Re: [scim] Request for Input
Samuel Erdtman <samuel@erdtman.se> Sun, 31 March 2013 18:47 UTC
Return-Path: <samuel@erdtman.se>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98D2421F8518 for <scim@ietfa.amsl.com>; Sun, 31 Mar 2013 11:47:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.3
X-Spam-Level:
X-Spam-Status: No, score=0.3 tagged_above=-999 required=5 tests=[HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jwaRe2ybAwbY for <scim@ietfa.amsl.com>; Sun, 31 Mar 2013 11:47:44 -0700 (PDT)
Received: from mail-ea0-x22b.google.com (mail-ea0-x22b.google.com [IPv6:2a00:1450:4013:c01::22b]) by ietfa.amsl.com (Postfix) with ESMTP id CFCF721F8498 for <scim@ietf.org>; Sun, 31 Mar 2013 11:47:40 -0700 (PDT)
Received: by mail-ea0-f171.google.com with SMTP id b15so814599eae.2 for <scim@ietf.org>; Sun, 31 Mar 2013 11:47:39 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:references:from:mime-version:in-reply-to:date:message-id :subject:to:cc:content-type:x-gm-message-state; bh=a5blhIbMm4UlCw+oLsKD2h0S7j/QioysGVdMgl+2jiI=; b=hECE8Medgnjx1dGmQc+tGnNNLG7WzYXYvhhKgwK8blg4+Xn67MnM/App4BrQiCVHPf 8sya/c73TEkEvNNpfww6pjgRPbefWxldi9S1nP1N3ueediD4A8+Nyr4/uhUsg0K9lo7F Kxc92xmRi5j+sLb4AA/EC6J311KcbyrdJblKHrlz2OFa/wvxlpO8S1PnqvDavlTuQeeV 2vHQPSYpgjsOhZsxmMuPCaaogf3GwgXFRzeqYJ5BaJVe6jVWoHqqzz+6luwW3kuOaHaq lllRCMjzaRHDm42Z5lzHIh4r4YxNAqK7VssbjpVneNoPOJxKu8hJdtDzlOwpS2YSOqX3 5Rcg==
X-Received: by 10.14.175.71 with SMTP id y47mr29805127eel.18.1364755659382; Sun, 31 Mar 2013 11:47:39 -0700 (PDT)
References: <CAPx6tN5PwV=hwifdCj3JiOKLsYCQZdewHOh7voau7OLSm3FWvg@mail.gmail.com> <AAE9F872-F35E-4A73-8674-4A7AF6C0537B@oracle.com> <56C3C758F9D6534CA3778EAA1E0C34375C3ADF35@BLUPRD0412MB643.namprd04.prod.outlook.com> <E963C9E3-BC9D-4E54-A409-ABC0B1FC7D9E@nexussafe.com>
From: Samuel Erdtman <samuel@erdtman.se>
Mime-Version: 1.0 (1.0)
In-Reply-To: <E963C9E3-BC9D-4E54-A409-ABC0B1FC7D9E@nexussafe.com>
Date: Sun, 31 Mar 2013 20:47:37 +0200
Message-ID: <-2041779814984196830@unknownmsgid>
To: Erik Wahlström <erik.wahlstrom@nexussafe.com>
Content-Type: multipart/alternative; boundary="047d7b603e96489dd204d93cf018"
X-Gm-Message-State: ALoCoQkM+Q4FW8RQu+1U5W1CC1zaPIBs6rJpxLIRoeRR2aBTL/+lRc6LY8+p6ngec4K5B4/evN/+
Cc: "scim@ietf.org" <scim@ietf.org>, Phil Hunt <phil.hunt@oracle.com>, Alexandre Santos <asantos@pingidentity.com>, Kelly Grizzle <kelly.grizzle@sailpoint.com>
Subject: Re: [scim] Request for Input
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/scim>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Mar 2013 18:47:45 -0000
I would vote for the simplest solution that solves the problem, I think Kelly raises a point that makes PUT and DELETE harder to get as clean as in the examples I.e. there is no single unique id for most multivalued attributes, the value attribute could be the same for several attributes e.g. Same phone number could be used for both mobile and work then it is the combination value and type that makes it unique. (With the current discussion on not requiring global unique id's for the combined set group and user will have the same problem if not required unique) The solution might be to something like this: PUT /Groups/<group-Id>/<attribute>/ e.g. PUT /Groups/<group-Id>/members/ DELETE /Groups/<group-Id>/<attribute>/<type>/<value> e.g. DELETE /Groups/<group-Id>/members/User/<value> We could also allow replace in one operation by doing put to a uniquely identified attribute: PUT /Groups/<group-Id>/<attribute>/<type>/<value> e.g. PUT /Groups/<group-Id>/members/User/<value> In case we go for a solution like this I think that we also should simplify or remove PATCH operation. We could do singe attribute delete, add and update like this: PUT /Groups/<group-Id>/<attribute> (add or update attribute) PUT /Groups/<group-Id>/<attribute> (remove attribute) This has the disadvantage towards patch that you can only handle one attribute at the time or the full resource object. Finally I would like to remind everyone that we have had the discussion of adding an "unique" identifier to the attributes in a multivalued attribute and the strongest argument against was that it is not possible when putting SCIM on top of an existing data source. Sent from my iPhone On 28 mar 2013, at 18:54, "Erik Wahlström" <erik.wahlstrom@nexussafe.com> wrote: +1 Rather make patch mandatory before adding functionality to PUT and DELETE. Just for simplicity. / Erik On Mar 28, 2013, at 2:10 PM, Kelly Grizzle wrote: PATCH was added specifically to address the “changing membership of a large group” use case. The POST/DELETE to the members endpoint was considered when looking into PATCH, but unfortunately this does not work in the general case. Specifically, this only works if the list elements have a unique identifier, so it fell apart when trying to apply this to adding/removing addresses (which do not have a unique identifier). I’m not convinced that we need to add another mechanism to solve this use case, but I do agree that PATCH could be simplified. --Kelly *From:* scim-bounces@ietf.org [mailto:scim-bounces@ietf.org<scim-bounces@ietf.org> ] *On Behalf Of *Phil Hunt *Sent:* Wednesday, March 27, 2013 7:02 PM *To:* Alexandre Santos *Cc:* scim@ietf.org *Subject:* Re: [scim] Request for Input I think this may fit in with our discussion of adjusting PATCH to work better with multi-value and complex attributes (ticket 18). So far, we've been avoiding extended paths that go within the Resource entity (e.g. to address specific attributes). If you were to do the item below, I think you would have to add the attribute name to the path at the very least. PUT /Groups/<groupid>/members/Users/<userid> Still I think that may have problems if the member is actual a URL rather then a simple UUID. Phil @independentid www.independentid.com phil.hunt@oracle.com On 2013-03-27, at 4:01 PM, Alexandre Santos wrote: For groups with many users (>10k) it becomes problematic to do POSTs or PUTs. The only alternative would be PATCH. However PATCH is not mandatory. For this reason we would like to request your input for the following proposal: allow membership changes via PUT and DELETE. For this the PUT and DELETE commands would be in the format: PUT /Groups/<groupId>/user/<userId> - to add a user to a group DELETE /Groups/<groupId>/user/<userId> - to remove the user from the group Thank you, *Alexandre Santos* | Sr. Development Engineer *Ping**Identity* | www.pingidentity.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - *O:* 604.697.7056 *Email:* asantos@pingidentity.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - *Connect with Ping* Twitter: @pingidentity LinkedIn Group: Ping's Identity Cloud Facebook.com/pingidentitypage ** _______________________________________________ scim mailing list scim@ietf.org https://www.ietf.org/mailman/listinfo/scim _______________________________________________ scim mailing list scim@ietf.org https://www.ietf.org/mailman/listinfo/scim _______________________________________________ scim mailing list scim@ietf.org https://www.ietf.org/mailman/listinfo/scim
- Re: [scim] Request for Input Alexandre Santos
- [scim] Request for Input Alexandre Santos
- Re: [scim] Request for Input Anthony Nadalin
- Re: [scim] Request for Input Phil Hunt
- Re: [scim] Request for Input Kelly Grizzle
- Re: [scim] Request for Input Erik Wahlström
- Re: [scim] Request for Input Samuel Erdtman
- Re: [scim] Request for Input Phil Hunt