URNs of extension schemas are removed during processing, losing their namespace protection.

[pond]

SCIM JSON payloads include the URN of extension schemas, which serve as namespaces for attributes therein.

Internally, a significant limitation of Scimitar v1 and v2 is that schema URNs are removed during payload processing. The same is true when handling filter strings in GET requests. This is why scim_attributes_map does not namespace the added extension's attributes. Attribute names must therefore be unique across the entire arising schema. If an extension uses an attribute name that's already used in the base schema or another included extension, it will collide; you'd realise this as soon as you tried to add to scim_attributes_map, since an existing same-named attribute would already be declared there.

This is not believed to be a problem with the extension schema currently described by the SCIM RFCs, but it might be an issue for someone with a custom schema one day. It's also just obviously fragile - for all its excessive complexity, the SCIM specification's use of URNs to make sure that extensions don't collide with one another is clearly a good idea and Scimitar should respect it.

Fixing this would very likely require significant breaking changes to Scimitar's public API, with an arising increase to Scimitar's major version number and discontinuation of the v1 branch entirely.

[pond]

Note diff in #131 as part of doing this work (in particular comments about QueryParser#parse API extension).