Re: [scim] Thoughts on the SCIM Cursor Based Pagination draft

"Sehgal, Anjali" <anjalisg@amazon.com> Wed, 07 December 2022 19:47 UTC

Return-Path: <prvs=33343c251=anjalisg@amazon.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A731AC1524C6 for <scim@ietfa.amsl.com>; Wed, 7 Dec 2022 11:47:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.897
X-Spam-Level:
X-Spam-Status: No, score=-11.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3X3f5GcBTp9W for <scim@ietfa.amsl.com>; Wed, 7 Dec 2022 11:47:53 -0800 (PST)
Received: from smtp-fw-6002.amazon.com (smtp-fw-6002.amazon.com [52.95.49.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFCC8C1524C4 for <scim@ietf.org>; Wed, 7 Dec 2022 11:47:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1670442473; x=1701978473; h=from:to:date:message-id:references:in-reply-to: mime-version:subject; bh=imJZ/eiqD9aXNBNyqF/O0qQVCIFUI01J3AnW8r3KYhQ=; b=Ahuf6BHBJNzwAOEFY5UUW1C3NdLpIAhdyMbp3emBs+DYbbHqFYj9n8+R LH2jaN1eWwm6PT7XxsPGF9M1CC92kqHE5qxX0PqN9s8yiWfx5jSUCbyFD 4lTaLCcmh2kfjPuSxAX2AIk7HbKs3qtnlbKkIZmX+2QBRqg3LZLo6Maln E=;
X-IronPort-AV: E=Sophos;i="5.96,225,1665446400"; d="scan'208,217";a="274861900"
Thread-Topic: [scim] Thoughts on the SCIM Cursor Based Pagination draft
Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO email-inbound-relay-iad-1a-m6i4x-617e30c2.us-east-1.amazon.com) ([10.43.8.6]) by smtp-border-fw-6002.iad6.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Dec 2022 19:47:51 +0000
Received: from EX13MTAUEE001.ant.amazon.com (iad12-ws-svc-p26-lb9-vlan2.iad.amazon.com [10.40.163.34]) by email-inbound-relay-iad-1a-m6i4x-617e30c2.us-east-1.amazon.com (Postfix) with ESMTPS id 38C9B625D9 for <scim@ietf.org>; Wed, 7 Dec 2022 19:47:50 +0000 (UTC)
Received: from EX19D014UEA003.ant.amazon.com (10.252.134.168) by EX13MTAUEE001.ant.amazon.com (10.43.62.200) with Microsoft SMTP Server (TLS) id 15.0.1497.42; Wed, 7 Dec 2022 19:47:50 +0000
Received: from EX19D014UEA003.ant.amazon.com (10.252.134.168) by EX19D014UEA003.ant.amazon.com (10.252.134.168) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.1118.20; Wed, 7 Dec 2022 19:47:50 +0000
Received: from EX19D014UEA003.ant.amazon.com ([fe80::e4e7:1c85:21fb:5422]) by EX19D014UEA003.ant.amazon.com ([fe80::e4e7:1c85:21fb:5422%3]) with mapi id 15.02.1118.020; Wed, 7 Dec 2022 19:47:50 +0000
From: "Sehgal, Anjali" <anjalisg@amazon.com>
To: "scim@ietf.org" <scim@ietf.org>
Thread-Index: AQHZCmgp3aRyAR8oOUONc7ecjyR6/65igPCA
Date: Wed, 07 Dec 2022 19:47:50 +0000
Message-ID: <87B84568-4F41-456D-BDD1-3C87599DCD46@amazon.com>
References: <CAKSYhST7CP5+dDhzModUAxvqvNp0neLDjF4yQZt0ovB6KS9A-Q@mail.gmail.com>
In-Reply-To: <CAKSYhST7CP5+dDhzModUAxvqvNp0neLDjF4yQZt0ovB6KS9A-Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.136.4.240]
Content-Type: multipart/alternative; boundary="_000_87B845684F41456DBDD13C87599DCD46amazoncom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/D_8ONLGX72SZ7nwEjcQ4i87z7Iw>
Subject: Re: [scim] Thoughts on the SCIM Cursor Based Pagination draft
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Dec 2022 19:47:57 -0000

Hello All,

I am in support of WG adoption of the cursor-based pagination draft. It definitely is a much needed extension to the existing SCIM specification.

Thanks
Anjali

Anjali Sehgal (she/her)

Software Development Manager, AWS Identity | Amazon Web Services (AWS)

From: scim <scim-bounces@ietf.org> on behalf of David Brossard <dbrossard=40salesforce.com@dmarc.ietf.org>
Date: Wednesday, December 7, 2022 at 1:17 PM
To: "scim@ietf.org" <scim@ietf.org>
Subject: RE: [EXTERNAL][scim] Thoughts on the SCIM Cursor Based Pagination draft


CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.


Dear all,

We're also in support of WG adoption of the cursor-based pagination draft. Cursor-based pagination is definitely a problem that needs tackling.

Cheers,
David.
--
David Brossard
Sr. Director of Product Management
Identity | Salesforce


---------- Forwarded message ----------
From: Pamela Dingle <Pamela.Dingle@microsoft.com<mailto:Pamela.Dingle@microsoft.com>>
To: "Saxe, Dean" <deansaxe=40amazon.com@dmarc.ietf.org<mailto:40amazon.com@dmarc.ietf.org>>, "scim@ietf.org<mailto:scim@ietf.org>" <scim@ietf.org<mailto:scim@ietf.org>>
Cc:
Bcc:
Date: Tue, 6 Dec 2022 05:27:27 +0000
Subject: Re: [scim] [EXTERNAL] Thoughts on the SCIM Cursor Based Pagination draft
I too am in support of WG adoption of the cursor-based pagination draft.

This group has done a great job of examining alternatives, we have dedicated a lot of time to the topic and at this point, I believe Nancy and Aaron will be able to identify sufficient interest in both editorship and in review/implementation participants to let us get this draft formally into the process.  We may not have all the details right yet, but that's ok, we aren't voting to finalize the draft, only to begin work. And as Dean noted, there is no reason why both the cursor-based and the event-based drafts can't be worked on at the same time.

Looking forward to chatting tomorrow in the interim meeting!

Cheers,

Pam
________________________________
From: scim <scim-bounces@ietf.org<mailto:scim-bounces@ietf.org>> on behalf of Saxe, Dean <deansaxe=40amazon.com@dmarc.ietf.org<mailto:40amazon.com@dmarc.ietf.org>>
Sent: Tuesday, December 6, 2022 7:25 AM
To: scim@ietf.org<mailto:scim@ietf.org> <scim@ietf.org<mailto:scim@ietf.org>>
Subject: [EXTERNAL] [scim] Thoughts on the SCIM Cursor Based Pagination draft


Some people who received this message don't often get email from deansaxe=40amazon.com@dmarc.ietf.org<mailto:40amazon.com@dmarc.ietf.org>. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification>


Since IETF115 last month, I have had multiple conversations regarding the need for a cursor-based pagination mechanism in SCIM. The discussions were driven by the challenges of using index-based pagination mechanisms with large data sets. Through this work it has become clear to me that cursor-based pagination is a significant improvement over the existing index-based mechanism. This is specifically called out in draft-peterson-scim-cursor-pagination-01<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-peterson-scim-cursor-pagination%2F&data=05%7C01%7Cpamela.dingle%40microsoft.com%7C13033f2d54a447283a1808dad7074dc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638058723706186540%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ClzbHcPxmClZs407p%2B1MBM7BqFbcnQWfUiE6dawoHp8%3D&reserved=0>: “Translating from an underlying cursor-based pagination pattern to the index-based pagination defined in Section 3.4.2.4 of [RFC7644] ultimately requires the SCIM service provider to fully iterate the underlying cursor, store the results, and then serve indexed pages from the stored results. This task of "pagination translation" dramatically increases complexity and memory requirements for implementing a SCIM Service Provider, and may be an impediment to SCIM adoption for some applications and identity systems."



Beyond the implementation challenges posed by index-based pagination, cursor-based pagination addresses the need for strong read consistency in SCIM.  Further, this gap is addressed in the draft by building upon the existing primitives in the SCIM RFCs using RESTful APIs. The draft does not require existing servers or clients to change their implementation if the current patterns are sufficient. Servers that choose to enable cursor-based pagination may continue to support an index-based method. Importantly, the changes required in SCIM clients to enable support for the proposed cursor-based pagination are narrowly scoped.



Recognizing that there is also support for an event-based model as proposed in draft-ietf-scim-events-00<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-scim-events%2F00%2F&data=05%7C01%7Cpamela.dingle%40microsoft.com%7C13033f2d54a447283a1808dad7074dc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638058723706342797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=eotK90BZXXIzaRnaHnVPEaKvjbJgUEAr4rjTWINYovg%3D&reserved=0>, I want to be careful not to frame the discussion as an either-or proposition. None of the proposed changes for cursor-based pagination detract from the proposed event driven model. Instead, both models may be used by implementers, if necessary to meet the implementers’ use cases.



Based on this, I propose that the working group focuses on adopting the Internet-Draft for cursor-based pagination to meet the industry’s immediate needs with minimal protocol changes, while continuing to develop the event-based draft.



I invite other working group members to add their thoughts, as well.



Respectfully,

-dhs



--

Dean H. Saxe, CIDPRO<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fidpro.org%2Fcidpro%2F&data=05%7C01%7Cpamela.dingle%40microsoft.com%7C13033f2d54a447283a1808dad7074dc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638058723706342797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=hXvkl8CdbDXDb0%2F9tvDsRcbZbMvb8%2FgTF5Y%2Fsv0z3rc%3D&reserved=0> (he/him)

Senior Security Engineer, AWS Identity Trust Team | Amazon Web Services (AWS)

E: deansaxe@amazon.com<mailto:deansaxe@amazon.com> | M: 206-659-7293<tel:206-659-7293>