IETF Logo Mail Archive

Re: [scim] [EXTERNAL] Query on a specific known resource

Julien Schneider <julien@audriga.com> Thu, 07 July 2022 07:58 UTC

Return-Path: <julien@audriga.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27566C14792A for <scim@ietfa.amsl.com>; Thu, 7 Jul 2022 00:58:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.68
X-Spam-Level:
X-Spam-Status: No, score=-3.68 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, NICE_REPLY_A=-1.876, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7VEPRJ6PbMrL for <scim@ietfa.amsl.com>; Thu, 7 Jul 2022 00:57:59 -0700 (PDT)
Received: from mail.audriga.com (mail.audriga.com [176.221.42.35]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27F57C14CF18 for <scim@ietf.org>; Thu, 7 Jul 2022 00:57:58 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.audriga.com (Postfix) with ESMTP id F1892A194; Thu, 7 Jul 2022 09:57:54 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at mail.audriga.com
Received: from mail.audriga.com ([127.0.0.1]) by localhost (mail.audriga.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lY2fG5ZX0Q0w; Thu, 7 Jul 2022 09:57:52 +0200 (CEST)
Received: from [192.168.10.126] (ip-109-090-161-242.um36.pools.vodafone-ip.de [109.90.161.242]) (Authenticated sender: julien@audriga.com) by mail.audriga.com (Postfix) with ESMTPSA id F0316A0B5; Thu, 7 Jul 2022 09:57:51 +0200 (CEST)
Content-Type: multipart/alternative; boundary="------------9kt0i060EGYAxjxFpZS8teZh"
Message-ID: <7792b174-48ad-181c-11e1-9adb5ff3bc54@audriga.com>
Date: Thu, 07 Jul 2022 09:57:52 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1
Content-Language: en-US
To: Danny Zollner <Danny.Zollner@microsoft.com>, "scim@ietf.org" <scim@ietf.org>
References: <bc9c53f8-82fd-57e9-8fe0-166e91048d6b@audriga.com> <MN2PR00MB07189D4A9DA54A11131E9896FF839@MN2PR00MB0718.namprd00.prod.outlook.com>
From: Julien Schneider <julien@audriga.com>
In-Reply-To: <MN2PR00MB07189D4A9DA54A11131E9896FF839@MN2PR00MB0718.namprd00.prod.outlook.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/npI8Rs36DPX3a4BeGQckFaRG64g>
Subject: Re: [scim] [EXTERNAL] Query on a specific known resource
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jul 2022 07:58:03 -0000

Hi Danny, hi Phillip, hi everyone,

Thanks for your answers. I think the confusing part (for me at least) is 
"Queries MAY be made _*against a single resource*_ or a resource type 
endpoint ......." at the beginning of RFC7644 section 3.4.2., followed 
by "Responses MUST be identified using the following URI: 
"urn:ietf:params:scim:api:messages:2.0:ListResponse" ".

My interpretation is that "*GET 
/Users/2819c223-7f76-453a-919d-413861904646?attributes=userName*" is a 
query against a single resource, and should then have a "ListResponse" 
response? Where am I wrong here?

Thanks

Julien Schneider
Tel: +49 721 170293 16
Fax: +49 721 170293 179

http://www.audriga.com  |http://www.twitter.com/audriga

--------------------------------------------------------------------------
audriga GmbH |  Alter Schlachthof 57  | 76137 Karlsruhe
Sitz der Gesellschaft: Karlsruhe - Amtsgericht Mannheim - HRB 713034
Geschäftsführer: Dr. Frank Dengler, Dr.-Ing. Hans-Jörg Happel
--------------------------------------------------------------------------

On 07/07/2022 04:51, Danny Zollner wrote:
>
> Hi Julien,
>
> RFC 7644 section 3.4.2 specifically is talking about queries. 
> Retrieving or modifying known resources (i.e.: GET /Users/12345 ) does 
> not require a ListResponse type response. A query of *GET 
> /Users?filter=displayname contains “contoso.com”* or *GET 
> /Users?attributes=userName* would require a ListResponse type 
> response, as it does not identify a specific resource in the query URL 
> via ID value (i.e.: “12345” in the previous example). On the other 
> hand, *GET /Users/12345?attributes=userName *does not require the 
> ListResponse type response as it does identify a specific resource.
>
> To explicitly answer the final question in your email – the expected 
> response to *GET 
> /Users/2819c223-7f76-453a-919d-413861904646?attributes=userName* would 
> be the second example you provided.
>
> Cheers,
>
> Danny Zollner
>
> *From:* scim <scim-bounces@ietf.org> *On Behalf Of * Julien Schneider
> *Sent:* Wednesday, July 6, 2022 3:41 AM
> *To:* scim@ietf.org
> *Subject:* [EXTERNAL] [scim] Query on a specific known resource
>
>
> 	
>
> Some people who received this message don't often get email from 
> julien@audriga.com. Learn why this is important 
> <https://aka.ms/LearnAboutSenderIdentification>
>
> 	
>
> Hi all,
>
> I have a question about queries performed against a SCIM resource 
> object (like "/Users/{id}").
>
> The RFC (https://datatracker.ietf.org/doc/html/rfc7644#section-3.4.2 
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc7644%23section-3.4.2&data=05%7C01%7Cdanny.zollner%40microsoft.com%7C29270780ce9941a0687808da5f2b53db%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637926937860837552%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=fVtTna44Hr973Z79OsTegu9U9%2FpDwRcBZignfi5Eluk%3D&reserved=0>) 
> states:
>
> Responses MUST be identified using the following URI:
>     "urn:ietf:params:scim:api:messages:2.0:ListResponse"
>
>
> If I understand correctly, that means the "schemas" parameter of the 
> response to those queries must be set to:
>
> "schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"]
>
>
> While I understand how that applies to queries on a resource type 
> endpoint (like "/Users") or on the SCIM server root, I don't 
> understand how that applies to queries on a specific resource object.
> If I understand correctly, queries on a specific resource object 
> actually are quite identical to "retrieving a known resource" 
> (https://datatracker.ietf.org/doc/html/rfc7644#section-3.4.1 
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc7644%23section-3.4.1&data=05%7C01%7Cdanny.zollner%40microsoft.com%7C29270780ce9941a0687808da5f2b53db%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637926937860837552%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=DQEZdlY7XBONxFIegf1SCJfpdjpDdWzBvh5%2FzB%2B2EpQ%3D&reserved=0>) 
> which are a GET on a specific resource, like:
>
> GET /Users/2819c223-7f76-453a-919d-413861904646
>
> Responses to those requests should have the "schemas" parameter set to 
> the resource schema(s):
>
> {
>       "schemas":["urn:ietf:params:scim:schemas:core:2.0:User"],
>       "id":"2819c223-7f76-453a-919d-413861904646",
> ...
> }
>
>
> Now, how should the response to the following query should look like? 
> And to what value should the "schemas" parameter of the response be set?
>
> GET /Users/2819c223-7f76-453a-919d-413861904646?attributes=userName
>
>
> Should it be:
>
>     {
>       "schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
>       "totalResults":1,
>       "Resources":[
>         {
>           "id":"2819c223-7f76-453a-919d-413861904646",
>           "userName":"bjensen"
>         }
>       ]
>     }
>
>
> Or something like:
>
>     {
>       "schemas":["urn:ietf:params:scim:schemas:core:2.0:User"],
>       "id":"2819c223-7f76-453a-919d-413861904646",
>       "meta":{
>         "resourceType":"User",
>         "created":"2011-08-01T18:29:49.793Z",
>         "lastModified":"2011-08-01T18:29:49.793Z",
>         "location":
>     "https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646"  <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexample.com%2Fv2%2FUsers%2F2819c223-7f76-453a-919d-413861904646&data=05%7C01%7Cdanny.zollner%40microsoft.com%7C29270780ce9941a0687808da5f2b53db%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637926937860837552%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=HRI2UjMUWpVqb0IzoOcpDNA%2FVVDBG3lZ4gU6C60Gr1I%3D&reserved=0>,
>         "version":"W\/\"f250dd84f0671c3\""
>       },
>       "userName":"bjensen"
>     }
>
>
> Thanks a lot in advance
>
> -- 
> Julien Schneider
> Tel: +49 721 170293 16
> Fax: +49 721 170293 179
> http://www.audriga.com  <https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.audriga.com%2F&data=05%7C01%7Cdanny.zollner%40microsoft.com%7C29270780ce9941a0687808da5f2b53db%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637926937860837552%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=37nDJF0vyrffA22bld7R3WHNu11PnoLTmWCne%2FGCios%3D&reserved=0>  |http://www.twitter.com/audriga  <https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.twitter.com%2Faudriga&data=05%7C01%7Cdanny.zollner%40microsoft.com%7C29270780ce9941a0687808da5f2b53db%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637926937860837552%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=P5As3bPNzRa4zSXSdYj9%2BirwGEkk6%2BYy5jkVKNAQnYw%3D&reserved=0>
> --------------------------------------------------------------------------
> audriga GmbH |  Alter Schlachthof 57  | 76137 Karlsruhe
> Sitz der Gesellschaft: Karlsruhe - Amtsgericht Mannheim - HRB 713034
> Geschäftsführer: Dr. Frank Dengler, Dr.-Ing. Hans-Jörg Happel
> --------------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email