IETF Logo Mail Archive

Re: [scim] Call for adoption of draft-peterson-scim-cursor-pagination/

Phillip Hunt <phil.hunt@independentid.com> Wed, 11 January 2023 01:34 UTC

Return-Path: <phil.hunt@independentid.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B426C09A5A5 for <scim@ietfa.amsl.com>; Tue, 10 Jan 2023 17:34:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.692
X-Spam-Level:
X-Spam-Status: No, score=-1.692 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, TRACKER_ID=0.1, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=independentid-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fv4QxNe8DCA3 for <scim@ietfa.amsl.com>; Tue, 10 Jan 2023 17:34:20 -0800 (PST)
Received: from mail-pg1-x52e.google.com (mail-pg1-x52e.google.com [IPv6:2607:f8b0:4864:20::52e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30D02C09A5A4 for <scim@ietf.org>; Tue, 10 Jan 2023 17:34:20 -0800 (PST)
Received: by mail-pg1-x52e.google.com with SMTP id g68so8416498pgc.11 for <scim@ietf.org>; Tue, 10 Jan 2023 17:34:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=independentid-com.20210112.gappssmtp.com; s=20210112; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=WHFz8Ce/VuuSysMG27gR4hrh2nJ4YamazALweZ50kYo=; b=oSVqf97D7QlcsSUsHc6dCBVWbU5u1i6Zxfwh2nyJi3uDiQcIO1lAHvTsgySynmEMGe qnU85sppOirzh8nXLGqK66sUCvN1dcf8Btd1CEr5+NCqqhnnkx5bpdZr2s72AbS6y3lR +8/BSTHJ+zJBV2ixW4I463NrszLZTuyfNuVzt2y6slH1cwYphZ9jOnBqrudRhK7HnYqj jXyHi57PenlfjBJCHZiAv9fFRJvus+y1SR6zhsCI05+h8NIea+6RfCyWmUGkOWjj5tdz Ko0XMQms1+2rVk9olRI3rgqR7JQpAZBmy6DA/Lh1oCLzLb4UYIPmqNLMzf9v72i7nC8Y dXEw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=WHFz8Ce/VuuSysMG27gR4hrh2nJ4YamazALweZ50kYo=; b=6nEh8ueD7w2F+CH4nXC853ZZzUdDXF4SLnJjIdCmf/hu3qiwXpOOMhJbGFu9T7+yho HZklvctt7+gNNGMoSDWyQ3nfCpp85efC7DB5JTHRosEuiWDYxFwPMvLsNAa/aEsBGFcO Y4LKy9PqA94hGtjjISBlJPqvmUs1RbXN4Um/bCvwYaFTyXiPeVjY+ZB8HV8mO2hOMv1C rgFV8tndeevo20eD5cYHyvtr69N9YXzT6Bly+ji3r6NZg8a0kvtXQ5Ho4+NiLT2w4/Y6 gxBb2R4gMPgimQGnVKZO933+/k5Bs6gf+onoGmiui0dxsY+cEBXm0Z3Dt7E7Fm58hgnI 0/pg==
X-Gm-Message-State: AFqh2koDPj59JC5ub27FhwbY5GW5OGLNOL+j4REOcfo8H+tw1qsgTXR0 QHqZUYiTfBG+i0adl1gAQwufmzi+MjPwN/mKaOQ=
X-Google-Smtp-Source: AMrXdXumzTdpesVyTUjg70DLPYBBdGrdDpMkM1GrGU8f/P8mL2MpJJro/SEYaS5dMInmrplen6KKWw==
X-Received: by 2002:a05:6a00:a89:b0:583:4126:a09 with SMTP id b9-20020a056a000a8900b0058341260a09mr21459425pfl.21.1673400859331; Tue, 10 Jan 2023 17:34:19 -0800 (PST)
Received: from smtpclient.apple (node-1w7jr9plyoqwvt3y8llap0arz.ipv6.telus.net. [2001:569:540c:4900:f455:e7a5:1bb2:e78f]) by smtp.gmail.com with ESMTPSA id e2-20020aa798c2000000b00573eb4a9a66sm8727869pfm.2.2023.01.10.17.34.18 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 10 Jan 2023 17:34:18 -0800 (PST)
From: Phillip Hunt <phil.hunt@independentid.com>
Message-Id: <0FC7237C-23CF-4AB4-960F-79CFA9618EAA@independentid.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_B3DA14AA-1B42-497B-B6E1-6BA4F6FF059E"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.300.101.1.3\))
Date: Tue, 10 Jan 2023 17:34:06 -0800
In-Reply-To: <DM6PR00MB0890611471373482115D4D22F6F79@DM6PR00MB0890.namprd00.prod.outlook.com>
Cc: Mike Kiser <mike.kiser=40sailpoint.com@dmarc.ietf.org>, "Nancy Cam-Winget (ncamwing)" <ncamwing=40cisco.com@dmarc.ietf.org>, SCIM WG <scim@ietf.org>
To: Pamela Dingle <Pamela.Dingle=40microsoft.com@dmarc.ietf.org>
References: <BYAPR11MB2919181F5D18149B87BBB11ED6EB9@BYAPR11MB2919.namprd11.prod.outlook.com> <MWHPR04MB12647F93AB754D34AE4094458CF09@MWHPR04MB1264.namprd04.prod.outlook.com> <DM6PR00MB0890611471373482115D4D22F6F79@DM6PR00MB0890.namprd00.prod.outlook.com>
X-Mailer: Apple Mail (2.3731.300.101.1.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/W_m4GhCL8lRBkXGH_q4tJQqAj90>
Subject: Re: [scim] Call for adoption of draft-peterson-scim-cursor-pagination/
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jan 2023 01:34:24 -0000

I do not plan to implement the specification at this time due to limits in underlying NoSQL data stores. 

I have expressed most of these before, but I still have concerns:

* Amount of data transferred which each cycle could incur high data transfer/exfiltration costs and data exposure risks while transferring entire data sets on a repeating basis
* Currency - how often can an entire data set be downloaded using paging and keep systems close enough in sync.  In the past I had customers paging LDAP lasting over 48 hours to accomplish a sync cycle.  
* DoS - Despite some imporovement avoiding indexing, a number of server times will be unable to keep state of an entire data set for extended periods of time (e.g. minutes to hours) unless paging allows unreturned entties to keep changing.  This raises other challenges when using for synchronization.  In my experience this requires storying “copies” of information in some form. This means a relatively few number of clients could exhaust service provider resources very quickly leading to denial of service.  Does paging impose “locking” preventing a service provider from accepting changes while paging in progress?
* Last IETF meeting presenters indicated this spec requires additional “delta” processing capabilioties
* History:  This was tried before with LDAP VLV where replcation remained out of scope.  Many meta-directory implementations focused on bullk transfer sync tech.
* Utility:   There is no way to express information about how information changes or how many changes took place in an interval. 
* Mis-use:  I heard a number of cases where paging was to be used to bootstrap new or failed server nodes.  Is this really a good use?
* Databse mis-use:  Almost all examples from database vendors refer to paging a “small” set of rows for situations like user interface design
* Simplify:  For the planned use, I would expect it would be much simpler for SCIM Service Providers to allow clients to GET large data sets in exceess of the normal server result set limit.  Clients can download 100s of GB of data to disk very quickly these data.  That data then can hold state while the client processes it.
* Mis-read of RFC7644 size limit:  I have heard many say paging is needed to get around result set limits.  The RFCs currently state that paging cannot be used to override result set limits.  The results set is the result set whether you get it in pages or not.   The RFC does NOT require size limits. It only permits a service provider to limit.

Phillip Hunt
phil.hunt@independentid.com





> On Jan 1, 2023, at 4:08 PM, Pamela Dingle <Pamela.Dingle=40microsoft.com@dmarc.ietf.org> wrote:
> 
> Hi Nancy,
> 
> I support the adoption of the draft and am willing to be a reviewer.  
> From: scim <scim-bounces@ietf.org <mailto:scim-bounces@ietf.org>> on behalf of Mike Kiser <mike.kiser=40sailpoint.com@dmarc.ietf.org <mailto:mike.kiser=40sailpoint.com@dmarc.ietf.org>>
> Sent: Saturday, December 31, 2022 1:36 AM
> To: Nancy Cam-Winget (ncamwing) <ncamwing=40cisco.com@dmarc.ietf.org <mailto:ncamwing=40cisco.com@dmarc.ietf.org>>; SCIM WG <scim@ietf.org <mailto:scim@ietf.org>>
> Subject: [EXTERNAL] Re: [scim] Call for adoption of draft-peterson-scim-cursor-pagination/
>  
> Some people who received this message don't often get email from mike.kiser=40sailpoint.com@dmarc.ietf.org <mailto:mike.kiser=40sailpoint.com@dmarc.ietf.org>. Learn why this is important <https://aka.ms/LearnAboutSenderIdentification>	
> Nancy —
>  
> I support the draft and plan to implement it.
>  
> -Mike
>  
> Mike Kiser
> Director of Strategy and Standards
> SailPoint
>  
> From: scim <scim-bounces@ietf.org> on behalf of Nancy Cam-Winget (ncamwing) <ncamwing=40cisco.com@dmarc.ietf.org>
> Date: Wednesday, December 21, 2022 at 11:14
> To: SCIM WG <scim@ietf.org>
> Subject: [scim] Call for adoption of draft-peterson-scim-cursor-pagination/
> 
> Hello SCIMers, We have had discussions both over the email list and in our plenary and virtual sessions on the use of https: //datatracker. ietf. org/doc/draft-peterson-scim-cursor-pagination/ . The group has also adopted https: //datatracker. ietf. org/doc/draft-ietf-scim-events/
> ZjQcmQRYFpfptBannerStart
> This Message Is From an External Sender
> This message came from outside your organization.
> ZjQcmQRYFpfptBannerEnd
> Hello SCIMers,
>  
> We have had discussions both over the email list and in our plenary and virtual sessions on the use of
> https://datatracker.ietf.org/doc/draft-peterson-scim-cursor-pagination/ <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-peterson-scim-cursor-pagination%2F__%3B!!MsNKLpFGsw!K8MPsjQxR3mfU34ULpWq9r_41ejdJhgzYY7VBb53zg2TP4qaGHLEfSSjCLY3_enw_aJ4H9j0tP2Yi2iiL9N_syG8WvxEQr3KOg%24&data=05%7C01%7Cpamela.dingle%40microsoft.com%7Cfb724dd3f6d04d061b3408daea7b9580%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638080113926048537%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=uvS8yvPpf2NJy5yJUY%2BPba4NfdMXAAWfLjk0piaNdXw%3D&reserved=0>   .  The group has also adopted
> https://datatracker.ietf.org/doc/draft-ietf-scim-events/ <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-scim-events%2F__%3B!!MsNKLpFGsw!K8MPsjQxR3mfU34ULpWq9r_41ejdJhgzYY7VBb53zg2TP4qaGHLEfSSjCLY3_enw_aJ4H9j0tP2Yi2iiL9N_syG8WvwBkegq8A%24&data=05%7C01%7Cpamela.dingle%40microsoft.com%7Cfb724dd3f6d04d061b3408daea7b9580%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638080113926048537%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=dJVXrW4zBB68KEU7yxkv52tJa6I1Hd1GP7xMr4ikNM4%3D&reserved=0>  and there was broad acceptance that both may
> be needed to address different use cases.  These scenarios and use cases should be captured at least in the
> use cases draft.
>  
> To that extent, we are doing an adoption call for draft-peterson-scim-cursor-pagination/
>  
> Please respond to this thread on the following:
>  
>   1.  You have read the draft and believe it is ready to be adopted by the working group. Any other feedback on the content of the draft is welcomed too.
>   2.  You are willing to be a reviewer of the document
>   3.  You support the draft and plan to implement
>   4.  You support the draft but have no time or plans to implement now, but can provide feedback
>   5.  You do not support the working group adopt the draft and provide rationale and feedback for why
>  
> Please provide your feedback by January 16 (extending given the holiday break).
>  
> Happy Holidays!
>  
> Best, Nancy 
> (on behalf of both SCIM chairs)
>  
>  
> _______________________________________________
> scim mailing list
> scim@ietf.org
> https://www.ietf.org/mailman/listinfo/scim

v2.23.0 | Report a Bug | By Email