[scim] Help needed on READ of single group GET /Groups/{id}
Ashok Dhakar <adhakar@vmware.com> Tue, 19 March 2019 17:29 UTC
Return-Path: <adhakar@vmware.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65BEB131577 for <scim@ietfa.amsl.com>; Tue, 19 Mar 2019 10:29:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=vmware.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9qHdzyq3gPGn for <scim@ietfa.amsl.com>; Tue, 19 Mar 2019 10:29:46 -0700 (PDT)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-eopbgr780087.outbound.protection.outlook.com [40.107.78.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F51113156A for <scim@ietf.org>; Tue, 19 Mar 2019 10:29:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vmware.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kq+jffY0+yp0xkq0BPmO5F1IWRls1DU3qucQK+W0poA=; b=ox6wqOPbXacsvNIrlK2kU6vkm3QA7JpWnLX586JNOlYs6Qql3hJyysIHoGxWB0om6F0Ai6cLD2BSzUwfNhuPP6RdsGy9qyNuStQAIVJHtSfdUhHxn5l/k2VsxOn03QIZV0o/7mBideeth6dmxKkZGcxZev/lHGkU8wAoKHOVj7g=
Received: from MWHPR05MB3454.namprd05.prod.outlook.com (10.174.248.29) by MWHPR05MB3469.namprd05.prod.outlook.com (10.174.248.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1709.11; Tue, 19 Mar 2019 17:29:23 +0000
Received: from MWHPR05MB3454.namprd05.prod.outlook.com ([fe80::9047:d296:91e3:2f55]) by MWHPR05MB3454.namprd05.prod.outlook.com ([fe80::9047:d296:91e3:2f55%6]) with mapi id 15.20.1709.015; Tue, 19 Mar 2019 17:29:23 +0000
From: Ashok Dhakar <adhakar@vmware.com>
To: "scim@ietf.org" <scim@ietf.org>
Thread-Topic: Help needed on READ of single group GET /Groups/{id}
Thread-Index: AQHU3nlLLKjV42iqX0eUpSkJ8R/krQ==
Date: Tue, 19 Mar 2019 17:29:23 +0000
Message-ID: <BF429830-CD9C-4639-8A76-39140FB7D2C9@vmware.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [66.170.99.1]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a89b15ae-5690-4bd5-1f6a-08d6ac906dc7
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:MWHPR05MB3469;
x-ms-traffictypediagnostic: MWHPR05MB3469:
x-ms-exchange-purlcount: 3
authentication-results: spf=none (sender IP is ) smtp.mailfrom=adhakar@vmware.com;
x-microsoft-antispam-prvs: <MWHPR05MB346954F4E9A9D72E7B5446B6DB400@MWHPR05MB3469.namprd05.prod.outlook.com>
x-forefront-prvs: 0981815F2F
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(376002)(346002)(366004)(136003)(396003)(189003)(199004)(71200400001)(53936002)(106356001)(6486002)(316002)(2351001)(2501003)(54896002)(5640700003)(86362001)(6436002)(6306002)(82746002)(236005)(6512007)(6916009)(68736007)(6116002)(3846002)(97736004)(5660300002)(256004)(14444005)(4743002)(66066001)(26005)(14454004)(9326002)(81156014)(7736002)(33656002)(186003)(606006)(25786009)(36756003)(2906002)(81166006)(486006)(478600001)(8936002)(99286004)(6506007)(105586002)(2616005)(83716004)(8676002)(102836004)(476003)(1730700003)(71190400001); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR05MB3469; H:MWHPR05MB3454.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: vmware.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: Q69RacSK2/Ghuy7Cv3+PWVdeEhP2YbxNYn+micRjfasUEfBsmiSnW9zAK9hknsuz23HWZfvD/7tjweymGL0/qiHFqDe8udm0kATA00AYb8pRn4qnAVmWNCpSriKvw6e8cLgXh2AFy1SBrd7Z6NK2Hl5YkM0uTmrp2Rsk6RB8QWAUndJuYL80P4xVeIl/Nq8Gk9guYD57/vGOJMnzyfT/8QKoD7xaS0byomT1jg+GnXxWQOWyJbGZVIiTDUrXOfvFOGNHDf2r8jwkwkFWM6CJfQdPmE1XxzgJ7ar9fOmzaEKPKziqW6Wu7bsELm7hv5IvBW+Z1IXOwbu5uqsRMAUacYe3RWGSPA7p1t/JDWruAC8J3qH2jr7ZyQosKvfvnFl5bVyUUWrfKk1rXZfxUwmtg+/sL3bXEnGsAyS3EsR4WG8=
Content-Type: multipart/alternative; boundary="_000_BF429830CD9C46398A7639140FB7D2C9vmwarecom_"
MIME-Version: 1.0
X-OriginatorOrg: vmware.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a89b15ae-5690-4bd5-1f6a-08d6ac906dc7
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Mar 2019 17:29:23.4176 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: b39138ca-3cee-4b4a-a4d6-cd83d9dd62f0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR05MB3469
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/YCcs_ZRWOo4HM8zxKbXlAi2Cpag>
Subject: [scim] Help needed on READ of single group GET /Groups/{id}
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Mar 2019 17:29:50 -0000
Hi Team,
The standard response defines the single group get result as
{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"],
"id":"e9e30dba-f08f-4109-8486-d5c6a331660a",
"displayName": "Tour Guides",
"members":[
{
"value": "2819c223-7f76-453a-919d-413861904646",
"$ref": "https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646",
"display": "Babs Jensen"
},
{
"value": "902c246b-6245-4190-8e05-00816be7344a",
"$ref": "https://example.com/v2/Users/902c246b-6245-4190-8e05-00816be7344a",
"display": "Mandy Pepperidge"
}
],
"meta": {
"resourceType": "Group",
"created": "2010-01-23T04:56:22Z",
"lastModified": "2011-05-13T04:42:34Z",
"version": "W\/\"3694e05e9dff592\"",
"location": "https://example.com/v2/Groups/e9e30dba-f08f-4109-8486-d5c6a331660a"
}
}
In our case we have group with 50k members, so every time SCIM call is being made to GET the group details by its /Groups/{Id}
We encounter performance problems as it ends up listing of all the members every time.
The problem becomes worse when we try to list of groups and each group contains 50k members. GET /Groups/{id}?count=20
As of now we are circumventing the problem by specifying the attributes as part of scim request /Groups/{id}?attributes=id,displayName.
Every time we do 3rd party integration with SCIM compliant adapters which is responsible for pushing the user information to our identity solutions this becomes as bottleneck,
as it requires code changes.
I was thinking to address this in the following way
1. Show only few members as part of /Groups/{id}
2. Provide another endpoint to fetch members with pagination support /Groups/{id}/members?count=100
I would like to know any better solutions to this problem or work in progress to address this so that I don’t implement the custom solution.
Regards,
Ashok
- [scim] Help needed on READ of single group GET /G… Ashok Dhakar