[scim] Root Query & Search Requirements
Shelley <randomshelley@gmail.com> Wed, 26 February 2020 18:47 UTC
Return-Path: <randomshelley@gmail.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 442633A10E2 for <scim@ietfa.amsl.com>; Wed, 26 Feb 2020 10:47:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.077
X-Spam-Level:
X-Spam-Status: No, score=-2.077 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, T_SPF_HELO_TEMPERROR=0.01, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0hGAjsfiUeaK for <scim@ietfa.amsl.com>; Wed, 26 Feb 2020 10:47:24 -0800 (PST)
Received: from mail-ua1-x92e.google.com (mail-ua1-x92e.google.com [IPv6:2607:f8b0:4864:20::92e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D5113A10EB for <scim@ietf.org>; Wed, 26 Feb 2020 10:47:24 -0800 (PST)
Received: by mail-ua1-x92e.google.com with SMTP id p2so1353064uao.9 for <scim@ietf.org>; Wed, 26 Feb 2020 10:47:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=WfsmjI5xk7W3t3/MzsWTPK3TDcPV85uHv+XeV2D3Ifs=; b=rft7/Z6VDSaeyVhYBFNrAKounrizjURq5vXiGDUf8qkEcu9dvGl7EUKBqJ5tsysFkt kk3S2smp88XJXM0hhLvqPeb1qGilbPfotLuOiOPu9uTm7ubniD7WHFpnqrTyDlHIBlLa qPt6npHRpaxC3Eb1QlRuLfztu8McB18Iyo2UjelgOfXFtHXt5DcVcrqqr2U0Tap5VWp+ JRK/QWAdNsL76KCXVm0FU8slLL9uIdgdBof13EyIQgRdB5Xe85b1cOa0XizdZOyuqohh +0ReaNCPWZB8qAuATua55ekuBdbsl2gMuCmcz1WVgYDLU6rlSOu3zLFDlTWBnOsBVSU7 yLdQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=WfsmjI5xk7W3t3/MzsWTPK3TDcPV85uHv+XeV2D3Ifs=; b=MY4qEFqsBIAmGfzeLKweSiOD/WCAevVYqF8en+B0wl/VrFL0MX632aMy/uKFCgNtcn N7UqQxIBHLUylRQyBkaQeeCK7/g6E39PeUgTNaTjeQ3EbVM+Wd9OohrJDQLoSlA3K6Nj sjjApkfSW2/K410+4ohglUPnG3yxZLQLDYyL7Bn5EHELFGAwMziefwnnoXhJzdByR/+s RgsXbjQAuJe/v/Ff6T4OxoGINlU9nMbNGsztZ0BBBcwZ0C83OL0L9FdxGzQgei3ZtbFv BpQYgyKUBft2OTgfk8z5hmeKy1EyV8B1LzDNkhY/L72ZlWvy0silUHKqih4FX1imlkxs 7Qng==
X-Gm-Message-State: APjAAAUG/arrlgCK/20M352G+nL1gSW+DdodLvDRMwbkn3f1A3Ay0HqD PzACQ7zhTi+ob64XU8b01gVNdc8CVZzIEL98QaJ8j+0kElM=
X-Google-Smtp-Source: APXvYqwNJmuBYd6DDS6m/CaLu6Mh2Dfk82BRACg+VZ9ncPsJeySL2VDAI8N3Wh8WNJZo4eX6J4KfUlPLiAHnZtoJV2E=
X-Received: by 2002:ab0:74ce:: with SMTP id f14mr331842uaq.118.1582742838435; Wed, 26 Feb 2020 10:47:18 -0800 (PST)
MIME-Version: 1.0
From: Shelley <randomshelley@gmail.com>
Date: Wed, 26 Feb 2020 12:47:07 -0600
Message-ID: <CAGUsYPxXAHUfn03_ePrD1rVtToZjiYgFiEYz=+OPnhno65g0+g@mail.gmail.com>
To: scim@ietf.org
Content-Type: multipart/alternative; boundary="000000000000a7e548059f7f08e9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/jNnSMsITvPMVoU-iCOzoP83Iyv0>
Subject: [scim] Root Query & Search Requirements
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Feb 2020 18:47:36 -0000
The server root is not defined as a supported endpoint [1] for querying (GET), yet the inline text for the Query Resources section [2] implies that it is a required endpoint responsible for returning all resource types: *> Queries MAY be performed against a SCIM resource object, a resource type > endpoint, or a SCIM server root.* > *> A query against a server root indicates that all resources within the > server SHALL be included, subject to filtering...* > *> When processing query operations using endpoints that include more than > one SCIM resource type (e.g., a query from the server root endpoint)...* > Similarly, searching (POST) [3] seems to assume that the search is attached to a valid SCIM endpoint, although the root is not clearly defined as such: * > The inclusion of "/.search" on the end of a valid SCIM endpoint...* > I found some old tickets/discussions [4,5,6] that proposed making these requirements more clear in the RFC text and service provider configuration, but that clarity doesn't appear to have made its way into the final RFCs. Can someone provide some clarity on whether the server root must be a supported SCIM endpoint responsible for returning all resources (subject to standard filtering) and/or if it must support the .search capability? Our SCIM implementation does not currently have any use cases that would benefit from querying/searching across resource types, any I would prefer to add any custom support there unless it becomes necessary (i.e. just return a basic 404 response for any requests to the server root as an unknown/unsupported resource). [1] https://tools.ietf.org/html/rfc7644#section-3.2 [2] https://tools.ietf.org/html/rfc7644#section-3.4.2 [3] https://tools.ietf.org/html/rfc7644#section-3.4.3 [4] https://trac.ietf.org/trac/scim/ticket/42 [5] https://mailarchive.ietf.org/arch/msg/scim/WOT40hJ9t5RB1vEnwGoePWW18dI/ [6] https://mailarchive.ietf.org/arch/msg/scim/MXu6yJ3TxYTm566hW99TGTpvoZg/