Re: [scim] Thoughts on the SCIM Cursor Based Pagination draft

David Brossard <> Wed, 07 December 2022 18:16 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E4B8AC14CF09 for <>; Wed, 7 Dec 2022 10:16:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.003
X-Spam-Status: No, score=-2.003 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTML_OBFUSCATE_10_20=0.093, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id RrC0eDUMZqDC for <>; Wed, 7 Dec 2022 10:16:48 -0800 (PST)
Received: from ( [IPv6:2a00:1450:4864:20::42b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id 870F0C1522B3 for <>; Wed, 7 Dec 2022 10:16:48 -0800 (PST)
Received: by with SMTP id bx10so29321775wrb.0 for <>; Wed, 07 Dec 2022 10:16:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=hnn2k1IpwQmlbyQ0ZQwp0ZqfpwVGRCJDhISmPan6/oY=; b=ffLTfO9ZSs6xda9P0DzvfsXC3ZQVYQhEvuyZIFq8jA30hiIWfH0xxaNN9gsJN8LKs2 8yTkV8Hif1FtQN/+MBJZjFaGjqQdjJqE+C/yfz6qoFwtCzdKPPB5vCxiLZPzoPK2uFa2 XmbEHLaJjkj/BMAPjdqjEdDimAZcy39Wm/JMU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20210112; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=hnn2k1IpwQmlbyQ0ZQwp0ZqfpwVGRCJDhISmPan6/oY=; b=Z8+faGt69fXTLh+hQvCEce1DsL3GxWWl/1n0PKIJqd0M9X4xe4SF16otkAO+DESN/c zYRILmByWmMmKzyis0H9qdmbtfaP80PMmFz5XXGap5h7kuXbl0TJeCGae6Nyumzrr5La 1tzUmK0ymETb9RrNIsS4BjB0r+8JCVCYCgwHaEl+Q3et9O3ZVUyw0T6HS5PR4KEtYhGs gStdgjD2fvoaQCvCA9pkYygHQk6up6J5X6eQekm6B4Bwab2ttmWVV/W39TtEtFkrInGE 5haV7bT+pqj0730mJ5ZV5l0HaR2LwTBYtLs2fid74tGliAAUNgnKU1omZbPjqcdzNidm WfKA==
X-Gm-Message-State: ANoB5pnLHMtsYcBsMW8q3U1uJLTH88QwHJ1MHK8oT6v74diHA8M+kbD5 M4AOx7ZbDY1vnMY+9b2/whZN1Hbp1Kg1p9ksTp0422icd9MkSdbE1sQ=
X-Google-Smtp-Source: AA0mqf6BsJEUYfsIq8+6h3gRw23p/D1fhF+8scAqnwD5qthL8ZhckAvDxH6QX9mrMlk8lEnwHWHBrOoYtF8Ccg3UqOA=
X-Received: by 2002:adf:fcc8:0:b0:242:453f:fd14 with SMTP id f8-20020adffcc8000000b00242453ffd14mr14262622wrs.468.1670437006569; Wed, 07 Dec 2022 10:16:46 -0800 (PST)
MIME-Version: 1.0
From: David Brossard <>
Date: Wed, 07 Dec 2022 10:16:36 -0800
Message-ID: <>
Content-Type: multipart/alternative; boundary="0000000000006583e005ef40ecc9"
Archived-At: <>
Subject: Re: [scim] Thoughts on the SCIM Cursor Based Pagination draft
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Simple Cloud Identity Management BOF <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 07 Dec 2022 18:16:53 -0000

Dear all,

We're also in support of WG adoption of the cursor-based pagination draft.
Cursor-based pagination is definitely a problem that needs tackling.

*David Brossard*
Sr. Director of Product Management
Identity | Salesforce

---------- Forwarded message ----------
From: Pamela Dingle <>
To: "Saxe, Dean" <>, "" <>
Date: Tue, 6 Dec 2022 05:27:27 +0000
Subject: Re: [scim] [EXTERNAL] Thoughts on the SCIM Cursor Based Pagination
I too am in support of WG adoption of the cursor-based pagination draft.

This group has done a great job of examining alternatives, we have dedicated
a lot of time to the topic and at this point, I believe Nancy and Aaron
will be able to identify sufficient interest in both editorship and in
review/implementation participants to let us get this draft formally into
the process.  We may not have all the details right yet, but that's ok, we
aren't voting to finalize the draft, only to begin work. And as Dean noted,
there is no reason why *both* the cursor-based and the event-based drafts
can't be worked on at the same time.

Looking forward to chatting tomorrow in the interim meeting!


*From:* scim <> on behalf of Saxe, Dean <deansaxe=>
*Sent:* Tuesday, December 6, 2022 7:25 AM
*To:* <>
*Subject:* [EXTERNAL] [scim] Thoughts on the SCIM Cursor Based Pagination

Some people who received this message don't often get email from deansaxe= Learn why this is important

Since IETF115 last month, I have had multiple conversations regarding the
need for a cursor-based pagination mechanism in SCIM. The discussions were
driven by the challenges of using index-based pagination mechanisms with
large data sets. Through this work it has become clear to me that cursor-
based pagination is a significant improvement over the existing
index-based mechanism.
This is specifically called out in draft-peterson-scim-cursor-pagination-01
“Translating from an underlying cursor-based pagination pattern to the
index-based pagination defined in Section of [RFC7644] ultimately
requires the SCIM service provider to fully iterate the underlying cursor,
store the results, and then serve indexed pages from the stored results.
This task of "pagination translation" dramatically increases complexity and
memory requirements for implementing a SCIM Service Provider, and may be an
impediment to SCIM adoption for some applications and identity systems."

Beyond the implementation challenges posed by index-based pagination, cursor
-based pagination addresses the need for strong read consistency in SCIM.
Further, this gap is addressed in the draft by building upon the existing
primitives in the SCIM RFCs using RESTful APIs. The draft does not require
existing servers or clients to change their implementation if the current
patterns are sufficient. Servers that choose to enable cursor-based
pagination may continue to support an index-based method. Importantly, the
changes required in SCIM clients to enable support for the proposed cursor-
based pagination are narrowly scoped.

Recognizing that there is also support for an event-based model as proposed
in draft-ietf-scim-events-00
I want to be careful not to frame the discussion as an either-or
proposition. None of the proposed changes for cursor-based pagination detract
from the proposed event driven model. Instead, both models may be used by
implementers, if necessary to meet the implementers’ use cases.

Based on this, I propose that the working group focuses on adopting the
Internet-Draft for cursor-based pagination to meet the industry’s immediate
needs with minimal protocol changes, while continuing to develop the event-
based draft.

I invite other working group members to add their thoughts, as well.




*Dean H. Saxe, CIDPRO

Senior Security Engineer, AWS Identity Trust Team | Amazon Web Services

E: | M: 206-659-7293