RFC Errata


Errata Search
 
Source of RFC  
Summary Table Full Records

RFC 7643, "System for Cross-domain Identity Management: Core Schema", September 2015

Source of RFC: scim (sec)

Errata ID: 7921
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Francois LASNE
Date Reported: 2024-05-03
Rejected by: Deb Cooley
Date Rejected: 2024-05-04

Section 8.5 says: 

"authenticationSchemes": [
      {
        "name": "OAuth Bearer Token",
        "description":
          "Authentication scheme using the OAuth Bearer Token Standard",
        "specUri": "http://www.rfc-editor.org/info/rfc6750",
        "documentationUri": "http://example.com/help/oauth.html",
        "type": "oauthbearertoken",
        "primary": true
      }

It should say:

"authenticationSchemes": [
      {
        "name": "OAuth Bearer Token",
        "description":
          "Authentication scheme using the OAuth Bearer Token Standard",
        "specUri": "http://www.rfc-editor.org/info/rfc6750",
        "documentationUri": "http://example.com/help/oauth.html",
        "type": "oauthbearertoken"
      }

Notes:

The concept of primary is not authenticationScheme is not defined in the paragraph 5
it contains only
authenticationSchemes
A multi-valued complex type that specifies supported
authentication scheme properties. To enable seamless discovery of
configurations, the service provider SHOULD, with the appropriate
security considerations, make the authenticationSchemes attribute
publicly accessible without prior authentication. REQUIRED. The
following sub-attributes are defined:

type The authentication scheme. This specification defines the
values "oauth", "oauth2", "oauthbearertoken", "httpbasic", and
"httpdigest". REQUIRED.

name The common authentication scheme name, e.g., HTTP Basic.
REQUIRED.

description A description of the authentication scheme.
REQUIRED.

specUri An HTTP-addressable URL pointing to the authentication
scheme's specification. OPTIONAL.

documentationUri An HTTP-addressable URL pointing to the
authentication scheme's usage documentation. OPTIONAL.



=====> another option would be to add the primary attribute defining that is is the authentication scheme that should be considered first
--VERIFIER NOTES--

Primary is defined as part of complex multi-valued attributes section 2.4.

Report New Errata



Advanced Search