RFC Errata
RFC 7643, "System for Cross-domain Identity Management: Core Schema", September 2015
Source of RFC: scim (sec)
Errata ID: 8011
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Éloi Rivard
Date Reported: 2024-06-30
Section 8.7.2 says:
{
"name" : "authenticationSchemes",
"type" : "complex",
"multiValued" : true,
"description" : "A complex type that specifies supported
authentication scheme properties.",
"required" : true,
"returned" : "default",
"mutability" : "readOnly",
"subAttributes" : [
{
"name" : "name",
"type" : "string",
"multiValued" : false,
"description" : "The common authentication scheme name,
e.g., HTTP Basic.",
"required" : true,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "description",
"type" : "string",
"multiValued" : false,
"description" : "A description of the authentication
scheme.",
"required" : true,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "specUri",
"type" : "reference",
"referenceTypes" : ["external"],
"multiValued" : false,
"description" : "An HTTP-addressable URL pointing to the
authentication scheme's specification.",
"required" : false,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "documentationUri",
"type" : "reference",
"referenceTypes" : ["external"],
"multiValued" : false,
"description" : "An HTTP-addressable URL pointing to the
authentication scheme's usage documentation.",
"required" : false,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
}
]
}
It should say:
{
"name" : "authenticationSchemes",
"type" : "complex",
"multiValued" : true,
"description" : "A complex type that specifies supported
authentication scheme properties.",
"required" : true,
"returned" : "default",
"mutability" : "readOnly",
"subAttributes" : [
{
"name" : "type",
"type" : "string",
"multiValued" : false,
"description" : "The authentication scheme.",
"required" : true,
"caseExact" : false,
"canonicalValues" : [
"oauth",
"oauth2",
"oauthbearertoken",
"httpbasic",
"httpdigest"
],
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "name",
"type" : "string",
"multiValued" : false,
"description" : "The common authentication scheme name,
e.g., HTTP Basic.",
"required" : true,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "description",
"type" : "string",
"multiValued" : false,
"description" : "A description of the authentication
scheme.",
"required" : true,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "specUri",
"type" : "reference",
"referenceTypes" : ["external"],
"multiValued" : false,
"description" : "An HTTP-addressable URL pointing to the
authentication scheme's specification.",
"required" : false,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "documentationUri",
"type" : "reference",
"referenceTypes" : ["external"],
"multiValued" : false,
"description" : "An HTTP-addressable URL pointing to the
authentication scheme's usage documentation.",
"required" : false,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
}
]
}
Notes:
§5 explicitly defines a `type` attribute for ServiceProviderConfig, with canonical values ("oauth", "oauth2", "oauthbearertoken", "httpbasic", "httpdigest"). The canonical values should appear in the schema representation, thus the whole `type` attribute should be part of the schema representation.
In addition this would made the `readOnly` mutability explicit.