Re: [scim] Proposed resolution - root search optionality (ticket 42)

Kelly Grizzle <> Tue, 29 October 2013 21:28 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 25FAC11E8255 for <>; Tue, 29 Oct 2013 14:28:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.355
X-Spam-Status: No, score=-3.355 tagged_above=-999 required=5 tests=[AWL=0.243, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id P3kIK6ybFHMU for <>; Tue, 29 Oct 2013 14:28:06 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 4C5FE11E824C for <>; Tue, 29 Oct 2013 14:27:48 -0700 (PDT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.785.10; Tue, 29 Oct 2013 21:27:40 +0000
Received: from ([]) by ([]) with mapi id 15.00.0785.001; Tue, 29 Oct 2013 21:27:40 +0000
From: Kelly Grizzle <>
To: Leif Johansson <>, "" <>
Thread-Topic: [scim] Proposed resolution - root search optionality (ticket 42)
Thread-Index: AQHO1A4KOlaOMHv1bEK7+jWYZUqh2JoKlc8AgAFrRqCAACA+AIAAEP6g
Date: Tue, 29 Oct 2013 21:27:40 +0000
Message-ID: <>
References: <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-vipre-scanned: 25C7BFEB00593825C7C138
x-originating-ip: []
x-forefront-prvs: 0014E2CF50
x-forefront-antispam-report: SFV:NSPM; SFS:(199002)(189002)(24454002)(479174003)(377454003)(54316002)(56776001)(33646001)(74316001)(76482001)(16601075003)(83322001)(31966008)(19580395003)(56816003)(74502001)(16236675002)(76576001)(76796001)(74662001)(47446002)(87266001)(76786001)(83072001)(77096001)(19300405004)(47736001)(80976001)(49866001)(85306002)(59766001)(551544002)(53806001)(77982001)(54356001)(74876001)(81542001)(65816001)(80022001)(50986001)(47976001)(81816001)(15202345003)(79102001)(85806002)(51856001)(4396001)(74706001)(81686001)(81342001)(74366001)(19580405001)(63696002)(46102001)(69226001)(15975445006)(24736002); DIR:OUT; SFP:; SCL:1; SRVR:CO1PR04MB394;; CLIP:; FPR:; RD:InfoNoRecords; A:1; MX:1; LANG:en;
Content-Type: multipart/alternative; boundary="_000_50a1dc0195b04f7ab7cd1a6bcd1674fbCO1PR04MB393namprd04pro_"
MIME-Version: 1.0
Subject: Re: [scim] Proposed resolution - root search optionality (ticket 42)
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Simple Cloud Identity Management BOF <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 29 Oct 2013 21:28:10 -0000

Schema doc section 9 (Service Provider Configuration Schema) - add the following attribute between the filter and changePassword attributes:

   rootSearch  A complex type that specifies root search configuration options.

      supported  Boolean value specifying whether root search is supported.  REQUIRED.


From: [] On Behalf Of Leif Johansson
Sent: Tuesday, October 29, 2013 3:23 PM
Subject: Re: [scim] Proposed resolution - root search optionality (ticket 42)

On 10/29/2013 07:28 PM, Kelly Grizzle wrote:
I like the text, but think that we should also consider adding a ServiceProviderConfig property that says whether this is supported or not.
Propose text ?


From:<> [] On Behalf Of Anthony Nadalin
Sent: Monday, October 28, 2013 3:48 PM
To: Phil Hunt;<> WG
Subject: Re: [scim] Proposed resolution - root search optionality (ticket 42)


From:<> [] On Behalf Of Phil Hunt
Sent: Monday, October 28, 2013 11:47 AM
To:<> WG
Subject: [scim] Proposed resolution - root search optionality (ticket 42)

Proposed text. Replace section Query Endpoints with (ticket 42 - ): Query Enpoints

Resource Queries

A query MAY be performed against any specific resource endpoint or resource. For example:

  *   Resource (e.g. /Users/{userid}),
  *   Resource Type endpoint (e.g. /Users or /Groups)

Root Queries

A server MAY support queries at the server root (e.g. /) for the purpose of returning resources of more than one resource type.

A search against a server root indicates that ALL resources within the server SHALL be included subject to filtering. For example, a filter against 'meta.resourceType' could be used to restrict results to one or more specific resource types.

When processing search operations across endpoints that include more than one SCIM resource type (e.g. a search from the server root endpoint), filters MUST be processed in the same fashion as outlined in Section For filtered attributes that are not part of a particular resource type, the service provider SHALL treat the attribute as if there is no attribute value. For example, a presence or equality filter for an undefined attribute evaluates as FALSE.
Please confirm if you agree with this subtle change which makes root searches optional to the server.




scim mailing list<>