Re: [scim] Root Query & Search Requirements

Shelley <randomshelley@gmail.com> Mon, 02 March 2020 14:47 UTC

Return-Path: <randomshelley@gmail.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92CC13A0805 for <scim@ietfa.amsl.com>; Mon, 2 Mar 2020 06:47:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y1eUyoO8RkZw for <scim@ietfa.amsl.com>; Mon, 2 Mar 2020 06:47:37 -0800 (PST)
Received: from mail-vk1-xa33.google.com (mail-vk1-xa33.google.com [IPv6:2607:f8b0:4864:20::a33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7542A3A07D4 for <scim@ietf.org>; Mon, 2 Mar 2020 06:47:37 -0800 (PST)
Received: by mail-vk1-xa33.google.com with SMTP id a76so1415584vki.13 for <scim@ietf.org>; Mon, 02 Mar 2020 06:47:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=lXKaN770uZsJIilpl4+zO2JC8hqydXXO5Dd1YN/6jWk=; b=RIpUIhmEtHhmoZqph5dWGrinjhwN0NDLqp8KrffjMjYBcbUTC/AoKNy4ujX15keliC HeYPARfR+p1rRYUIx3Kw6WWKyVQr3qgwxoaVc62AD6o2ZePXFYsxGpLmBDwrNKe6URL3 5AfywoE+tgnPZuddwhgieoyAipPZBx2bQUC23z0pX7lKWduDcna4LTLyP+4oh1mu9pgz o/ZPs1ke/Yr556WJ55ls622wufc7ugrJhFoDGuOmtsMg/s76muYqlVqbgNiwMZWOOMxX J595iVeH595HPq/0tks0kuE4iJNTP7OAGk2Wko4KQWGFsbFQ0MJOWhqOEz72wHZmfAo6 +gdA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=lXKaN770uZsJIilpl4+zO2JC8hqydXXO5Dd1YN/6jWk=; b=L5JFYJRUgCuONP8fqMpWqI2nDeKOwwBIO0czauwDzz8l7HhjOv0VjQgqQyeLPV6p3r ZHrk6CdKMOGEokC2rnSmGzDp46du4mKdqAswVJrWcLelJ3GpckBnS6RTDs0/vH4xI4ZM Aufd/W5tOxMq/Si7pADQ5zaa0IEb86ev3wAv6GTxHdnnpuihje1XHyiteghVcinuGWkl wg28XmNbMqLbPyBnvEPiucaG+l0UG94XvDxFyjzPv/75EvKOQmC40EZxnc1+h5En9uHe cAJKCooIOr8EypXUoFcJTRjmbRxkVLaOyU759q/s5A6wGGtlGlrbc4topPHAu1HBeQLg K6CA==
X-Gm-Message-State: ANhLgQ2UmhaOKPEwcmCY5baqGvLl5R06TYkPk6q2/fYu22nul/ejKTzE iy8lRvcAOQSRvbSTHVjTjp1wFfldopRYXIOMLgiJ6W8o
X-Google-Smtp-Source: =?utf-8?q?ADFU+vvODm7/nSHM7HfALeQBowhNkPDtPcFnBdl1OIoh?= =?utf-8?q?VG3b7aZnwXHb0HR/JK1P8Rl3l2vxjCs/www8w7L8IWXllPE=3D?=
X-Received: by 2002:ac5:cce3:: with SMTP id k3mr17136vkn.95.1583160456486; Mon, 02 Mar 2020 06:47:36 -0800 (PST)
MIME-Version: 1.0
References: <CAGUsYPxXAHUfn03_ePrD1rVtToZjiYgFiEYz=+OPnhno65g0+g@mail.gmail.com> <12070853-9D12-4C07-A11D-29B67905BA0A@independentid.com>
In-Reply-To: <12070853-9D12-4C07-A11D-29B67905BA0A@independentid.com>
From: Shelley <randomshelley@gmail.com>
Date: Mon, 2 Mar 2020 08:47:25 -0600
Message-ID: <CAGUsYPyWi1nswXcoH2VPDZET65B217rXMYvYnDgDPSu9hm_pYA@mail.gmail.com>
To: Phillip Hunt <phil.hunt@independentid.com>
Cc: scim@ietf.org
Content-Type: multipart/alternative; boundary="000000000000a1a4c0059fe044fe"
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/1oyWOSiCWDltxa1998bnWNxh4CI>
Subject: Re: [scim] Root Query & Search Requirements
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Mar 2020 14:47:40 -0000

Thanks.

If I'm understanding correctly, the server root supports two types of
requests:

   - Searching via POST /.search [1]
   - Querying via GET / [2]

Questions:

   - The root server endpoint is not defined as a well-known endpoint in
   Section 3.2 [3]. Given that general purpose querying (not just searching)
   seems to be supported on this endpoint, should it be defined in this
   section?
   - Are SCIM service providers REQUIRED to support querying and/or
   searching on the root server endpoint? Ticket #42 [4] provided text and an
   SP configuration attribute that more clearly indicated that support for
   this was OPTIONAL, but this was omitted from the final spec. Does this mean
   SPs MUST support querying/searching at the server root?

[1] https://tools.ietf.org/html/rfc7644#section-3.4.3
[2] https://tools.ietf.org/html/rfc7644#section-3.4.2
[3] https://tools.ietf.org/html/rfc7644#section-3.2
[4] https://trac.ietf.org/trac/scim/ticket/42

On Sat, Feb 29, 2020 at 11:05 AM Phillip Hunt <phil.hunt@independentid.com>
wrote:

> Shelley,
>
> Section 3.4.2.1 of RFC7644 states that the server root is a valid search
> endpoint.
>
> The root is not and endpoint for the purpose of holding resources. It only
> holds the resource type containers (which each define their own endpoint)
> and which in turn contain resources
>
> The use case for querying from the root came from implementers who were
> using SCIM in a directory lookup style of functionality and performing
> search while typing type of functionality. In these cases the scim client
> does not know what type of resource the user wants and wants to be able to
> return all resource types, or a specific set of types (like Users and
> Groups).
>
> Phil Hunt
> @independentid
> phil.hunt@independentid.com
>
>
>
> On Feb 26, 2020, at 11:47 AM, Shelley <randomshelley@gmail.com> wrote:
>
> The server root is not defined as a supported endpoint [1] for querying
> (GET), yet the inline text for the Query Resources section [2] implies that
> it is a required endpoint responsible for returning all resource types:
>
> *> Queries MAY be performed against a SCIM resource object, a resource
>> type endpoint, or a SCIM server root.*
>>
>
> *> A query against a server root indicates that all resources within the
>> server SHALL be included, subject to filtering....*
>>
>
> *> When processing query operations using endpoints that include more than
>> one SCIM resource type (e.g., a query from the server root endpoint)...*
>>
>
> Similarly, searching (POST) [3] seems to assume that the search is
> attached to a valid SCIM endpoint, although the root is not clearly defined
> as such:
>
> * > The inclusion of "/.search" on the end of a valid SCIM endpoint...*
>>
>
> I found some old tickets/discussions [4,5,6] that proposed making these
> requirements more clear in the RFC text and service provider configuration,
> but that clarity doesn't appear to have made its way into the final RFCs.
>
> Can someone provide some clarity on whether the server root must be a
> supported SCIM endpoint responsible for returning all resources (subject to
> standard filtering) and/or if it must support the .search capability?
>
> Our SCIM implementation does not currently have any use cases that would
> benefit from querying/searching across resource types, any I would prefer
> to add any custom support there unless it becomes necessary (i.e. just
> return a basic 404 response for any requests to the server root as an
> unknown/unsupported resource).
>
> [1] https://tools.ietf.org/html/rfc7644#section-3.2
> [2] https://tools.ietf.org/html/rfc7644#section-3.4.2
> [3] https://tools.ietf.org/html/rfc7644#section-3.4.3
> [4] https://trac.ietf.org/trac/scim/ticket/42
> [5]
> https://mailarchive.ietf.org/arch/msg/scim/WOT40hJ9t5RB1vEnwGoePWW18dI/
> [6]
> https://mailarchive.ietf.org/arch/msg/scim/MXu6yJ3TxYTm566hW99TGTpvoZg/
> _______________________________________________
> scim mailing list
> scim@ietf.org
> https://www.ietf.org/mailman/listinfo/scim
>
>
>