[Search] [txt|xml|pdf|bibtex] [Tracker] [Email] [Nits]

Versions: 00                                                            
Internet Engineering Task Force                         M. Peterson, Ed.
Internet-Draft                                            Quest Software
Updates: 7643,7644 (if approved)                           March 1, 2017
Intended status: Standards Track
Expires: September 2, 2017


               Cursor-based Pagination of SCIM Resources
                draft-peterson-scim-cursor-pagination-00

Abstract

   The System for Cross-domain Identity Management (SCIM) protocol
   supports the retrieval of core identity resources such as users and
   groups.  In order to avoid overwhelming the SCIM client or service
   provider, SCIM defines index and count pagination query parameters
   that can be used "page through" large numbers of resources.  For some
   SCIM service providers there are advantages in implementing cursor-
   based pagination as an alternative to index-based pagination.  This
   document defines a simple extension to the SCIM protocol and core
   schema to assure interoperability of SCIM implementations that need
   to realize the advantages cursor-based pagination.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on September 2, 2017.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of



Peterson                Expires September 2, 2017               [Page 1]


Internet-Draft           SCIM Cursor Pagination               March 2017


   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

1.  Introduction

   System for Cross-domain Identity Management (SCIM) protocol [RFC7644]
   supports the retrieval of core identity resources such as users and
   groups.  When many resources exist, two strategies may be employed to
   help to avoid overwhelming the SCIM client and service provider.
   First, SCIM supports the use of query filters.  A query filter allows
   the SCIM client to constrain the results returned to just the subset
   of resources that are needed by the client.  Second, SCIM supports
   the ability to "page through" large result sets using index/count
   pagination parameters.

   Not only is filtering an OPTIONAL capability,for service providers,
   it is also a very common for SCIM clients to not to use a query
   filter in order to intentionally to retrieve all resources.
   Therefore, pagination of results (more so than filtering) is a
   primary scalability mechanism for SCIM service providers.

   The two most common patterns for result pagination in HTTP-based
   protocols are: index-based pagination, and cursor-based pagination.
   Both approaches have advantages and disadvantages.  For web
   applications that also provide a application-specific Web API, the
   decision for which result pagination approach to use in the Web API
   is often dictated by the capabilities and optimizations of the
   underlying application database technology, or by strongly held
   preference of software developers.

   Implementation of a SCIM service provider is often made as a
   companion service along side an already existing application-specific
   Web API.  If cusor-based pagination is already used in an existing
   application, it can be difficult to create a companion SCIM
   implementation that uses existing application code paths.  For these
   applications, the mismatch in pagination approaches (index-based vs.
   cursor-based) is an impediment to SCIM implementation.

   This document defines a simple extension to the SCIM protocol and
   core schema that adds support for cursor-based pagination.  Support
   for cursor-based pagination in SCIM encourages broader cross-
   application identity management interoperiablity by encouraging SCIM
   implementations for applications where cursor-based pagination is
   preferred.



Peterson                Expires September 2, 2017               [Page 2]


Internet-Draft           SCIM Cursor Pagination               March 2017


1.1.  Notational Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].

2.  Query Parameters and Response Attributes

   The following table describes the URL pagination parameters for
   cursor-based pagination:

   +-----------+-----------------------------+-------------------------+
   | Parameter | Description                 | Default                 |
   +-----------+-----------------------------+-------------------------+
   | cursor    | The string value from the   | None.                   |
   |           | nextCursor attribute from   |                         |
   |           | the previous result page. A |                         |
   |           | cursor parameter SHOULD be  |                         |
   |           | omitted for the first       |                         |
   |           | request of paginated query  |                         |
   |           |                             |                         |
   | count     | A positive integer.         | None. When specified,   |
   |           | Specifies the desired       | the service provider    |
   |           | maximum number of query     | MUST NOT return more    |
   |           | results per page, e.g., 10. | results than specified, |
   |           |                             | although it MAY return  |
   |           |                             | fewer results.          |
   +-----------+-----------------------------+-------------------------+

                  Table 1: Pagination Request Parameters

   The following table describes cursor-based pagination attributes
   returned in a paged query response:


















Peterson                Expires September 2, 2017               [Page 3]


Internet-Draft           SCIM Cursor Pagination               March 2017


   +----------------+--------------------------------------------------+
   | Element        | Description                                      |
   +----------------+--------------------------------------------------+
   | nextCursor     | A cursor value string that MAY be used in a      |
   |                | subsequent request to obtain the next page of    |
   |                | results. Service providers supporting cursor-    |
   |                | based pagination MUST include nextCursor in all  |
   |                | paged query responses except when returning the  |
   |                | last page.  nextCursor is omitted from a         |
   |                | response only to indicate that there are no more |
   |                | result pages.                                    |
   |                |                                                  |
   | previousCursor | A cursor value string that MAY be used in a      |
   |                | subsequent request to obtain the previous page   |
   |                | of results.  Use of previousCursor is optional.  |
   |                | Service Providers that are unable to support a   |
   |                | previousCursor MAY omit previousCursor when      |
   |                | sending paged query responses.                   |
   +----------------+--------------------------------------------------+

                   Table 2: Pagination Response Elements

   For example, to retrieve the first 10 Users, omit the cursor and set
   the count to 10:


      GET /Users?count=10
      Host: example.com
      Accept: application/scim+json
      Authorization: Bearer U8YJcYYRMjbGeepD


   The response to the query above returns metadata regarding pagination
   similar to the following example (actual resources removed for
   brevity):


   {
       "totalResults":100,
       "nextCursor":"VZUTiyhEQJ94IR",
       "schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
       "Resources":[{
        ...
       }]
   }






Peterson                Expires September 2, 2017               [Page 4]


Internet-Draft           SCIM Cursor Pagination               March 2017


   Given the example above, to continue pagination, set the cursor to
   the value of nextCursor ("VZUTiyhEQJ94IR") and re-fetch:


      GET /Users?cursor=VZUTiyhEQJ94I&count=10
      Host: example.com
      Accept: application/scim+json
      Authorization: Bearer U8YJcYYRMjbGeepD


   If a Service Provider encounters an invalid cursor or count value (or
   other error condition), the Service Provider SHOULD return
   appropriate HTTP response status code and JSON detail error response
   as defined in Section 3.1.2 of RFC 7644 [RFC7644]

3.  Service Provider Configuration

   T The SCIM service provider configuration resource [RFC7644]
   facilitates discovery of SCIM service provider features.  A SCIM
   Service provider implementing cursor-based pagination SHOULD include
   the following additional attribute in JSON document returned by the
   /ServiceProviderConfig endpoint:

   pagination:  A complex type that indicates cursor-based pagination
      configuration options.  OPTIONAL.

      cursor A Boolean value specifying whether or not the cursor-based
      pagination is supported.  REQUIRED.

   Before using cursor-based pagination, a SCIM client SHOULD fetch the
   Service Provider Configuration document from the SCIM service
   provider and verify that cursor-based pagination is supported.

   For example:


      GET /ServiceProviderConfig
      Host: example.com
      Accept: application/scim+json


   A service provider supporting cursor-based pagination would return a
   document similar to the following (portions of full Service Provider
   Configuration Schema ommitted for brevity):







Peterson                Expires September 2, 2017               [Page 5]


Internet-Draft           SCIM Cursor Pagination               March 2017


   {
      "schemas": [
         "urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"],

      ...

      "pagination": {
         "cursor":true
      },

      ...
   }


4.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <http://www.rfc-editor.org/info/rfc2119>.

   [RFC7643]  Hunt, P., Ed., Grizzle, K., Wahlstroem, E., and C.
              Mortimore, "System for Cross-domain Identity Management:
              Core Schema", RFC 7643, DOI 10.17487/RFC7643, September
              2015, <http://www.rfc-editor.org/info/rfc7643>.

   [RFC7644]  Hunt, P., Ed., Grizzle, K., Ansari, M., Wahlstroem, E.,
              and C. Mortimore, "System for Cross-domain Identity
              Management: Protocol", RFC 7644, DOI 10.17487/RFC7644,
              September 2015, <http://www.rfc-editor.org/info/rfc7644>.

Author's Address

   Matt Peterson (editor)
   Quest Software

   Email: matt.peterson@quest.com














Peterson                Expires September 2, 2017               [Page 6]