Re: [scim] [EXTERNAL] Thoughts on the SCIM Cursor Based Pagination draft

Pamela Dingle <Pamela.Dingle@microsoft.com> Tue, 06 December 2022 05:27 UTC

Return-Path: <Pamela.Dingle@microsoft.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66AFFC14CF10 for <scim@ietfa.amsl.com>; Mon, 5 Dec 2022 21:27:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LqIJanMGWkGP for <scim@ietfa.amsl.com>; Mon, 5 Dec 2022 21:27:34 -0800 (PST)
Received: from BN6PR00CU002-vft-obe.outbound.protection.outlook.com (mail-eastus2azlp170110002.outbound.protection.outlook.com [IPv6:2a01:111:f403:c110::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50790C14CF19 for <scim@ietf.org>; Mon, 5 Dec 2022 21:27:34 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OKIc46eV7vSlITtWqeX8XfOIm824rOe8l9YQ1W8MLV75mXG521cZc1hHxyIxDxUIoiENFeDlJlgy/na4N2L0gzYK7pymFCw6D3taJYdAdKuRiAJzYhvnVdjymJ7p6X84eCUKYP3R5JLZ9m9Ewp/eTGUbO29RoE9VtlTz/pTdPwB0aQ7icjqJfJXTedGwdupRr0/eEYg5DZHkhTIrkkFUfHd5aiQrmaL0Rga6aq/0oBdIr2Y7IExxeAM9qrDr9kkbUGLhhiTdH2uGsCyWZqhhL8BolGcpXxrasNVC6MXYNbX6K/nflr1hJ6ruT0cUb8KNK20a8RaYBs+PKYEVTu8D8g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=45y8B97985ngjIUvunQ1Nt7n8ye8XNsIXWaRONIrXQk=; b=mFoEacRP5orOSdcIbMfY/ZJqMMMo8rTV/xRyVmeCCeJCdh//TCktsYrL4WsdDyIA4CjcFvs+cXJ5qSh4u/C+ZrUzbY6K36O+NeQFLbaxWEjpnxht9XJNadxgVvZDC3OVWEJJWTDL74To8EKwxizDhM8U4Ipi+fygKJvB5sf1lK31aujpC0P+zvss09reApH5WHMwTDSu9gG7SSR3zejYZq6r0GFGD9dJDzH0aBHNX0RQS2hvtaTWCRk8Ot1YJ/P5JiEZw9Xu2542ZQct+bgbebMi3w1HfEj1fyOyoVFZ6zo9GjRVMDq4KXVqRyfvJW7PLFUnQa5i3ZBR6y8zi7xSRQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=45y8B97985ngjIUvunQ1Nt7n8ye8XNsIXWaRONIrXQk=; b=PhtA5PJZ8/aKlk3avqnDeBQxCs3I50g88DwTLpHBkpYg0VeNIJ+DbX+hTXO0yqPMonvv36D4asR9h4dTqOD2Ur5sU+Owhgt/V665DC7IJsJxa89OJccbFBZsPVB4fGXobFDf9R4dMIlNnE0QC99VkQakwD65U7pEK59R9ZNaXng=
Received: from BYAPR00MB0885.namprd00.prod.outlook.com (2603:10b6:a03:104::32) by PH7PR00MB1567.namprd00.prod.outlook.com (2603:10b6:510:20f::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5893.0; Tue, 6 Dec 2022 05:27:28 +0000
Received: from BYAPR00MB0885.namprd00.prod.outlook.com ([fe80::d149:76bf:382d:bac8]) by BYAPR00MB0885.namprd00.prod.outlook.com ([fe80::d149:76bf:382d:bac8%7]) with mapi id 15.20.5936.000; Tue, 6 Dec 2022 05:27:27 +0000
From: Pamela Dingle <Pamela.Dingle@microsoft.com>
To: "Saxe, Dean" <deansaxe=40amazon.com@dmarc.ietf.org>, "scim@ietf.org" <scim@ietf.org>
Thread-Topic: [EXTERNAL] [scim] Thoughts on the SCIM Cursor Based Pagination draft
Thread-Index: AQHZCPAkQkacmWo1LEqi8+bno98wpa5gSuvu
Date: Tue, 06 Dec 2022 05:27:27 +0000
Message-ID: <BYAPR00MB08853AC9550AAEED0BCDE024F61B9@BYAPR00MB0885.namprd00.prod.outlook.com>
References: <1F3577A4-58B3-459C-9A75-010C772C382E@amazon.com>
In-Reply-To: <1F3577A4-58B3-459C-9A75-010C772C382E@amazon.com>
Accept-Language: en-US
Content-Language: en-US
X-Hashtags: #NewslettersPlus
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2022-12-06T05:27:25.197Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BYAPR00MB0885:EE_|PH7PR00MB1567:EE_
x-ms-office365-filtering-correlation-id: 740cf6d9-b1cb-44fa-f021-08dad74a906e
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: MdLHhVlGbmwNcZ/Ftpi/pd54a7Ifnr2sigAvltHwf/S7M/i83ZTF8yswXivqrDkGM55r0JPTmEPExNI6mgEFU0NUayMVolkiJU9yeVUujYqwwETUXzHn1/0ORQnePClgh+Pq/unL4Bmkx+u+eQP+UgZW4QzcMmDEvTdA+5+BOQSrMSG7uqBl2fxfBnahnxi0HOjCLHZFhXqXpCMm10ka4GS6t9YVedwuWylMdTpjWWwHZHJItwGRlgNMN6l8bLTYLOq4HKpk34szRW2X09dPnhEUKgyOw6Q5NmL3Rikv9QLUfantfbYEg9Mp3C5K1gaOCSsd2ryFrcxeNw9iFllNzVXhv1UOU/Lxtjgz7e8gxmUqqfAf3xH74EearxcStkpR5JFfc/cgfaE5i5RDlm3CovsAbeyEyPCBDVgogUAvABUnU5swAdwowgwUIYHwQTzPib4lwH86xiLcFMdO9o38hvN4V5w0ZRLKfBT6e+5OoHNSRBcyYeyok2FRvdBwbU5URtrxeDUl6vlPDyEuMY2vnZXI0cahdnapZQBR64yG8mUTjUX/6erEy8CtkTuGCRBFdOm78fDP4fYR2V2sdUhiDR1EN0IvF+/tzSHlbyllBKkBSziamtY2UIVewQf6xd5g17SoEMxx/rwF1QSWICyxt6oUXvf8pJ+X4iHtZ43DV/Ex4E/33JadCEdiwQ7VHlcwIqGLfJyZOJnGnh94NjgcU1WvGZ5w5zfEa4X47/9OKIOEzuF7qSQ6QkM6nGRM2mRapgOzYpqLLdZgOPsNnaFi/xcy9JWdF/Zb7E1wTRCBlTh47bhFfWENuuiqjC0WXDfr
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR00MB0885.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(136003)(376002)(346002)(366004)(39860400002)(396003)(451199015)(6506007)(53546011)(83380400001)(7696005)(71200400001)(38070700005)(2906002)(19627235002)(316002)(66556008)(66476007)(8676002)(64756008)(66446008)(33656002)(76116006)(66946007)(55016003)(40140700001)(8936002)(186003)(10290500003)(66574015)(86362001)(5660300002)(110136005)(26005)(41300700001)(9686003)(52536014)(19627405001)(122000001)(8990500004)(478600001)(166002)(82960400001)(82950400001)(38100700002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: fpwcnOweYf7KyFI73AfLsb4wMcVK1Tk58WzGLmlaYAOCEczqNwL5sqn8EwNNQVBd1Pe+AKBGbqIpRvqqD+bKPRYXhEvcl9/UREQ/TEjcn9a/5MRFAwoK7BlpHMmTweagirW4ylwk6GxqJAV3dNISvymYntx9A83SuR7mtbCQ3UEOQFJgCY9se2BSrF1/lk2hsvQ4u8n20uFgyIl+G5gha0sJ0+uvvh620BDeC6c37gXnodfV9v8p5sw0hgE9mtkMtQcqZkObdv+ISEeVR6Dt25p7a4rVbBv31NCFhq9pTQCtrpw+6Xbj/bPmKWLwqiNW3TMiPaw3yBlRYPi3JtaZDKdUF4ddrn4dhCyNf+zhP55/o8VTzqglP6Zply6V+zT+3jbMVB8mQZcKQscaTTbtkGedET07QyZ4aob4SIIS3RECZ5UQt6ez745/a94ukb6ZkpFm3qNLpQboVPo1kDrL0RrQVj/+c+9E3QoGqeOr+/qrNXuniLt2x5Ui6CVwVArcjSmAYgcorVAj6tHCwg7hR0wQexKvQtXohO6a9T3t/zzyQ2eM8/AQZxn9tYIM4Ptgh/RhbYsYLfWFnaSHneUnR8OIenX+x4qaXPAF54OUQprJ4Oc0AcfgfrYAHX/YoMA7jjgyc/GfmcKRkoRGVugZzwSJ9v8yGUe4MuEdzAkiekBoto6eguYRaPn03yxvzNaB/nsQ3yeaX6Bp1musjeN8bg0ijvcme5IVlcH5qkcJB2Lnun1Zwdhre1nhrOnBKykFhidLyqYIRcHni+KaCoKxPEiKcfCejyUdoAfFyIbj5SANi33OZRG0Q3TxFDaPZukeZZD8ecOlsl0ttVCm0+VDExkn7llw+3WEinDQ2kEC43o7DkYV1tnzzyByZONlQjSqyU+kUGZwHBZm1Vnf1DPWczc2CmIw68Edpjb7RMx+X6XveaFoY+kVpYI0ZcL52gydw4tsABFXQquqnsUWu4ud/c1F9WHVz5nv79iv8S0icRXVAHC2WghPXf5syUE1D65T9u0gqkog1fK3nSlrSTEJ2SC4fXe9/oU8re761BdiKPeH6lGYppeQ9T7+u+2vjWbdRUjJ+qfbQxnhPDuyjwj6e9CjTvHyW4j9t4YHKcxWh1BMRSds2acaFFVf/Z6EcI6OnrdkZthfNXEIdBwbh/YV1iR/J0zTzJMaVsh37p8YFM0lG/p4Q8AQiFH0xcXzZ/iRT7dzJYXmRT5ijHedRmJm+Pg39/QxU3K667CfFFDE4wfmexL15MbwRGKN+XAA4tyv1/CjAgw2sYkLx38kVpbM8CEWmeKZvWTaPQEb3+JWjjHg0mKJ7R0zovi/VsDqFFVJuvASGhiIneKq2Wje8N5wgFZs8mGptQQcbZV78RGcwKmPPYGQikTQzbvvEalgLdprGrUcZkTCkKRJAIqleTRSZhht4QuHEeGPLUVsIMJ6P7uprgvfq4UhXkScbR3VUBlVIkf2gexzbrx8ar6DiP0i71/g3LkkNrCwQQiD4kKWOQJfboXd3heRp4Z169qWPQDfNs8xj+ELAKVW77npb/pMdVDIJCN5TFzgv84iBUkzp/PlmXItHwV5PgvNxYKOCK+l
Content-Type: multipart/alternative; boundary="_000_BYAPR00MB08853AC9550AAEED0BCDE024F61B9BYAPR00MB0885namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR00MB0885.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 740cf6d9-b1cb-44fa-f021-08dad74a906e
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Dec 2022 05:27:27.6888 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 2UaqVHLT4wfd20HoxQg77mR098AW7ihc6rY5ORxyBHNmox1tEV0a3EbN2bv6X/gNwgGa0tkIw41eBcGMrPYAQw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR00MB1567
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/eLoXmCxtGPWvR23bKyFqBo2vyGM>
Subject: Re: [scim] [EXTERNAL] Thoughts on the SCIM Cursor Based Pagination draft
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Dec 2022 05:27:39 -0000

I too am in support of WG adoption of the cursor-based pagination draft.

This group has done a great job of examining alternatives, we have dedicated a lot of time to the topic and at this point, I believe Nancy and Aaron will be able to identify sufficient interest in both editorship and in review/implementation participants to let us get this draft formally into the process.  We may not have all the details right yet, but that's ok, we aren't voting to finalize the draft, only to begin work. And as Dean noted, there is no reason why both the cursor-based and the event-based drafts can't be worked on at the same time.

Looking forward to chatting tomorrow in the interim meeting!

Cheers,

Pam
________________________________
From: scim <scim-bounces@ietf.org> on behalf of Saxe, Dean <deansaxe=40amazon.com@dmarc.ietf.org>
Sent: Tuesday, December 6, 2022 7:25 AM
To: scim@ietf.org <scim@ietf.org>
Subject: [EXTERNAL] [scim] Thoughts on the SCIM Cursor Based Pagination draft

Some people who received this message don't often get email from deansaxe=40amazon.com@dmarc.ietf.org. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification>

Since IETF115 last month, I have had multiple conversations regarding the need for a cursor-based pagination mechanism in SCIM. The discussions were driven by the challenges of using index-based pagination mechanisms with large data sets. Through this work it has become clear to me that cursor-based pagination is a significant improvement over the existing index-based mechanism. This is specifically called out in draft-peterson-scim-cursor-pagination-01<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-peterson-scim-cursor-pagination%2F&data=05%7C01%7Cpamela.dingle%40microsoft.com%7C13033f2d54a447283a1808dad7074dc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638058723706186540%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ClzbHcPxmClZs407p%2B1MBM7BqFbcnQWfUiE6dawoHp8%3D&reserved=0>: “Translating from an underlying cursor-based pagination pattern to the index-based pagination defined in Section 3.4.2.4 of [RFC7644] ultimately requires the SCIM service provider to fully iterate the underlying cursor, store the results, and then serve indexed pages from the stored results. This task of "pagination translation" dramatically increases complexity and memory requirements for implementing a SCIM Service Provider, and may be an impediment to SCIM adoption for some applications and identity systems."



Beyond the implementation challenges posed by index-based pagination, cursor-based pagination addresses the need for strong read consistency in SCIM.  Further, this gap is addressed in the draft by building upon the existing primitives in the SCIM RFCs using RESTful APIs. The draft does not require existing servers or clients to change their implementation if the current patterns are sufficient. Servers that choose to enable cursor-based pagination may continue to support an index-based method. Importantly, the changes required in SCIM clients to enable support for the proposed cursor-based pagination are narrowly scoped.



Recognizing that there is also support for an event-based model as proposed in draft-ietf-scim-events-00<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-scim-events%2F00%2F&data=05%7C01%7Cpamela.dingle%40microsoft.com%7C13033f2d54a447283a1808dad7074dc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638058723706342797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=eotK90BZXXIzaRnaHnVPEaKvjbJgUEAr4rjTWINYovg%3D&reserved=0>, I want to be careful not to frame the discussion as an either-or proposition. None of the proposed changes for cursor-based pagination detract from the proposed event driven model. Instead, both models may be used by implementers, if necessary to meet the implementers’ use cases.



Based on this, I propose that the working group focuses on adopting the Internet-Draft for cursor-based pagination to meet the industry’s immediate needs with minimal protocol changes, while continuing to develop the event-based draft.



I invite other working group members to add their thoughts, as well.



Respectfully,

-dhs



--

Dean H. Saxe, CIDPRO<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fidpro.org%2Fcidpro%2F&data=05%7C01%7Cpamela.dingle%40microsoft.com%7C13033f2d54a447283a1808dad7074dc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638058723706342797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=hXvkl8CdbDXDb0%2F9tvDsRcbZbMvb8%2FgTF5Y%2Fsv0z3rc%3D&reserved=0> (he/him)

Senior Security Engineer, AWS Identity Trust Team | Amazon Web Services (AWS)

E: deansaxe@amazon.com<mailto:deansaxe@amazon.com> | M: 206-659-7293<tel:206-659-7293>