Re: [scim] [EXTERNAL] Query on a specific known resource
Julien Schneider <julien@audriga.com> Thu, 07 July 2022 07:58 UTC
Return-Path: <julien@audriga.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27566C14792A for <scim@ietfa.amsl.com>; Thu, 7 Jul 2022 00:58:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.68
X-Spam-Level:
X-Spam-Status: No, score=-3.68 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, NICE_REPLY_A=-1.876, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7VEPRJ6PbMrL for <scim@ietfa.amsl.com>; Thu, 7 Jul 2022 00:57:59 -0700 (PDT)
Received: from mail.audriga.com (mail.audriga.com [176.221.42.35]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27F57C14CF18 for <scim@ietf.org>; Thu, 7 Jul 2022 00:57:58 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.audriga.com (Postfix) with ESMTP id F1892A194; Thu, 7 Jul 2022 09:57:54 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at mail.audriga.com
Received: from mail.audriga.com ([127.0.0.1]) by localhost (mail.audriga.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lY2fG5ZX0Q0w; Thu, 7 Jul 2022 09:57:52 +0200 (CEST)
Received: from [192.168.10.126] (ip-109-090-161-242.um36.pools.vodafone-ip.de [109.90.161.242]) (Authenticated sender: julien@audriga.com) by mail.audriga.com (Postfix) with ESMTPSA id F0316A0B5; Thu, 7 Jul 2022 09:57:51 +0200 (CEST)
Content-Type: multipart/alternative; boundary="------------9kt0i060EGYAxjxFpZS8teZh"
Message-ID: <7792b174-48ad-181c-11e1-9adb5ff3bc54@audriga.com>
Date: Thu, 07 Jul 2022 09:57:52 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1
Content-Language: en-US
To: Danny Zollner <Danny.Zollner@microsoft.com>, "scim@ietf.org" <scim@ietf.org>
References: <bc9c53f8-82fd-57e9-8fe0-166e91048d6b@audriga.com> <MN2PR00MB07189D4A9DA54A11131E9896FF839@MN2PR00MB0718.namprd00.prod.outlook.com>
From: Julien Schneider <julien@audriga.com>
In-Reply-To: <MN2PR00MB07189D4A9DA54A11131E9896FF839@MN2PR00MB0718.namprd00.prod.outlook.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/npI8Rs36DPX3a4BeGQckFaRG64g>
Subject: Re: [scim] [EXTERNAL] Query on a specific known resource
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jul 2022 07:58:03 -0000
Hi Danny, hi Phillip, hi everyone, Thanks for your answers. I think the confusing part (for me at least) is "Queries MAY be made _*against a single resource*_ or a resource type endpoint ......." at the beginning of RFC7644 section 3.4.2., followed by "Responses MUST be identified using the following URI: "urn:ietf:params:scim:api:messages:2.0:ListResponse" ". My interpretation is that "*GET /Users/2819c223-7f76-453a-919d-413861904646?attributes=userName*" is a query against a single resource, and should then have a "ListResponse" response? Where am I wrong here? Thanks Julien Schneider Tel: +49 721 170293 16 Fax: +49 721 170293 179 http://www.audriga.com |http://www.twitter.com/audriga -------------------------------------------------------------------------- audriga GmbH | Alter Schlachthof 57 | 76137 Karlsruhe Sitz der Gesellschaft: Karlsruhe - Amtsgericht Mannheim - HRB 713034 Geschäftsführer: Dr. Frank Dengler, Dr.-Ing. Hans-Jörg Happel -------------------------------------------------------------------------- On 07/07/2022 04:51, Danny Zollner wrote: > > Hi Julien, > > RFC 7644 section 3.4.2 specifically is talking about queries. > Retrieving or modifying known resources (i.e.: GET /Users/12345 ) does > not require a ListResponse type response. A query of *GET > /Users?filter=displayname contains “contoso.com”* or *GET > /Users?attributes=userName* would require a ListResponse type > response, as it does not identify a specific resource in the query URL > via ID value (i.e.: “12345” in the previous example). On the other > hand, *GET /Users/12345?attributes=userName *does not require the > ListResponse type response as it does identify a specific resource. > > To explicitly answer the final question in your email – the expected > response to *GET > /Users/2819c223-7f76-453a-919d-413861904646?attributes=userName* would > be the second example you provided. > > Cheers, > > Danny Zollner > > *From:* scim <scim-bounces@ietf.org> *On Behalf Of * Julien Schneider > *Sent:* Wednesday, July 6, 2022 3:41 AM > *To:* scim@ietf.org > *Subject:* [EXTERNAL] [scim] Query on a specific known resource > > > > > Some people who received this message don't often get email from > julien@audriga.com. Learn why this is important > <https://aka.ms/LearnAboutSenderIdentification> > > > > Hi all, > > I have a question about queries performed against a SCIM resource > object (like "/Users/{id}"). > > The RFC (https://datatracker.ietf.org/doc/html/rfc7644#section-3.4.2 > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc7644%23section-3.4.2&data=05%7C01%7Cdanny.zollner%40microsoft.com%7C29270780ce9941a0687808da5f2b53db%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637926937860837552%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=fVtTna44Hr973Z79OsTegu9U9%2FpDwRcBZignfi5Eluk%3D&reserved=0>) > states: > > Responses MUST be identified using the following URI: > "urn:ietf:params:scim:api:messages:2.0:ListResponse" > > > If I understand correctly, that means the "schemas" parameter of the > response to those queries must be set to: > > "schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"] > > > While I understand how that applies to queries on a resource type > endpoint (like "/Users") or on the SCIM server root, I don't > understand how that applies to queries on a specific resource object. > If I understand correctly, queries on a specific resource object > actually are quite identical to "retrieving a known resource" > (https://datatracker.ietf.org/doc/html/rfc7644#section-3.4.1 > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc7644%23section-3.4.1&data=05%7C01%7Cdanny.zollner%40microsoft.com%7C29270780ce9941a0687808da5f2b53db%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637926937860837552%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=DQEZdlY7XBONxFIegf1SCJfpdjpDdWzBvh5%2FzB%2B2EpQ%3D&reserved=0>) > which are a GET on a specific resource, like: > > GET /Users/2819c223-7f76-453a-919d-413861904646 > > Responses to those requests should have the "schemas" parameter set to > the resource schema(s): > > { > "schemas":["urn:ietf:params:scim:schemas:core:2.0:User"], > "id":"2819c223-7f76-453a-919d-413861904646", > ... > } > > > Now, how should the response to the following query should look like? > And to what value should the "schemas" parameter of the response be set? > > GET /Users/2819c223-7f76-453a-919d-413861904646?attributes=userName > > > Should it be: > > { > "schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"], > "totalResults":1, > "Resources":[ > { > "id":"2819c223-7f76-453a-919d-413861904646", > "userName":"bjensen" > } > ] > } > > > Or something like: > > { > "schemas":["urn:ietf:params:scim:schemas:core:2.0:User"], > "id":"2819c223-7f76-453a-919d-413861904646", > "meta":{ > "resourceType":"User", > "created":"2011-08-01T18:29:49.793Z", > "lastModified":"2011-08-01T18:29:49.793Z", > "location": > "https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646" <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexample.com%2Fv2%2FUsers%2F2819c223-7f76-453a-919d-413861904646&data=05%7C01%7Cdanny.zollner%40microsoft.com%7C29270780ce9941a0687808da5f2b53db%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637926937860837552%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=HRI2UjMUWpVqb0IzoOcpDNA%2FVVDBG3lZ4gU6C60Gr1I%3D&reserved=0>, > "version":"W\/\"f250dd84f0671c3\"" > }, > "userName":"bjensen" > } > > > Thanks a lot in advance > > -- > Julien Schneider > Tel: +49 721 170293 16 > Fax: +49 721 170293 179 > http://www.audriga.com <https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.audriga.com%2F&data=05%7C01%7Cdanny.zollner%40microsoft.com%7C29270780ce9941a0687808da5f2b53db%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637926937860837552%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=37nDJF0vyrffA22bld7R3WHNu11PnoLTmWCne%2FGCios%3D&reserved=0> |http://www.twitter.com/audriga <https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.twitter.com%2Faudriga&data=05%7C01%7Cdanny.zollner%40microsoft.com%7C29270780ce9941a0687808da5f2b53db%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637926937860837552%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=P5As3bPNzRa4zSXSdYj9%2BirwGEkk6%2BYy5jkVKNAQnYw%3D&reserved=0> > -------------------------------------------------------------------------- > audriga GmbH | Alter Schlachthof 57 | 76137 Karlsruhe > Sitz der Gesellschaft: Karlsruhe - Amtsgericht Mannheim - HRB 713034 > Geschäftsführer: Dr. Frank Dengler, Dr.-Ing. Hans-Jörg Happel > --------------------------------------------------------------------------
- [scim] Query on a specific known resource Julien Schneider
- Re: [scim] [EXTERNAL] Query on a specific known r… Danny Zollner
- Re: [scim] [EXTERNAL] Query on a specific known r… Phillip Hunt
- Re: [scim] [EXTERNAL] Query on a specific known r… Julien Schneider
- Re: [scim] [EXTERNAL] Query on a specific known r… Phillip Hunt
- Re: [scim] [EXTERNAL] Query on a specific known r… Danny Zollner
- Re: [scim] [EXTERNAL] Query on a specific known r… Phillip Hunt
- Re: [scim] [EXTERNAL] Query on a specific known r… Julien Schneider
- Re: [scim] [EXTERNAL] Query on a specific known r… Julien Schneider
- Re: [scim] [EXTERNAL] Query on a specific known r… Phillip Hunt
- Re: [scim] [EXTERNAL] Query on a specific known r… Julien Schneider