Re: [scim] Queries on SCIM Cursor-based Pagination Draft
"Matt Peterson (mpeterso)" <Matt.Peterson@oneidentity.com> Tue, 08 February 2022 16:38 UTC
Return-Path: <Matt.Peterson@oneidentity.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FFF33A0B77 for <scim@ietfa.amsl.com>; Tue, 8 Feb 2022 08:38:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oneidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YR3IBFizzFgo for <scim@ietfa.amsl.com>; Tue, 8 Feb 2022 08:37:58 -0800 (PST)
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2097.outbound.protection.outlook.com [40.107.223.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B0813A08C3 for <scim@ietf.org>; Tue, 8 Feb 2022 08:37:58 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mDUGfvMdWNU8yXUheLrKIbj9OAjMi7N1yTijebSTL3kKJvGOWDYGbecOquOod7lQJYaQSIhBVufOVCtH6yD3tc4Q45pk7thMavHOlwvuoxp8bA5vroInkCNmPA3kugFkZ22LaxJg2ih0hSeEU+/25rD57eUmcqGH6Z+PPDaeqng/zzSMy275x6m/wOzct/0KXxhz5JpmLunDfbl18Yi+AhlbI7wxnjbMhR9wJ1Yq+zwlnS/aKMNQwr/qQiseLy/21KpKJqF0Uwv9vU0qGKc5qTe5j5VRUhDuHrk7zAtoIaFHOS3KUAizTYscIw3s2GoocvpCfNpRUqFaBCv3aa3WtA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=f1xlA+oasIggBqV40Se0SdSv9pEUsSiUzQmhiiiW2Q4=; b=FkkCg6j3iKytWhCmtKiCLhj9eocP9LfNMJptit/4UYLqcRtlYlZa6NhBqQhcGTn0YnMJOuP9zhrqmUTDhXHr1h5NfhbTXV7QI+bLrbTqtRRCxHNIXCj/Mj2lAmxz8g54VgsOtyw01jtBU81pMgd5wdgcfN6OLZS7T6NMg6PoPwGgC+Mh0Kwqcf+Rx8TdJMAGDR/HvHxdH0GPPOTzrtF2YFzobOOH6hpMjAHYOuV3z+m2l8NLkeFT3xTwifgFbLHNUsHCaXrOnSdLd972lGQll7Spwdq42HfanHBtljgueGE6S6GSes88p/Yf7HKQQxXubJ5BkwQCvk9+zFunH9sV/A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oneidentity.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=f1xlA+oasIggBqV40Se0SdSv9pEUsSiUzQmhiiiW2Q4=; b=ixBA3jANB67Km94Wgpp0MbeF3lHpEi7OcNN0Q4cGiXL7PjxzghSgLFXE1s2GdsWVsc61WzeTAFc6LcgYomZQbah6Y+5BROkAl6sFpE74HKhfG5Jrl0/BMpNNhvfqmUKGx9XQW3N+nyca9XZrs9Qu86wX9+8Y5morQaazyzIPhELkmp+8EFF7B3mdWiAyEBcUpFyfAIzZUZpz+/o+GIsrEj3vED2U1Z8cBLOmKG9oEAr0BjcuOGaLKTGbcZYP3lU4Np/SSw4N0k+Ra7wVdFoCMjIdjYAyI92ipKvOm5ARQVfMKxPlWpekK3sNvbP+nsXZrwyoeYGPXjcfgwEhgsJwNQ==
Received: from MWHPR19MB0957.namprd19.prod.outlook.com (2603:10b6:300:a4::16) by SA0PR19MB4588.namprd19.prod.outlook.com (2603:10b6:806:bc::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4951.19; Tue, 8 Feb 2022 16:37:54 +0000
Received: from MWHPR19MB0957.namprd19.prod.outlook.com ([fe80::521:4f8c:2ac6:e493]) by MWHPR19MB0957.namprd19.prod.outlook.com ([fe80::521:4f8c:2ac6:e493%11]) with mapi id 15.20.4951.018; Tue, 8 Feb 2022 16:37:54 +0000
From: "Matt Peterson (mpeterso)" <Matt.Peterson@oneidentity.com>
To: Anuradha Karunarathna <anuradha199528@gmail.com>, "scim@ietf.org" <scim@ietf.org>
Thread-Topic: [scim] Queries on SCIM Cursor-based Pagination Draft
Thread-Index: AQHYHD8qLOn5QU1tSUmdtJ1TwT9SgqyJ0Yfg
Date: Tue, 08 Feb 2022 16:37:53 +0000
Message-ID: <MWHPR19MB095729F6C69FE4D4C0D5ACCDE12D9@MWHPR19MB0957.namprd19.prod.outlook.com>
References: <CA+OkT=9V-+b7nR=MEovu8r620vPwP_2y5Pprv-YW-8QiXGCLKg@mail.gmail.com>
In-Reply-To: <CA+OkT=9V-+b7nR=MEovu8r620vPwP_2y5Pprv-YW-8QiXGCLKg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=oneidentity.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c3edff07-aa91-4edb-0b68-08d9eb215ad9
x-ms-traffictypediagnostic: SA0PR19MB4588:EE_
x-microsoft-antispam-prvs: <SA0PR19MB458800A161E85868AAF6F66BE12D9@SA0PR19MB4588.namprd19.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6430;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: dQep/IwUYs02N+KSxeQBiB44QHJDOBZL8jUebqfxG1g89B2dbRjkCbxW/YQbVpNih2NId4TzLMjmTZ3+0ittvyg+dZLhDAomwsjsUSysgcwhLEi7CWHNebWh6AmRPX2GilNZaKBeo7lL8z7hg8WiwU55W3wRra5ezA0OSNAvxc2jIWjGYJE0pIHT6ObgPrjBcnZ0aW4ZEltPg07CZNvNTE057mbCK5DfFmHSePqhHp8cPJq4gA109oWaSaYt8UFO0Vzaxl5hit5iKVxYcqQH3poPrmd/zXVby5QJCnaYbsw95qVoKOcUDikHLvATJZCNyPkqN2bPuKN/7oJ56MeddY8gktV1McC8POEtxBZfsuiov6OsIn3uST7PotVfBfttMbviPSSrel2qF8r+Q1M39ky2ND1BgLjhEzdyvaerNTmTAzEVVNZJKxQxo+wTX5wcf4txoaxH+IbBdT2y1gWVq7tHP1Eszb9vGg09EjgGuya9xJjrttfDidvEKv/8jTAcO2XD0uvAxBxefXRlct211C44Lrurv5daF73NbxWA/1PnJGRU/tsI1J/OoGuTdpturRgaLGOHO4G6ZYFVJELWxlWb6iDvuJmi/l9aTkiH/mG0nRD2Qqk2NRSf7s4BXfHJ3CbfZQ7yxyDWzI6yqq69h69/gHTXv37hdHuVrXrqwV8gpjTn2YOrfU2UtI0way5c9NfVxn+Whp5DYCKBVr93youj3OTepPd5eh2uU5eexk+L3ySEeTtPVN64OvSlrQIk+I4TLkXxI8UT4ExN27s6Hd9Y/c9SpsiGx5/9OR065yc=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MWHPR19MB0957.namprd19.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(122000001)(2906002)(38100700002)(166002)(5660300002)(52536014)(76116006)(53546011)(86362001)(71200400001)(83380400001)(66446008)(64756008)(9686003)(66476007)(8936002)(66556008)(66946007)(55016003)(8676002)(6506007)(316002)(110136005)(508600001)(966005)(7696005)(26005)(33656002)(186003)(38070700005)(579004); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 4K8yHB25XHF6A9i+lIEfVS9ybI/yVhNPRPff4r7yKkXPyet2mzJ57Cv2FzRNIZz3b0cvIHXZ4w2+v8+Fwmpy8XEltHsw4YHfubKYUAjw5aYy/PeVEp3rRKjW6UqlbkrXEb27A/xnST9MWj/l7Jh3Hfp0OHF6VnfI2j77GmxT3Cv5dVAYcg5CItVJwME9ZxaalhYtfzqTfXT0b6Thmr3oQfL1nyoaRl5DlSGeyYBrFy38AtKPHJtYKbESlmASHfy8RCKN4umscDbO/7OBKdY83T3L0dZNP/p9LKONZmn3eBV5ZLSFayNOX/TZYhv0BB4riE8KSZw9TCMh5pbEQ1aV5KVdzJ4vnoOR//fRQwYqvIRq2dCywv7B0DRIX/gjChWoV3d9X9YnweF56WqT0Scf12MxDb0+XlwJui/k4EZNooKD7qWgw8EfQP4AGod8BycE6Xj1hbWSklf0Cb1N6OtULhNt0rLkWi4pTOrV7KFB/mVWaMGbgmRJVCP/0k6297o3h0nxhPFz3Rp7uG0XEv0WH9RraqylilAB7V/DjTzF1Q1oBoPb9rg5bAGUlm84CrISLD8KsUiv68Mxty1kThCs456LumuNGMOiLlgHlzXigHlP8X2J8V/CY1go90bHwU8iR0J2l4Ut/oDYyv+sQ2nYZclKUFv7YsCbmZ7KR+cEoD6+rXKsKY0/e1nf8h7cnHVh07WicTB6a0m+KstfiJPi8yJtdmc3DOmRd0227i+xk3kiS/AeB4sacXZY4ufJdPr9BRkncGIkWTZAnc/4TyqWoxRSoPj2Ae2+Njp1uy1FmLY+BF+cFyYuT0QvhbYz7I0EoAjgJSXI0O57JNo1ysMWniWCLeygMNGOcZeg5wUNa7GZuDeVjVOl+uNVwkINOv7GIhpIcGdFKRowdhPoLnVP8Lw7Jne1dAwzn/Rlkd4MFHTS8HFEdHqnG6WPkaXIlpTP7yA0wR9yojAMrwnNHRvCYYZMS+1ATEgm0Bf6Svt/5mfbx7IM5UnQM3S5mt0CRjST4b5BgjLiURC7Gd++yBpmgAZOKFBO78giPq3hWiG53JMbJhgeIRjvUSJgKDcd54JOQNAQUVF3o4FOhO2c11CpWtCf/fFqsve5h3jnPeL0SoNjHRDRuNBQdajU+OlQfwoF7jghfArEIKCBIjOeYUdNX7/95wAH67ooYeAydocuZ8AE4yRW9F75PvDrhap3QBCpjhY0qjC+Qry+XHyxUj4c0Gh9DLt1MjUUMn+DYRZisRF7xhM4pob6aKR808F0ovhREkClXEDQkLGRUdTfIlzd385NutiBzjtHmLHtTyBFEftg8AkfH1uCAhRfUAHIfpoOg+uilw3YB4lA0uRx+j9NSUdwhRHKe0DIYgGraTD4ovF0SyRmrgeRBBXRHGkVELXsmTzNuCjkKcYiDCiHo8UrS98nwAVt01VaawzXtLIhFBTsjX2oOJ+rbZm8f2rr7KNkATpW3pR1tgM4NkpE/Z37FSodl2tUjXhuBPRPxhOE6LOr0EmhSHQ76/O3FBRiYkltozapvrXitGBo7MjYnrCe14xYJXTy0UkMerO6nIMfF6psoJfNAm8jHrDb6O+9n1v5NdH0jd126oi+VErOkbZt4Q==
Content-Type: multipart/alternative; boundary="_000_MWHPR19MB095729F6C69FE4D4C0D5ACCDE12D9MWHPR19MB0957namp_"
MIME-Version: 1.0
X-OriginatorOrg: oneidentity.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MWHPR19MB0957.namprd19.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c3edff07-aa91-4edb-0b68-08d9eb215ad9
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Feb 2022 16:37:53.9163 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 91c369b5-1c9e-439c-989c-1867ec606603
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1diLRqMHv/X9xGbuzj0kQ1XS4sl6n9wjuAryV24bGdX/fHTMwC0arb2FfKcdXJFDg5OIF+NMKEDF7bYwf8589w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR19MB4588
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/h8z0a_uIrvKLlTzxbi-jHiH80zI>
Subject: Re: [scim] Queries on SCIM Cursor-based Pagination Draft
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Feb 2022 16:38:03 -0000
Anurada, Thank you for the feedback on SCIM Cursor-based Pagination Draft. You asked: "No explanation on backward traversal (traverse to the previous page result set)" I agree. The draft could describe more clearly the use of previousCursor (when supported). Would the following rewording of the cursor query parameter be clearer? cursor - To request the next page, pass the nextCursor value from the current result page. For the previous page, pass the previousCursor from the current result page. The cursor parameter SHOULD be omitted for the first request of a paginated query. You asked: "As per the following paragraph in the introduction, is the cursor-based pagination supported only when all resources are fetched from the server?" Not only is filtering an OPTIONAL capability,for service providers, it is also a very common for SCIM clients to not to use a query filter in order to intentionally to retrieve all resources. Therefore, pagination of results (more so than filtering) is a primary scalability mechanism for SCIM service providers. No, cursor-based pagination should be supported for filtered and unfiltered requests. This paragraph in the introduction was intended to counter the opinion that high performance pagination would not be needed if clients would constrain queries with filter. In a future version of this draft, I would omit this paragraph as there is less controversy on this point than I originally thought. -- Matt From: scim <scim-bounces@ietf.org> On Behalf Of Anuradha Karunarathna Sent: Monday, February 7, 2022 9:24 AM To: scim@ietf.org Subject: [scim] Queries on SCIM Cursor-based Pagination Draft CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. Hi all, WSO2 Identity Server(IS) is a SCIM service provider which supports SCIM 2.0, and SCIM is the main protocol used in identity management in WSO2-IS. After seeing performance and functionality improvements that can be achieved with the cursor-based pagination we are planning to implement the cursor-based pagination draft [1] in WSO2 IS. While reading the draft spec we encountered the following concerns. Appreciate your clarification and input on these points. 1. 2. 3. No explanation on backward traversal (traverse to the previous page result set) 4. * * * As per the draft, count and cursor are the URL pagination parameters for cursor-based pagination. * (eg: GET /Users?cursor=VZUTiyhEQJ94I&count=10). * * * * Also, the definition of the "cursor" attribute is * "The * string * value from the nextCursor attribute * from the previous result page. A cursor parameter SHOULD be omitted for the first request of the paginated query" * * * * If the SCIM service provider supports previousCursor, what should be the API request format to * traverse back to the previous page? * o o o Suggestions: o 1. 2. 3. Instead of "cursor" query param, support two query params as "before" and "after" as similar to 4. Facebook API[2] 5. 6. 7. 8. Introduce new query param as "cursorDirection" to indicate whether the client needs the before/next 9. set of results from the cursor, and change cursor attribute definition 10. 11. 12. 13. Only if "count" and "cursor" params are supported, add a prefix to the cursor such as prev_ and 14. next_ that can be parsed before sending to the DB layer[3]. 15. Get next page results: GET /Users?cursor=base64encode<next_cursor1>&count=10 Get previous page results: GET /Users?cursor=base64encode<pre_cursor2>&count=10 2. 3. 4. Supporting filtering params and cursor-based pagination params together in the API request 5. As per the following paragraph in the introduction, is the cursor-based pagination supported only when all resources are fetched from the server? " Not only is filtering an OPTIONAL capability,for service providers, it is also a very common for SCIM clients to not to use a query filter in order to intentionally to retrieve all resources. Therefore, pagination of results (more so than filtering) is a primary scalability mechanism for SCIM service providers. " [1] https://datatracker.ietf.org/doc/html/draft-peterson-scim-cursor-pagination-00<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-peterson-scim-cursor-pagination-00&data=04%7C01%7Cmatt.peterson%40quest.com%7Cb71a260276744b4a0b2908d9ea564b70%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637798478629490490%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=UkfdM6WJPc5kO%2FYXW8XEAOMK%2BJo7Yu6Tz84JLWYbTKM%3D&reserved=0> [2] https://developers.facebook.com/docs/graph-api/results<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdevelopers.facebook.com%2Fdocs%2Fgraph-api%2Fresults&data=04%7C01%7Cmatt.peterson%40quest.com%7Cb71a260276744b4a0b2908d9ea564b70%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637798478629490490%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=w8VD1YVMi3ZY9ugyo2OwqTILNfcYnR7GPc39oQj5ogo%3D&reserved=0> [3] https://medium.com/swlh/how-to-implement-cursor-pagination-like-a-pro-513140b65f32<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmedium.com%2Fswlh%2Fhow-to-implement-cursor-pagination-like-a-pro-513140b65f32&data=04%7C01%7Cmatt.peterson%40quest.com%7Cb71a260276744b4a0b2908d9ea564b70%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637798478629490490%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=P%2B8mICK6yoZpnWCcgIB%2FwtSN1ntI%2B8%2Ba64YRi4baVYQ%3D&reserved=0> Regards, Anuradha
- [scim] Queries on SCIM Cursor-based Pagination Dr… Anuradha Karunarathna
- Re: [scim] Queries on SCIM Cursor-based Paginatio… Matt Peterson (mpeterso)
- Re: [scim] Queries on SCIM Cursor-based Paginatio… Danny Mayer
- Re: [scim] Queries on SCIM Cursor-based Paginatio… Jeremy Palenchar
- Re: [scim] Queries on SCIM Cursor-based Paginatio… Matt Peterson (mpeterso)
- Re: [scim] Queries on SCIM Cursor-based Paginatio… Anuradha Karunarathna