses",
        "type" : "complex",
        "multiValued" : true,
        "description" : "A physical mailing address for this User. Canonical type values of 'work', 'home', and 'other'.  This attribute is a complex type with the following sub-attributes.",
        "required" : false,
        "subAttributes" : [
          {
            "name" : "formatted",
            "type" : "string",
            "multiValued" : false,
            "description" : "The full mailing address, formatted for display or use with a mailing label.  This attribute MAY contain newlines.",
            "required" : false,
            "caseExact" : false,
            "mutability" : "readWrite",
            "returned" : "default",
            "uniqueness" : "none"
          },
          {
            "name" : "streetAddress",
            "type" : "string",
            "multiValued" : false,
            "description" : "The full street address component, which may include house number, street name, P.O. box, and multi-line extended street address information.  This attribute MAY contain newlines.",
            "required" : false,
            "caseExact" : false,
            "mutability" : "readWrite",
            "returned" : "default",
            "uniqueness" : "none"
          },
          {
            "name" : "locality",
            "type" : "string",
            "multiValued" : false,
            "description" : "The city or locality component.",
            "required" : false,
            "caseExact" : false,
            "mutability" : "readWrite",
            "returned" : "default",
            "uniqueness" : "none"
          },
          {
            "name" : "region",
            "type" : "string",
            "multiValued" : false,
            "description" : "The state or region component.",
            "required" : false,
            "caseExact" : false,
            "mutability" : "readWrite",
            "returned" : "default",
            "uniqueness" : "none"
          },
          {
            "name" : "postalCode",
            "type" : "string",
            "multiValued" : false,
            "description" : "The zip code or postal code component.",
            "required" : false,
            "caseExact" : false,
            "mutability" : "readWrite",
            "returned" : "default",
            "uniqueness" : "none"
          },
          {
            "name" : "country",
            "type" : "string",
            "multiValued" : false,
            "description" : "The country name component.",
            "required" : false,
            "caseExact" : false,
            "mutability" : "readWrite",
            "returned" : "default",
            "uniqueness" : "none"
          },
          {
            "name" : "type",
            "type" : "string",
            "multiValued" : false,
            "description" : "A label indicating the attribute's function, e.g., 'work' or 'home'.",
            "required" : false,
            "caseExact" : false,
            "canonicalValues" : [
              "work",
              "home",
              "other"
            ],
            "mutability" : "readWrite",
            "returned" : "default",
            "uniqueness" : "none"
          }
        ],
        "mutability" : "readWrite",
        "returned" : "default",
        "uniqueness" : "none"
      },

It should say:

      {
        "name" : "addresses",
        "type" : "complex",
        "multiValued" : true,
        "description" : "A physical mailing address for this User. Canonical type values of 'work', 'home', and 'other'.  This attribute is a complex type with the following sub-attributes.",
        "required" : false,
        "subAttributes" : [
          {
            "name" : "formatted",
            "type" : "string",
            "multiValued" : false,
            "description" : "The full mailing address, formatted for display or use with a mailing label.  This attribute MAY contain newlines.",
            "required" : false,
            "caseExact" : false,
            "mutability" : "readWrite",
            "returned" : "default",
            "uniqueness" : "none"
          },
          {
            "name" : "streetAddress",
            "type" : "string",
            "multiValued" : false,
            "description" : "The full street address component, which may include house number, street name, P.O. box, and multi-line extended street address information.  This attribute MAY contain newlines.",
            "required" : false,
            "caseExact" : false,
            "mutability" : "readWrite",
            "returned" : "default",
            "uniqueness" : "none"
          },
          {
            "name" : "locality",
            "type" : "string",
            "multiValued" : false,
            "description" : "The city or locality component.",
            "required" : false,
            "caseExact" : false,
            "mutability" : "readWrite",
            "returned" : "default",
            "uniqueness" : "none"
          },
          {
            "name" : "region",
            "type" : "string",
            "multiValued" : false,
            "description" : "The state or region component.",
            "required" : false,
            "caseExact" : false,
            "mutability" : "readWrite",
            "returned" : "default",
            "uniqueness" : "none"
          },
          {
            "name" : "postalCode",
            "type" : "string",
            "multiValued" : false,
            "description" : "The zip code or postal code component.",
            "required" : false,
            "caseExact" : false,
            "mutability" : "readWrite",
            "returned" : "default",
            "uniqueness" : "none"
          },
          {
            "name" : "country",
            "type" : "string",
            "multiValued" : false,
            "description" : "The country name component.",
            "required" : false,
            "caseExact" : false,
            "mutability" : "readWrite",
            "returned" : "default",
            "uniqueness" : "none"
          },
          {
            "name" : "type",
            "type" : "string",
            "multiValued" : false,
            "description" : "A label indicating the attribute's function, e.g., 'work' or 'home'.",
            "required" : false,
            "caseExact" : false,
            "canonicalValues" : [
              "work",
              "home",
              "other"
            ],
            "mutability" : "readWrite",
            "returned" : "default",
            "uniqueness" : "none"
          },
          {
            "name" : "primary",
            "type" : "boolean",
            "multiValued" : false,
            "description" : "A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred mailing address.  The primary attribute value 'true' MUST appear no more than once.",
            "required" : false,
            "mutability" : "readWrite",
            "returned" : "default"
          }
        ],
        "mutability" : "readWrite",
        "returned" : "default",
        "uniqueness" : "none"
      },

Notes:

The "addresses" user attribute should specify a "primary" sub-attribute. "addresses" is a multi-valued attribute. According to Section 2.4, multi-valued attributes include a "primary" sub-attribute. The "primary" sub-attribute text even mentions this attribute's use for mailing "addresses."

Errata ID: 6727
Status: Reported
Type: Editorial
Publication Format(s) : TEXT

Reported By: Will Springer
Date Reported: 2021-10-28

Section 8.7.2 says:

      {
        "name" : "description",
        "type" : "string",
        "multiValued" : false,
        "description" : "The schema's human-readable name.  When
          applicable, service providers MUST specify the name,
          e.g., 'User'.",
        "required" : false,
        "caseExact" : false,
        "mutability" : "readOnly",
        "returned" : "default",
        "uniqueness" : "none"
      },

It should say:

      {
        "name" : "description",
        "type" : "string",
        "multiValued" : false,
        "description" : "The schema's human-readable description.  When
          applicable, service providers MUST specify the description.",
        "required" : false,
        "caseExact" : false,
        "mutability" : "readOnly",
        "returned" : "default",
        "uniqueness" : "none"
      },

Notes:

The previous description was that for the "name" attribute. Updated to the standard text for the "description" attribute.

Status: Rejected (2)

RFC 7643, "System for Cross-domain Identity Management: Core Schema", September 2015

Source of RFC: scim (sec)

Errata ID: 7921
Status: Rejected
Type: Technical
Publication Format(s) : TEXT

Reported By: Francois LASNE
Date Reported: 2024-05-03
Rejected by: Deb Cooley
Date Rejected: 2024-05-04

Section 8.5 says:

"authenticationSchemes": [
      {
        "name": "OAuth Bearer Token",
        "description":
          "Authentication scheme using the OAuth Bearer Token Standard",
        "specUri": "http://www.rfc-editor.org/info/rfc6750",
        "documentationUri": "http://example.com/help/oauth.html",
        "type": "oauthbearertoken",
        "primary": true
      }

It should say:

"authenticationSchemes": [
      {
        "name": "OAuth Bearer Token",
        "description":
          "Authentication scheme using the OAuth Bearer Token Standard",
        "specUri": "http://www.rfc-editor.org/info/rfc6750",
        "documentationUri": "http://example.com/help/oauth.html",
        "type": "oauthbearertoken"
      }

Notes:

The concept of primary is not authenticationScheme is not defined in the paragraph 5
it contains only
authenticationSchemes
A multi-valued complex type that specifies supported
authentication scheme properties. To enable seamless discovery of
configurations, the service provider SHOULD, with the appropriate
security considerations, make the authenticationSchemes attribute
publicly accessible without prior authentication. REQUIRED. The
following sub-attributes are defined:

type The authentication scheme. This specification defines the
values "oauth", "oauth2", "oauthbearertoken", "httpbasic", and
"httpdigest". REQUIRED.

name The common authentication scheme name, e.g., HTTP Basic.
REQUIRED.

description A description of the authentication scheme.
REQUIRED.

specUri An HTTP-addressable URL pointing to the authentication
scheme's specification. OPTIONAL.

documentationUri An HTTP-addressable URL pointing to the
authentication scheme's usage documentation. OPTIONAL.



=====> another option would be to add the primary attribute defining that is is the authentication scheme that should be considered first
--VERIFIER NOTES--

Primary is defined as part of complex multi-valued attributes section 2.4.

Errata ID: 6438
Status: Rejected
Type: Editorial
Publication Format(s) : TEXT

Reported By: Andrew Webb
Date Reported: 2021-02-23
Rejected by: Barry Leiba
Date Rejected: 2021-02-23

Section 3.1. says:

     version  The version of the resource being returned.  This value
         must be the same as the entity-tag (ETag) HTTP response header
         (see Sections 2.1 and 2.3 of [RFC7232]).  This attribute has
         "caseExact" as "true".  Service provider support for this
         attribute is optional and subject to the service provider's
         support for versioning (see Section 3.14 of [RFC7644]).  If a
         service provider provides "version" (entity-tag) for a
         representation and the generation of that entity-tag does not
         satisfy all of the characteristics of a strong validator (see
         Section 2.1 of [RFC7232]), then the origin server MUST mark the
         "version" (entity-tag) as weak by prefixing its opaque value
         with "W/" (case sensitive).

It should say:

     version  The version of the resource being returned.  This value
         must be the same as the entity-tag (ETag) HTTP response header
         (see Sections 2.1 and 2.3 of [RFC7232]).  This attribute has
         "caseExact" as "true".  Service provider support for this
         attribute is optional and subject to the service provider's
         support for versioning (see Section 3.14 of [RFC7644]).  If a
         service provider provides "version" (entity-tag) for a
         representation and the generation of that entity-tag does not
         satisfy all of the characteristics of a strong validator (see
         Section 2.1 of [RFC7232]), then the origin server MUST mark the
         "version" (entity-tag) as weak by prefixing its opaque value
         with "W/" (case sensitive).

Notes:

In the original text, the hyperlinks applied to "2.1" and "2.3" incorrectly link to those sections in RFC 7643, whereas they should link to those sections in RFC 7232.
--VERIFIER NOTES--
Errata reports are for errors in the canonical version, which, for these RFCs, are the plain text versions. HTML renderings that include heuristically-generated links aren't covered by the errata system.

Report New Errata



Advanced Search