Simple Cloud Identity Management Schema 1.0 XML instance issue

This should cover W3C XML Schema, Relax NG and DTD related problems.
davot
Posts: 2

Simple Cloud Identity Management Schema 1.0 XML instance issue

Mon Jun 25, 2012 9:32 am

Hi, I am creating an example XML doc based on urn:scim:schemas:core:1.0

which is available from http://www.simplecloud.info/specs/schema/scim-core.xsd

Oxygen reports errors (see below the code). I find this puzzling since SCIM is not an insignificant standard that some large vendors are behind. Maybe it's because they care less about the XML version and more about the JSON version of the standard that they have been a little tardy with XML validator compatibility?

Code: Select all

<?xml version="1.0" encoding="UTF-8"?>
<tns:User xmlns:ns0="urn:scim:schemas:extension:enterprise:1.0"
 xmlns:tns="urn:scim:schemas:core:1.0"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="urn:scim:schemas:core:1.0 file:/C:/source/SCIM/scim-core.xsd">
 <id>2819c223-7f76-453a-919d-413861904646</id>
 <externalId>701984</externalId>
 <userName>bjensen@example.com</userName>
 <name>
  <formatted>Ms. Babs J Jensen III</formatted>
  <familyName>Jensen</familyName>
  <givenName>Barbara</givenName>
  <middleName>Jane</middleName>
  <honorificPrefix>Ms.</honorificPrefix>
  <honorificSuffix>III</honorificSuffix>
 </name>
 <displayName>Babs Jensen</displayName>
 <nickName>Babs</nickName>
 <profileUrl>https://login.example.com/bjensen</profileUrl>
 <emails>
  <email>
   <value>bjensen@example.com</value>
   <type>work</type>
   <primary>true</primary>
  </email>
  <email>
   <value>babs@jensen.com</value>
   <type>home</type>
  </email>
 </emails>
 <addresses>
  <address>
      <formatted>100 Universal City Plaza\nHollywood, CA 91608 USA</formatted>
      <streetAddress>100 Universal City Plaza</streetAddress>
      <locality>Hollywood</locality>
      <region>CA</region>
      <postalCode>91608</postalCode>
      <country>USA</country>
      <type>work</type>
      <primary>true</primary>
    </address>
  <address>
      <formatted>456 Hollywood Blvd\nHollywood, CA 91608 USA</formatted>
      <streetAddress>456 Hollywood Blvd</streetAddress>
      <locality>San Francisco</locality>
      <region>CA</region>
      <postalCode>91608</postalCode>
      <country>USA</country>
    </address>
 </addresses>
 <phoneNumbers>
  <phoneNumber>
   <value>555-555-5555</value>
   <type>work</type>
  </phoneNumber>
  <phoneNumber>
   <value>555-555-4444</value>
   <type>mobile</type>
  </phoneNumber>
 </phoneNumbers>
 <ims>
  <im>
   <value>someaimhandle</value>
   <type>aim</type>
  </im>
 </ims>
 <photos>
  <photo>
   <value>https://photos.example.com/profilephoto/72930000000Ccne/F</value>
   <type>photo</type>
  </photo>
  <photo>
   <value>https://photos.example.com/profilephoto/72930000000Ccne/T</value>
   <type>thumbnail</type>
   
  </photo>
 </photos>
 <userType>Employee</userType>
 <title>Tour Guide</title>
 <preferredLanguage>en_US</preferredLanguage>
 <locale>en_US</locale>
 <timezone>America/Los_Angeles</timezone>
 <active>true</active>
 <password>t1meMa$heen</password>
 <groups>
  <group>
   <value>e9e30dba-f08f-4109-8486-d5c6a331660a</value>
   <display>Tour Guides</display>
  </group>
  <group>
   <value>6d1a1088-3a56-4371-8e3b-6d48d67493ec</value>
   <display>Employees</display>
  </group>
  <group>
   <value>5fd998b9-d2bd-479c-991b-6790537608dc</value>
   <display>US Employees</display>
  </group>
 </groups>
 <roles>
  <role>
   <value>administrator</value>
  </role>
 </roles>
 <entitlements>
  <entitlement>
   <value>delete users</value>
  </entitlement>
 </entitlements>
 <x509Certificates>
  <x509Certificate>
   <value>
    MIIDQzCCAqygAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMx
    EzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAoMC2V4YW1wbGUuY29tMRQwEgYD
    VQQDDAtleGFtcGxlLmNvbTAeFw0xMTEwMjIwNjI0MzFaFw0xMjEwMDQwNjI0MzFa
    MH8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQKDAtl
    eGFtcGxlLmNvbTEhMB8GA1UEAwwYTXMuIEJhcmJhcmEgSiBKZW5zZW4gSUlJMSIw
    IAYJKoZIhvcNAQkBFhNiamVuc2VuQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0B
    AQEFAAOCAQ8AMIIBCgKCAQEA7Kr+Dcds/JQ5GwejJFcBIP682X3xpjis56AK02bc
    1FLgzdLI8auoR+cC9/Vrh5t66HkQIOdA4unHh0AaZ4xL5PhVbXIPMB5vAPKpzz5i
    PSi8xO8SL7I7SDhcBVJhqVqr3HgllEG6UClDdHO7nkLuwXq8HcISKkbT5WFTVfFZ
    zidPl8HZ7DhXkZIRtJwBweq4bvm3hM1Os7UQH05ZS6cVDgweKNwdLLrT51ikSQG3
    DYrl+ft781UQRIqxgwqCfXEuDiinPh0kkvIi5jivVu1Z9QiwlYEdRbLJ4zJQBmDr
    SGTMYn4lRc2HgHO4DqB/bnMVorHB0CC6AV1QoFK4GPe1LwIDAQABo3sweTAJBgNV
    Mortimore, et al.      Expires September 16, 2012              [Page 34]
   
    Internet-Draft          draft-scim-core-schema-00             March 2012
   
   
    HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
    Y2F0ZTAdBgNVHQ4EFgQU8pD0U0vsZIsaA16lL8En8bx0F/gwHwYDVR0jBBgwFoAU
    dGeKitcaF7gnzsNwDx708kqaVt0wDQYJKoZIhvcNAQEFBQADgYEAA81SsFnOdYJt
    Ng5Tcq+/ByEDrBgnusx0jloUhByPMEVkoMZ3J7j1ZgI8rAbOkNngX8+pKfTiDz1R
    C4+dx8oU6Za+4NJXUjlL5CvV6BEYb1+QAEJwitTVvxB/A67g42/vzgAtoRUeDov1
    +GFiBZ+GNF/cAYKcMtGcrs2i97ZkJMo=
   </value>
  </x509Certificate>
 </x509Certificates>
 <meta>
  <created>2010-01-23T04:56:22Z</created>
  <lastModified>2011-05-13T04:42:34Z</lastModified>
  <version>W/"a330bc54f0671c9"</version>
  <location>https://example.com/v1/Users/2819c223-7f76-453a-919d-413861904646</location>
 </meta>
</tns:User>




The errors are:

System ID: C:\source\SCIM\instance2.xml
Main validation file: C:\source\SCIM\instance2.xml
Schema: C:\source\SCIM\scim-core.xsd
Engine name: Xerces
Severity: error
Description: cvc-type.2: The type definition cannot be abstract for element email.
Start location: 21:4
End location: 21:9
URL: http://www.w3.org/TR/xmlschema-1/#cvc-type

System ID: C:\source\SCIM\instance2.xml
Main validation file: C:\source\SCIM\instance2.xml
Schema: C:\source\SCIM\scim-core.xsd
Engine name: Xerces
Severity: error
Description: cvc-type.2: The type definition cannot be abstract for element email.
Start location: 26:4
End location: 26:9
URL: http://www.w3.org/TR/xmlschema-1/#cvc-type

System ID: C:\source\SCIM\instance2.xml
Main validation file: C:\source\SCIM\instance2.xml
Schema: C:\source\SCIM\scim-core.xsd
Engine name: Xerces
Severity: error
Description: cvc-complex-type.2.4.d: Invalid content was found starting with element 'type'. No child element is expected at this point.
Start location: 39:8
End location: 39:12
URL: http://www.w3.org/TR/xmlschema-1/#cvc-complex-type

System ID: C:\source\SCIM\instance2.xml
Main validation file: C:\source\SCIM\instance2.xml
Schema: C:\source\SCIM\scim-core.xsd
Engine name: Xerces
Severity: error
Description: cvc-complex-type.2.4.d: Invalid content was found starting with element 'type'. No child element is expected at this point.
Start location: 49:8
End location: 49:12
URL: http://www.w3.org/TR/xmlschema-1/#cvc-complex-type

System ID: C:\source\SCIM\instance2.xml
Main validation file: C:\source\SCIM\instance2.xml
Schema: C:\source\SCIM\scim-core.xsd
Engine name: Xerces
Severity: error
Description: cvc-complex-type.2.4.a: Invalid content was found starting with element 'phoneNumbers'. One of '{groups, entitlements, roles, x509Certificates, WC[##other:"urn:scim:schemas:core:1.0"]}' is expected.
Start location: 52:3
End location: 52:15
URL: http://www.w3.org/TR/xmlschema-1/#cvc-complex-type

System ID: C:\source\SCIM\instance2.xml
Main validation file: C:\source\SCIM\instance2.xml
Schema: C:\source\SCIM\scim-core.xsd
Engine name: Xerces
Severity: error
Description: cvc-type.2: The type definition cannot be abstract for element phoneNumber.
Start location: 53:4
End location: 53:15
URL: http://www.w3.org/TR/xmlschema-1/#cvc-type

System ID: C:\source\SCIM\instance2.xml
Main validation file: C:\source\SCIM\instance2.xml
Schema: C:\source\SCIM\scim-core.xsd
Engine name: Xerces
Severity: error
Description: cvc-type.2: The type definition cannot be abstract for element phoneNumber.
Start location: 57:4
End location: 57:15
URL: http://www.w3.org/TR/xmlschema-1/#cvc-type

System ID: C:\source\SCIM\instance2.xml
Main validation file: C:\source\SCIM\instance2.xml
Schema: C:\source\SCIM\scim-core.xsd
Engine name: Xerces
Severity: error
Description: cvc-type.2: The type definition cannot be abstract for element im.
Start location: 63:4
End location: 63:6
URL: http://www.w3.org/TR/xmlschema-1/#cvc-type

System ID: C:\source\SCIM\instance2.xml
Main validation file: C:\source\SCIM\instance2.xml
Schema: C:\source\SCIM\scim-core.xsd
Engine name: Xerces
Severity: error
Description: cvc-type.2: The type definition cannot be abstract for element photo.
Start location: 69:4
End location: 69:9
URL: http://www.w3.org/TR/xmlschema-1/#cvc-type

System ID: C:\source\SCIM\instance2.xml
Main validation file: C:\source\SCIM\instance2.xml
Schema: C:\source\SCIM\scim-core.xsd
Engine name: Xerces
Severity: error
Description: cvc-type.2: The type definition cannot be abstract for element photo.
Start location: 73:4
End location: 73:9
URL: http://www.w3.org/TR/xmlschema-1/#cvc-type

System ID: C:\source\SCIM\instance2.xml
Main validation file: C:\source\SCIM\instance2.xml
Schema: C:\source\SCIM\scim-core.xsd
Engine name: Xerces
Severity: error
Description: cvc-type.2: The type definition cannot be abstract for element group.
Start location: 87:4
End location: 87:9
URL: http://www.w3.org/TR/xmlschema-1/#cvc-type

System ID: C:\source\SCIM\instance2.xml
Main validation file: C:\source\SCIM\instance2.xml
Schema: C:\source\SCIM\scim-core.xsd
Engine name: Xerces
Severity: error
Description: cvc-type.2: The type definition cannot be abstract for element group.
Start location: 91:4
End location: 91:9
URL: http://www.w3.org/TR/xmlschema-1/#cvc-type

System ID: C:\source\SCIM\instance2.xml
Main validation file: C:\source\SCIM\instance2.xml
Schema: C:\source\SCIM\scim-core.xsd
Engine name: Xerces
Severity: error
Description: cvc-type.2: The type definition cannot be abstract for element group.
Start location: 95:4
End location: 95:9
URL: http://www.w3.org/TR/xmlschema-1/#cvc-type

System ID: C:\source\SCIM\instance2.xml
Main validation file: C:\source\SCIM\instance2.xml
Schema: C:\source\SCIM\scim-core.xsd
Engine name: Xerces
Severity: error
Description: cvc-type.2: The type definition cannot be abstract for element role.
Start location: 101:4
End location: 101:8
URL: http://www.w3.org/TR/xmlschema-1/#cvc-type

System ID: C:\source\SCIM\instance2.xml
Main validation file: C:\source\SCIM\instance2.xml
Schema: C:\source\SCIM\scim-core.xsd
Engine name: Xerces
Severity: error
Description: cvc-type.2: The type definition cannot be abstract for element entitlement.
Start location: 106:4
End location: 106:15
URL: http://www.w3.org/TR/xmlschema-1/#cvc-type

System ID: C:\source\SCIM\instance2.xml
Main validation file: C:\source\SCIM\instance2.xml
Schema: C:\source\SCIM\scim-core.xsd
Engine name: Xerces
Severity: error
Description: cvc-type.2: The type definition cannot be abstract for element x509Certificate.
Start location: 111:4
End location: 111:19
URL: http://www.w3.org/TR/xmlschema-1/#cvc-type

System ID: C:\source\SCIM\instance2.xml
Main validation file: C:\source\SCIM\instance2.xml
Schema: C:\source\SCIM\scim-core.xsd
Engine name: Xerces
Severity: error
Description: cvc-complex-type.2.4.a: Invalid content was found starting with element 'location'. One of '{attributes}' is expected.
Start location: 146:4
End location: 146:12
URL: http://www.w3.org/TR/xmlschema-1/#cvc-complex-type
adrian
Posts: 2442

Re: Simple Cloud Identity Management Schema 1.0 XML instance issue

Mon Jun 25, 2012 11:27 am

Hello,

From what I've seen, the SCIM schema seems to have some validation problems from the start. My guess is the schema has been developed (or validated) with a tool that does not adhere to the W3C specification.

One such problem is the declaration of:
<xs:complexType name="SchemaSubAttribute">
which extends a type (multiValuedAttribute) that already contains an element named "type", but then contributes with another element named "type" resulting in:
[Saxon-EE 9.3.0.5] Error in complex type SchemaSubAttribute: Ambiguous content model, element <type> appears more than once

Similarly, <xs:complexType name="multiValuedAttribute" abstract="true"> is declared as an abstract type, but is then used anyway as a base type for a lot of non abstract elements (email, phoneNumber, im, etc). This contradicts the W3C specification:
http://www.w3.org/TR/xmlschema-0/#abstract
This is the problem that's causing errors like:
cvc-type.2: The type definition cannot be abstract for element <elementName>.

Then there are a lot of problems in the XML with the order in which the elements appear. The schema declares most elements as part of a sequence (xs:sequence) so the order in which they appear is significant.

I've reordered the XML to obey the correct order:

Code: Select all

<?xml version="1.0" encoding="UTF-8"?>
<tns:User xmlns:ns0="urn:scim:schemas:extension:enterprise:1.0"
    xmlns:tns="urn:scim:schemas:core:1.0"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="urn:scim:schemas:core:1.0 scim-core2.xsd">
    <id>2819c223-7f76-453a-919d-413861904646</id>
    <meta>
        <created>2010-01-23T04:56:22Z</created>
        <lastModified>2011-05-13T04:42:34Z</lastModified>
        <location>https://example.com/v1/Users/2819c223-7f76-453a-919d-413861904646</location>
        <version>W/"a330bc54f0671c9"</version>
    </meta>
    <externalId>701984</externalId>
    <userName>bjensen@example.com</userName>
    <name>
        <formatted>Ms. Babs J Jensen III</formatted>
        <familyName>Jensen</familyName>
        <givenName>Barbara</givenName>
        <middleName>Jane</middleName>
        <honorificPrefix>Ms.</honorificPrefix>
        <honorificSuffix>III</honorificSuffix>
    </name>
    <displayName>Babs Jensen</displayName>
    <nickName>Babs</nickName>
    <profileUrl>https://login.example.com/bjensen</profileUrl>
    <title>Tour Guide</title>
    <userType>Employee</userType>
    <preferredLanguage>en_US</preferredLanguage>
    <locale>en_US</locale>
    <timezone>America/Los_Angeles</timezone>
    <active>true</active>
    <password>t1meMa$heen</password>
    <emails>
        <email>
            <value>bjensen@example.com</value>
            <primary>true</primary>
            <type>work</type>
        </email>
        <email>
            <value>babs@jensen.com</value>
            <type>home</type>
        </email>
    </emails>
    <phoneNumbers>
        <phoneNumber>
            <value>555-555-5555</value>
            <type>work</type>
        </phoneNumber>
        <phoneNumber>
            <value>555-555-4444</value>
            <type>mobile</type>
        </phoneNumber>
    </phoneNumbers>
    <ims>
        <im>
            <value>someaimhandle</value>
            <type>aim</type>
        </im>
    </ims>
    <photos>
        <photo>
            <value>https://photos.example.com/profilephoto/72930000000Ccne/F</value>
            <type>photo</type>
        </photo>
        <photo>
            <value>https://photos.example.com/profilephoto/72930000000Ccne/T</value>
            <type>thumbnail</type>
           
        </photo>
    </photos>
    <addresses>
        <address>
          <primary>true</primary>
          <type>work</type>
          <formatted>100 Universal City Plaza\nHollywood, CA 91608 USA</formatted>
          <streetAddress>100 Universal City Plaza</streetAddress>
          <locality>Hollywood</locality>
          <region>CA</region>
          <postalCode>91608</postalCode>
          <country>USA</country>
        </address>
        <address>
          <formatted>456 Hollywood Blvd\nHollywood, CA 91608 USA</formatted>
          <streetAddress>456 Hollywood Blvd</streetAddress>
          <locality>San Francisco</locality>
          <region>CA</region>
          <postalCode>91608</postalCode>
          <country>USA</country>
        </address>
    </addresses>
    <groups>
        <group>
            <value>e9e30dba-f08f-4109-8486-d5c6a331660a</value>
            <display>Tour Guides</display>
        </group>
        <group>
            <value>6d1a1088-3a56-4371-8e3b-6d48d67493ec</value>
            <display>Employees</display>
        </group>
        <group>
            <value>5fd998b9-d2bd-479c-991b-6790537608dc</value>
            <display>US Employees</display>
        </group>
    </groups>
    <entitlements>
        <entitlement>
            <value>delete users</value>
        </entitlement>
    </entitlements>
    <roles>
        <role>
            <value>administrator</value>
        </role>
    </roles>
    <x509Certificates>
        <x509Certificate>
            <value>
                MIIDQzCCAqygAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMx
                EzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAoMC2V4YW1wbGUuY29tMRQwEgYD
                VQQDDAtleGFtcGxlLmNvbTAeFw0xMTEwMjIwNjI0MzFaFw0xMjEwMDQwNjI0MzFa
                MH8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQKDAtl
                eGFtcGxlLmNvbTEhMB8GA1UEAwwYTXMuIEJhcmJhcmEgSiBKZW5zZW4gSUlJMSIw
                IAYJKoZIhvcNAQkBFhNiamVuc2VuQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0B
                AQEFAAOCAQ8AMIIBCgKCAQEA7Kr+Dcds/JQ5GwejJFcBIP682X3xpjis56AK02bc
                1FLgzdLI8auoR+cC9/Vrh5t66HkQIOdA4unHh0AaZ4xL5PhVbXIPMB5vAPKpzz5i
                PSi8xO8SL7I7SDhcBVJhqVqr3HgllEG6UClDdHO7nkLuwXq8HcISKkbT5WFTVfFZ
                zidPl8HZ7DhXkZIRtJwBweq4bvm3hM1Os7UQH05ZS6cVDgweKNwdLLrT51ikSQG3
                DYrl+ft781UQRIqxgwqCfXEuDiinPh0kkvIi5jivVu1Z9QiwlYEdRbLJ4zJQBmDr
                SGTMYn4lRc2HgHO4DqB/bnMVorHB0CC6AV1QoFK4GPe1LwIDAQABo3sweTAJBgNV
                Mortimore, et al.      Expires September 16, 2012              [Page 34]
               
                Internet-Draft          draft-scim-core-schema-00             March 2012
               
               
                HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
                Y2F0ZTAdBgNVHQ4EFgQU8pD0U0vsZIsaA16lL8En8bx0F/gwHwYDVR0jBBgwFoAU
                dGeKitcaF7gnzsNwDx708kqaVt0wDQYJKoZIhvcNAQEFBQADgYEAA81SsFnOdYJt
                Ng5Tcq+/ByEDrBgnusx0jloUhByPMEVkoMZ3J7j1ZgI8rAbOkNngX8+pKfTiDz1R
                C4+dx8oU6Za+4NJXUjlL5CvV6BEYb1+QAEJwitTVvxB/A67g42/vzgAtoRUeDov1
                +GFiBZ+GNF/cAYKcMtGcrs2i97ZkJMo=
            </value>
        </x509Certificate>
    </x509Certificates>
</tns:User>



Note that the validation with Saxon EE may be able to give you a more accurate description of these types of problems than the one with Xerces (default). To enable it go to: Options > Preferences, XML > XML Parser > Saxon EE Validation and enable Use Saxon EE as default XML Schema validation engine

Regards,
Adrian
Adrian Buza
<oXygen/> XML Editor, Schema Editor and XSLT Editor/Debugger
http://www.oxygenxml.com
davot
Posts: 2

Re: Simple Cloud Identity Management Schema 1.0 XML instance issue

Thu Oct 04, 2012 12:19 am

Hi Adrian,

I apologize for the late response. This is just to say thanks for your response which is right on the button.

SCIM has changed it's name a little and headed over to IETF since my previous post but there appears to be no changes to the schema.

I think the problem is that they (the IETF SCIM contributors) are totally focused on JSON and the XSD equivalent is a poor cousin.

Regards,
David.
adrian
Posts: 2442

Re: Simple Cloud Identity Management Schema 1.0 XML instance issue

Thu Oct 04, 2012 9:04 am

Hi,

Actually, the schema from http://www.simplecloud.info/specs/schema/scim-core.xsd seems to have been fixed and validates fine now in Oxygen (with both Xerces and Saxon-EE). I've compared it with the local copy I made when we last talked about its issues and someone has definitely fixed the problems I've mentioned.

Regards,
Adrian
Adrian Buza
<oXygen/> XML Editor, Schema Editor and XSLT Editor/Debugger
http://www.oxygenxml.com

Return to “XML Schemas”

Who is online

Users browsing this forum: No registered users and 0 guests