Re: [scim] pagination for users in READ of single group GET /Groups/{id}
Karen Nguyen <knguyen@slack-corp.com> Thu, 20 June 2019 15:26 UTC
Return-Path: <knguyen@slack-corp.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 650181200C1 for <scim@ietfa.amsl.com>; Thu, 20 Jun 2019 08:26:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=slack-corp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mQIiTZCUfmng for <scim@ietfa.amsl.com>; Thu, 20 Jun 2019 08:26:10 -0700 (PDT)
Received: from mail-qt1-x836.google.com (mail-qt1-x836.google.com [IPv6:2607:f8b0:4864:20::836]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FC6C120041 for <scim@ietf.org>; Thu, 20 Jun 2019 08:26:10 -0700 (PDT)
Received: by mail-qt1-x836.google.com with SMTP id x47so3542210qtk.11 for <scim@ietf.org>; Thu, 20 Jun 2019 08:26:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=slack-corp.com; s=google; h=from:mime-version:subject:date:references:to:in-reply-to:message-id; bh=LIQXm1SwuGZyZaGrU3PEPQxUIjgJJLeevI2Y5JyVW1M=; b=ar89yU0KXSxfE1yjpDOQHP4Frw/W3gK3lVrxaNOsRHLCS0yxKMO1l+nAe+s/DqG9FK NRCvspScK5pR1H6FrhYi4V8Ecg1bIKl1VgyY9E2QulCN3px62PsmESx37fxvzeBw3H08 pD2RR+gICdgLf8TOekfwDzpnNUbCkGJUOk+lE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:date:references:to :in-reply-to:message-id; bh=LIQXm1SwuGZyZaGrU3PEPQxUIjgJJLeevI2Y5JyVW1M=; b=LGd9hcuczTqJBpMuLWYD4fs9lidbzS8htq8rpVscTzWkYnoZYcMKtS2GZKBGmX8WKg PYHGZvZAR/5rZ8GSUo5AgXzJSvxVFaYDFP4pNbIX5H8MPr3wylDoVd9h1z/ejcboYSy8 kOUwQ6WrG1YTCGdYdjHMH9fuhMhyV1vP0MoZD6QTMw9qyc5Jx2wKWcmPPMk5G8cUhwfs OYR3eJwmMMC+vGvk/WeGaCg0DozqxPLjP+NuFafIgylt1EEgvW3Aombpv+bHCnFNatUl FCGzJI7RxfyXd62Xuz0JAP9hr3t3HtUkcpzKbLcj97ithI3DIpWI0t5Yy0w6m0Kjd59x 6IfQ==
X-Gm-Message-State: APjAAAX8sO0i1lepxZHGa9m07hrE/FqfwxThUhU5En0G06ZAbiG6Pfcs f7Ovr7Q/07z9KMSDe5Fo+wzBH5WzkLv93A==
X-Google-Smtp-Source: APXvYqyyh71/NwerEYI2YBajSXExyFv3Ot8KzoHfik9f23sNnL0v/OyCQeHL93VOyuvnnCV57EiJfw==
X-Received: by 2002:aed:3f0c:: with SMTP id p12mr47619432qtf.109.1561044368706; Thu, 20 Jun 2019 08:26:08 -0700 (PDT)
Received: from [10.50.131.178] ([4.73.15.158]) by smtp.gmail.com with ESMTPSA id u7sm1027qtc.25.2019.06.20.08.26.07 for <scim@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 Jun 2019 08:26:07 -0700 (PDT)
From: Karen Nguyen <knguyen@slack-corp.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_9AA13172-9BD6-41C1-9B9E-C4241993BEEF"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Thu, 20 Jun 2019 08:26:05 -0700
References: <mailman.3136.1553016590.6143.scim@ietf.org>
To: scim@ietf.org
In-Reply-To: <mailman.3136.1553016590.6143.scim@ietf.org>
Message-Id: <60FB8AD7-F5E6-4585-8770-556C3C19F628@slack-corp.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/67Bd0iotMoEx5rcjCUsHUzQzQGU>
Subject: Re: [scim] pagination for users in READ of single group GET /Groups/{id}
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jun 2019 15:26:14 -0000
Hi folks,
I’d like to echo that we are also encountering scaling challenges for the GET /Groups/{id} endpoint when the group contains 50k+ users.
We are considering leveraging the specification SCIM 2.0 section 3.4.2.4 Pagination.
Would you recommend this, or do you have other guidance on what to do in this case.
Thanks,
Karen Nguyen
> On Mar 19, 2019, at 10:29 AM, scim-request@ietf.org wrote:
>
> Send scim mailing list submissions to
> scim@ietf.org <mailto:scim@ietf.org>
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://www.ietf.org/mailman/listinfo/scim <https://www.ietf.org/mailman/listinfo/scim>
> or, via email, send a message with subject or body 'help' to
> scim-request@ietf.org <mailto:scim-request@ietf.org>
>
> You can reach the person managing the list at
> scim-owner@ietf.org <mailto:scim-owner@ietf.org>
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of scim digest..."
> Today's Topics:
>
> 1. Help needed on READ of single group GET /Groups/{id}
> (Ashok Dhakar)
>
> From: Ashok Dhakar <adhakar@vmware.com <mailto:adhakar@vmware.com>>
> Subject: [scim] Help needed on READ of single group GET /Groups/{id}
> Date: March 19, 2019 at 10:29:23 AM PDT
> To: "scim@ietf.org <mailto:scim@ietf.org>" <scim@ietf.org <mailto:scim@ietf.org>>
>
>
> Hi Team,
>
> The standard response defines the single group get result as
> {
> "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"],
> "id":"e9e30dba-f08f-4109-8486-d5c6a331660a",
> "displayName": "Tour Guides",
> "members":[
> {
> "value": "2819c223-7f76-453a-919d-413861904646",
> "$ref": "https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646 <https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646>",
> "display": "Babs Jensen"
> },
> {
> "value": "902c246b-6245-4190-8e05-00816be7344a",
> "$ref": "https://example.com/v2/Users/902c246b-6245-4190-8e05-00816be7344a <https://example.com/v2/Users/902c246b-6245-4190-8e05-00816be7344a>",
> "display": "Mandy Pepperidge"
> }
> ],
> "meta": {
> "resourceType": "Group",
> "created": "2010-01-23T04:56:22Z",
> "lastModified": "2011-05-13T04:42:34Z",
> "version": "W\/\"3694e05e9dff592\"",
> "location": "https://example.com/v2/Groups/e9e30dba-f08f-4109-8486-d5c6a331660a <https://example.com/v2/Groups/e9e30dba-f08f-4109-8486-d5c6a331660a>"
> }
> }
>
> In our case we have group with 50k members, so every time SCIM call is being made to GET the group details by its /Groups/{Id}
> We encounter performance problems as it ends up listing of all the members every time.
> The problem becomes worse when we try to list of groups and each group contains 50k members. GET /Groups/{id}?count=20
>
> As of now we are circumventing the problem by specifying the attributes as part of scim request /Groups/{id}?attributes=id,displayName.
>
> Every time we do 3rd party integration with SCIM compliant adapters which is responsible for pushing the user information to our identity solutions this becomes as bottleneck,
> as it requires code changes.
>
> I was thinking to address this in the following way
> Show only few members as part of /Groups/{id}
> Provide another endpoint to fetch members with pagination support /Groups/{id}/members?count=100
>
> I would like to know any better solutions to this problem or work in progress to address this so that I don’t implement the custom solution.
>
> Regards,
> Ashok
>
>
>
> _______________________________________________
> scim mailing list
> scim@ietf.org <mailto:scim@ietf.org>
> https://www.ietf.org/mailman/listinfo/scim <https://www.ietf.org/mailman/listinfo/scim>
- Re: [scim] pagination for users in READ of single… Karen Nguyen