Internet Engineering Task Force M. Peterson, Ed. Internet-Draft Quest Software Updates: 7643,7644 (if approved) March 1, 2017 Intended status: Standards Track Expires: September 2, 2017 Cursor-based Pagination of SCIM Resources draft-peterson-scim-cursor-pagination-00 Abstract The System for Cross-domain Identity Management (SCIM) protocol supports the retrieval of core identity resources such as users and groups. In order to avoid overwhelming the SCIM client or service provider, SCIM defines index and count pagination query parameters that can be used "page through" large numbers of resources. For some SCIM service providers there are advantages in implementing cursor- based pagination as an alternative to index-based pagination. This document defines a simple extension to the SCIM protocol and core schema to assure interoperability of SCIM implementations that need to realize the advantages cursor-based pagination. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on September 2, 2017. Copyright Notice Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of Peterson Expires September 2, 2017 [Page 1] Internet-Draft SCIM Cursor Pagination March 2017 publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. 1. Introduction System for Cross-domain Identity Management (SCIM) protocol [RFC7644] supports the retrieval of core identity resources such as users and groups. When many resources exist, two strategies may be employed to help to avoid overwhelming the SCIM client and service provider. First, SCIM supports the use of query filters. A query filter allows the SCIM client to constrain the results returned to just the subset of resources that are needed by the client. Second, SCIM supports the ability to "page through" large result sets using index/count pagination parameters. Not only is filtering an OPTIONAL capability,for service providers, it is also a very common for SCIM clients to not to use a query filter in order to intentionally to retrieve all resources. Therefore, pagination of results (more so than filtering) is a primary scalability mechanism for SCIM service providers. The two most common patterns for result pagination in HTTP-based protocols are: index-based pagination, and cursor-based pagination. Both approaches have advantages and disadvantages. For web applications that also provide a application-specific Web API, the decision for which result pagination approach to use in the Web API is often dictated by the capabilities and optimizations of the underlying application database technology, or by strongly held preference of software developers. Implementation of a SCIM service provider is often made as a companion service along side an already existing application-specific Web API. If cusor-based pagination is already used in an existing application, it can be difficult to create a companion SCIM implementation that uses existing application code paths. For these applications, the mismatch in pagination approaches (index-based vs. cursor-based) is an impediment to SCIM implementation. This document defines a simple extension to the SCIM protocol and core schema that adds support for cursor-based pagination. Support for cursor-based pagination in SCIM encourages broader cross- application identity management interoperiablity by encouraging SCIM implementations for applications where cursor-based pagination is preferred. Peterson Expires September 2, 2017 [Page 2] Internet-Draft SCIM Cursor Pagination March 2017 1.1. Notational Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. 2. Query Parameters and Response Attributes The following table describes the URL pagination parameters for cursor-based pagination: +-----------+-----------------------------+-------------------------+ | Parameter | Description | Default | +-----------+-----------------------------+-------------------------+ | cursor | The string value from the | None. | | | nextCursor attribute from | | | | the previous result page. A | | | | cursor parameter SHOULD be | | | | omitted for the first | | | | request of paginated query | | | | | | | count | A positive integer. | None. When specified, | | | Specifies the desired | the service provider | | | maximum number of query | MUST NOT return more | | | results per page, e.g., 10. | results than specified, | | | | although it MAY return | | | | fewer results. | +-----------+-----------------------------+-------------------------+ Table 1: Pagination Request Parameters The following table describes cursor-based pagination attributes returned in a paged query response: Peterson Expires September 2, 2017 [Page 3] Internet-Draft SCIM Cursor Pagination March 2017 +----------------+--------------------------------------------------+ | Element | Description | +----------------+--------------------------------------------------+ | nextCursor | A cursor value string that MAY be used in a | | | subsequent request to obtain the next page of | | | results. Service providers supporting cursor- | | | based pagination MUST include nextCursor in all | | | paged query responses except when returning the | | | last page. nextCursor is omitted from a | | | response only to indicate that there are no more | | | result pages. | | | | | previousCursor | A cursor value string that MAY be used in a | | | subsequent request to obtain the previous page | | | of results. Use of previousCursor is optional. | | | Service Providers that are unable to support a | | | previousCursor MAY omit previousCursor when | | | sending paged query responses. | +----------------+--------------------------------------------------+ Table 2: Pagination Response Elements For example, to retrieve the first 10 Users, omit the cursor and set the count to 10: GET /Users?count=10 Host: example.com Accept: application/scim+json Authorization: Bearer U8YJcYYRMjbGeepD The response to the query above returns metadata regarding pagination similar to the following example (actual resources removed for brevity): { "totalResults":100, "nextCursor":"VZUTiyhEQJ94IR", "schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"], "Resources":[{ ... }] } Peterson Expires September 2, 2017 [Page 4] Internet-Draft SCIM Cursor Pagination March 2017 Given the example above, to continue pagination, set the cursor to the value of nextCursor ("VZUTiyhEQJ94IR") and re-fetch: GET /Users?cursor=VZUTiyhEQJ94I&count=10 Host: example.com Accept: application/scim+json Authorization: Bearer U8YJcYYRMjbGeepD If a Service Provider encounters an invalid cursor or count value (or other error condition), the Service Provider SHOULD return appropriate HTTP response status code and JSON detail error response as defined in Section 3.1.2 of RFC 7644 [RFC7644] 3. Service Provider Configuration T The SCIM service provider configuration resource [RFC7644] facilitates discovery of SCIM service provider features. A SCIM Service provider implementing cursor-based pagination SHOULD include the following additional attribute in JSON document returned by the /ServiceProviderConfig endpoint: pagination: A complex type that indicates cursor-based pagination configuration options. OPTIONAL. cursor A Boolean value specifying whether or not the cursor-based pagination is supported. REQUIRED. Before using cursor-based pagination, a SCIM client SHOULD fetch the Service Provider Configuration document from the SCIM service provider and verify that cursor-based pagination is supported. For example: GET /ServiceProviderConfig Host: example.com Accept: application/scim+json A service provider supporting cursor-based pagination would return a document similar to the following (portions of full Service Provider Configuration Schema ommitted for brevity): Peterson Expires September 2, 2017 [Page 5] Internet-Draft SCIM Cursor Pagination March 2017 { "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"], ... "pagination": { "cursor":true }, ... } 4. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC7643] Hunt, P., Ed., Grizzle, K., Wahlstroem, E., and C. Mortimore, "System for Cross-domain Identity Management: Core Schema", RFC 7643, DOI 10.17487/RFC7643, September 2015, . [RFC7644] Hunt, P., Ed., Grizzle, K., Ansari, M., Wahlstroem, E., and C. Mortimore, "System for Cross-domain Identity Management: Protocol", RFC 7644, DOI 10.17487/RFC7644, September 2015, . Author's Address Matt Peterson (editor) Quest Software Email: matt.peterson@quest.com Peterson Expires September 2, 2017 [Page 6]