[scim] Re: Pagination Support for Multi-Valued Attributes in SCIM 2.0
Phillip Hunt <phil.hunt@independentid.com> Thu, 29 January 2026 17:58 UTC
Return-Path: <phil.hunt@independentid.com>
X-Original-To: scim@mail2.ietf.org
Delivered-To: scim@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id C5ED9AF0E4D2 for <scim@mail2.ietf.org>; Thu, 29 Jan 2026 09:58:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=independentid-com.20230601.gappssmtp.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id umQ2hRcP8miF for <scim@mail2.ietf.org>; Thu, 29 Jan 2026 09:58:41 -0800 (PST)
Received: from mail-pl1-x634.google.com (mail-pl1-x634.google.com [IPv6:2607:f8b0:4864:20::634]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id E1CB5AF0E4C8 for <scim@ietf.org>; Thu, 29 Jan 2026 09:58:41 -0800 (PST)
Received: by mail-pl1-x634.google.com with SMTP id d9443c01a7336-2a09d981507so9301545ad.1 for <scim@ietf.org>; Thu, 29 Jan 2026 09:58:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=independentid-com.20230601.gappssmtp.com; s=20230601; t=1769709521; x=1770314321; darn=ietf.org; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=61CwuQSjwz/8YnLmKd+oQZ+97wSdeqN/wAjC1iyOHwE=; b=a22Lsieqpiiw9LBDanSZjIioEJSQIzIYykXDJgTnPXj/+Tvp1mt2Acxi1TK+uzu/au JdCYM1epSIJi8B1AvHr/zuGbHgxVcTpSkyKPvM0yZZ0S1vSmq2T0GzRTh6Nd5CDKsJZ8 QkJfTxRI5sK/csqnvO3arsS6zpTHm95bYsvPfzOOMFaUaUeydlcjvpJP1r5VBURsYbyd JWqBatnHdPCmu0XJR9547eO3ZqpYKxYBnfuiZzAXxj5X5fc5VdIE1M1qQpPWoY8xRbIz H+QsHuPfrvWkxRqc6q2Sx8ME3GvGqWKVc/yN6e3DEmA17b3NLER6TfGjRC3ImkCuWP5i LUdw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769709521; x=1770314321; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=61CwuQSjwz/8YnLmKd+oQZ+97wSdeqN/wAjC1iyOHwE=; b=qmLzo3w1O+7yxMWg9zTvY29vN+u2NkmAAS84v7sZ2Lim8APAYpVxqT5/SzJk41qDTS NJiJiOmL7viWbwexbvuvE0A8CTh0bAyUmmeMYTcv+szQPz2uxxxAyo9YkU6WpOD8QGdG +TyID8O3STn+5Io+iSEUf9NzPsinLY1+eJcCOLb0UYARyUg737hcrcBQctIBO8wya2oX cMIRqXAknG6pDzXHnljR79tUZAbiJ9QTwu7jqIdS4XCJ4/q7pM0dptMNBcWxbBBUUwpX mS3Q0f6btgyCVUIPMGR7+dS5jyT0tF9a/LpJz60rctAE13kXyW96YuVM8s4ovzgq9EUF uEsQ==
X-Gm-Message-State: AOJu0YwF5/4eBrP/PsoWPOUAWEytfblw9/5N1syr3pDsL39cNgBxRiJE eJXlb6j97vozEJ8K430hEOIryxsKDGrP0YdiI6+kGSCJ+iP53OpiTWtUC3JssW2w6Oo=
X-Gm-Gg: AZuq6aJQhMGWq1ek0RxJFAW8SQu6M3pcW6gpWjA/BSNasj4szsjSf9rPQyUskT+/IDO os0MAiMr++0dr2Erj/vb1Bz7gbWXD6UF03NuBlJxafYzGQQyRicP8TfNXCALbLvXPVcFzUUi3pz eOWHqzvQW4EEC6OuH3WhQPockim1iPx/mEthvPzLNnxXmC5zhlR3ZhSyyf/sHLAkVPLwMkMwcm8 S0YHrFAz7atWH39Kd6VO+tiwYC37XI2379oC+AGL++Tv7MJd0RnwESazY8hSEDvXxKDdQ/e1OTE Gtq9WhJ8LN7md8kCBK02XrTLiUrio0jxKhtsDX8ho+Xu9rXnUyuhv3YLDmDqzk2uSNDFopYntjD auNQk8cj48rAAWjCkj1wfatSnxITkXriPIQ6FcVyLceZ2NfSbAYLx18IA8oONSla5ZNpeP6lP+W HhbTSTVIF6/SKpglALXKGhK3Lblz8yAXi2JVi/3jbl7PWIyAptR1Y=
X-Received: by 2002:a17:903:198e:b0:2a7:a9f4:9fb6 with SMTP id d9443c01a7336-2a8bd4eb169mr28847395ad.24.1769709520792; Thu, 29 Jan 2026 09:58:40 -0800 (PST)
Received: from smtpclient.apple ([2001:569:524e:200:c057:511b:7ade:879c]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-c64283710e1sm5566681a12.14.2026.01.29.09.58.39 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 29 Jan 2026 09:58:39 -0800 (PST)
From: Phillip Hunt <phil.hunt@independentid.com>
Message-Id: <BCA320D4-9E1D-4944-B2F7-26BE3B13B687@independentid.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_E5B51C74-B265-4441-848A-B3F4B52BF5D2"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3864.300.41.1.7\))
Date: Thu, 29 Jan 2026 09:58:28 -0800
In-Reply-To: <CAOoRr-OUq26BPbNM7EqyEgSUzDaNPuN-XyyAU+kQr9sZ-1u01A@mail.gmail.com>
To: Daniel Cormier <daniel.cormier+ietf@gmail.com>
References: <CAOoRr-OUq26BPbNM7EqyEgSUzDaNPuN-XyyAU+kQr9sZ-1u01A@mail.gmail.com>
X-Mailer: Apple Mail (2.3864.300.41.1.7)
Message-ID-Hash: YVWXV35UTJVTOKNMKNCRJHYCGT5JZMMS
X-Message-ID-Hash: YVWXV35UTJVTOKNMKNCRJHYCGT5JZMMS
X-MailFrom: phil.hunt@independentid.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-scim.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: scim@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [scim] Re: Pagination Support for Multi-Valued Attributes in SCIM 2.0
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/Q2Mib3IaLpCJ63ROy9e9yBX_Yck>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Owner: <mailto:scim-owner@ietf.org>
List-Post: <mailto:scim@ietf.org>
List-Subscribe: <mailto:scim-join@ietf.org>
List-Unsubscribe: <mailto:scim-leave@ietf.org>
There was a mult-value paging extension draft submitted back in 2019. https://datatracker.ietf.org/doc/draft-hunt-scim-mv-paging/ This was basically adding paging features to the filter query so that queries like the following become possible: > In the following example, all Groups are searched and only Groups > whose name starts with "Group" are selected. Additionally, the > members attribute values are filtered return only member values with > "type" equal to "groups" (as in sub-groups) returning only the first > 5 values using the attributes paging qualifying parameters. > GET /v2/Groups?filter=displayName sw 'Group'&attributes=*,members[type > eq \"Group\"&count=5&startIndex=1] The draft had the advantage of being backwards compatible and was relatively stateless. One note, it’s not clear, but the first example in the draft of retrieving only work emails is to show existing core SCIM functionality. The following example show how the extension of adding paging values, allows a client to ask for sub-sets of items. I think it was lost in the Covid shutdown that happened after. Cheers, Phil Hunt phil.hunt@independentid.com > On Jan 29, 2026, at 6:32 AM, Daniel Cormier <daniel.cormier+ietf@gmail.com> wrote: > > We've had the same problem getting groups with many members (some with >> 100k). For what it's worth, since it is an internal implementation, > we added a new endpoint: GET /Groups/{id}/members. Our flow was to > retrieve the group (GET /Groups/{id}) with its members excluded, then > paginate through GET /Group/{id}/members separately. It worked well > for our case. > > Some previous discussion around group member pagination: > > * <https://mailarchive.ietf.org/arch/msg/scim/YCcs_ZRWOo4HM8zxKbXlAi2Cpag/> > <-- Mentions the same solution we used > * <https://mailarchive.ietf.org/arch/msg/scim/67Bd0iotMoEx5rcjCUsHUzQzQGU/> > * <https://mailarchive.ietf.org/arch/msg/scim/txBFAJgcxb0mhIi1Bp0jaL6t2WU/> > > _______________________________________________ > scim mailing list -- scim@ietf.org > To unsubscribe send an email to scim-leave@ietf.org
- [scim] Re: Pagination Support for Multi-Valued At… Daniel Cormier
- [scim] Pagination Support for Multi-Valued Attrib… saurabh kushwaha
- [scim] Re: Pagination Support for Multi-Valued At… Phillip Hunt
- [scim] Re: Pagination Support for Multi-Valued At… Danny Zollner