When it comes to security, you are probably better off comparing things case insensitive. Like email providers also tend to do. It would be too easy to send a message to [email protected] when you meant [email protected] otherwise, which ca be very problematic. About filters, yeah that’s one of the bigger problems implementing SCIM. I implemented it myself but am not aware of any open source implementation. Look out for literal strings as they must be valid JSON strings which means they may use JSON escaping rules.

Agree on the emails (even just from mobile devices having a habit of putting capital letters in unintentional places), but I was more meaning the attribute keys, eg "username", "familyName" being case-insensitive. I'd be happy enough with any casing convention here, but would prefer one case sensitive one.

I suspect in practice most systems just use camelCase, but they could use TitleCase / ALL CAPS / etc which bugs me as it feels like a committee couldn't agree and decided "why not all of them".

There's a good chance there's historical context I'm missing, though I'd like to imagine any SCIM V3 might have stricter rules on that kinda of thing to reduce implementation complexity

In case anyone else is interested, I managed to get chatgpt to spit out an almost complete grammar https://github.com/mnahkies/node-scim/pull/7 - it's not perfect, but it did significantly better than when I asked it the same thing 9 months ago and got garbage/had to attempt writing my own from scratch (it's new attempt is more complete than my previous hand written attempt, I'm a bit of a skeptic, but credit where it's due)