Closed jakedoublev closed 6 months ago
pflynn-virtru
commented
6 months ago If the Attributes are in the form of URL, (specifically https://) then It would be nice to uphold the rules of URL casing.
IIRC scheme, domain name are case-insensitive. Path (attribute name and value) and query parameters are case sensitive
jakedoublev
commented
6 months ago If the Attributes are in the form of URL, (specifically https://) then It would be nice to uphold the rules of URL casing.
IIRC scheme, domain name are case-insensitive. Path (attribute name and value) and query parameters are case sensitive
Thanks for the callout @pflynn-virtru. Here is the relevant ADR about allowed characters & the documented decision which is enforced on create/update within the protos and normalized to lower case on save to the DB
jrschumacher
commented
6 months ago @pflynn-virtru I agree with your assessment of keeping with standardizations. This really calls out weather using a fqn was the ideal solution, but I believe that ship sailed almost a decade ago.
At this point I believe we're going to need to make some strong opinions which will conflict with RFC-3986. This might be similar to how Google's Gmail product diverges from email standards by aliasing all cases, period usage (jrschumacher = j.r.schumacher), and plus addition (jrschumacher+abc123) to the same email address.
We have found that from a developer-experience (DX) perspective, case-sensitivity is far too complex when
From experience, this led me to multiple wasted hours thinking the failure was within my application.
Background
Some PDPs and PEPs may store FQNs out of sync with lowercase FQNs expected by the platform and stored in the DB. Since Create/Update of policy objects are normalized to lowercase, lookup by FQN should be normalized as well.
Acceptance Criteria