Diff: rfc9865v1.txt - rfc9865.txt

	rfc9865v1.txt	rfc9865.txt

	Internet Engineering Task Force (IETF) M. Peterson, Ed.	Internet Engineering Task Force (IETF) M. Peterson, Ed.
	Request for Comments: 9865 Entrust	Request for Comments: 9865 Entrust
	Updates: 7643, 7644 D. Zollner	Updates: 7643, 7644 D. Zollner
	Category: Standards Track Independent	Category: Standards Track Independent
	ISSN: 2070-1721 A. Sehgal	ISSN: 2070-1721 A. Sehgal
	Amazon Web Services	Amazon Web Services

	September 2025	October 2025


	Cursor-based Pagination of System of Cross-domain Identity Management	Cursor-Based Pagination of System of Cross-domain Identity Management
	(SCIM) Resources	(SCIM) Resources

	Abstract	Abstract

	This document updates RFCs 7643 and 7644 by defining additional	This document updates RFCs 7643 and 7644 by defining additional
	System for Cross-Domain Identity Management (SCIM) query parameters	System for Cross-Domain Identity Management (SCIM) query parameters
	and result attributes to allow use of cursor-based pagination in SCIM	and result attributes to allow use of cursor-based pagination in SCIM
	service providers that are implemented with existing codebases,	service providers that are implemented with existing codebases,
	databases, or APIs where cursor-based pagination is already well	databases, or APIs where cursor-based pagination is already well
	established.	established.

	skipping to change at line 72 ¶	skipping to change at line 72 ¶
	4. Service Provider Configuration	4. Service Provider Configuration
	5. Security Considerations	5. Security Considerations
	5.1. Threat Model and Security Environment	5.1. Threat Model and Security Environment
	5.2. Confidentiality	5.2. Confidentiality
	5.3. Availability	5.3. Availability
	5.4. Other Security References	5.4. Other Security References
	6. IANA Considerations	6. IANA Considerations
	7. References	7. References
	7.1. Normative References	7.1. Normative References
	7.2. Informative References	7.2. Informative References

	Acknowledgments and Contributions	Acknowledgments
		Contributors
	Authors' Addresses	Authors' Addresses

	1. Introduction	1. Introduction

	The two common patterns for result pagination are index-based	The two common patterns for result pagination are index-based
	pagination and cursor-based pagination. Rather than attempt to	pagination and cursor-based pagination. Rather than attempt to
	compare and contrast the advantages and disadvantages of competing	compare and contrast the advantages and disadvantages of competing
	pagination patterns, this document simply recognizes that System for	pagination patterns, this document simply recognizes that System for
	Cross-Domain Identity Management (SCIM) service providers are	Cross-Domain Identity Management (SCIM) service providers are
	commonly implemented as an interoperability layer on top of already	commonly implemented as an interoperability layer on top of already

	skipping to change at line 188 ¶	skipping to change at line 189 ¶
	For example, to retrieve the first 10 users with userName starting	For example, to retrieve the first 10 users with userName starting
	with J, use an empty cursor and set the count to 10:	with J, use an empty cursor and set the count to 10:

	GET /Users?filter=userName%20sw%20J&cursor&count=10	GET /Users?filter=userName%20sw%20J&cursor&count=10
	Host: example.com	Host: example.com
	Accept: application/scim+json	Accept: application/scim+json
	Authorization: Bearer U8YJcYYRMjbGeepD	Authorization: Bearer U8YJcYYRMjbGeepD

	The SCIM service provider in response to the query above returns	The SCIM service provider in response to the query above returns
	metadata regarding pagination similar to the following example	metadata regarding pagination similar to the following example

	(actual resources removed for brevity):	(Resources omitted for brevity):

	HTTP/1.1 200 OK	HTTP/1.1 200 OK
	Content-Type: application/scim+json	Content-Type: application/scim+json

	{	{
	"totalResults":100,	"totalResults":100,
	"itemsPerPage":10,	"itemsPerPage":10,
	"nextCursor":"VZUTiyhEQJ94IR",	"nextCursor":"VZUTiyhEQJ94IR",
	"schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],	"schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
	"Resources":[{	"Resources":[{

	skipping to change at line 268 ¶	skipping to change at line 269 ¶
	\| \| value for subsequent queries. \| \|	\| \| value for subsequent queries. \| \|
	+---------------+----------------------------------+---------------+	+---------------+----------------------------------+---------------+
	\| expiredCursor \| Cursor has expired. Do not wait \| GET (Section \|	\| expiredCursor \| Cursor has expired. Do not wait \| GET (Section \|
	\| \| longer than service provider's \| 3.4.2 of \|	\| \| longer than service provider's \| 3.4.2 of \|
	\| \| cursorTimeout to request \| [RFC7644]) \|	\| \| cursorTimeout to request \| [RFC7644]) \|
	\| \| additional pages. \| \|	\| \| additional pages. \| \|
	+---------------+----------------------------------+---------------+	+---------------+----------------------------------+---------------+
	\| invalidCount \| Count value is invalid. Count \| GET (Section \|	\| invalidCount \| Count value is invalid. Count \| GET (Section \|
	\| \| value must be between 0 and \| 3.4.2 of \|	\| \| value must be between 0 and \| 3.4.2 of \|
	\| \| service provider's maxPageSize \| [RFC7644]) \|	\| \| service provider's maxPageSize \| [RFC7644]) \|

	\| \| and must value identical count \| \|	\| \| and must be equal to the count \| \|
	\| \| of the initial query. \| \|	\| \| value of the initial query. \| \|
	+---------------+----------------------------------+---------------+	+---------------+----------------------------------+---------------+

	Table 3: Pagination Errors	Table 3: Pagination Errors

	2.2. Sorting	2.2. Sorting

	If sorting is implemented as described Section 3.4.2.3 of [RFC7644],	If sorting is implemented as described Section 3.4.2.3 of [RFC7644],
	then cursor-paged results should be sorted.	then cursor-paged results should be sorted.

	2.3. Implementing Cursors as the Only Pagination Method	2.3. Implementing Cursors as the Only Pagination Method

	skipping to change at line 341 ¶	skipping to change at line 342 ¶
	with the /.search path extension execute. When posting to /.search,	with the /.search path extension execute. When posting to /.search,
	the client would pass the parameters defined in Section 2 in the body	the client would pass the parameters defined in Section 2 in the body
	of the POST request. For example:	of the POST request. For example:

	POST /User/.search	POST /User/.search
	Host: example.com	Host: example.com
	Accept: application/scim+json	Accept: application/scim+json
	Authorization: Bearer U8YJcYYRMjbGeepD	Authorization: Bearer U8YJcYYRMjbGeepD

	{	{

	"schemas": ["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],	"schemas": [
		"urn:ietf:params:scim:api:messages:2.0:SearchRequest"],
	"attributes": ["displayName", "userName"],	"attributes": ["displayName", "userName"],
	"filter": "displayName sw \"smith\"",	"filter": "displayName sw \"smith\"",
	"cursor": "",	"cursor": "",
	"count": 10	"count": 10
	}	}

	Which would return a result containing a nextCursor value that may be	Which would return a result containing a nextCursor value that may be
	used by the client in a subsequent call to return the next page of	used by the client in a subsequent call to return the next page of
	resources:	resources:


	skipping to change at line 643 ¶	skipping to change at line 645 ¶
	"Recommendations for Secure Use of Transport Layer	"Recommendations for Secure Use of Transport Layer
	Security (TLS) and Datagram Transport Layer Security	Security (TLS) and Datagram Transport Layer Security
	(DTLS)", BCP 195, RFC 9325, DOI 10.17487/RFC9325, November	(DTLS)", BCP 195, RFC 9325, DOI 10.17487/RFC9325, November
	2022, <https://www.rfc-editor.org/info/rfc9325>.	2022, <https://www.rfc-editor.org/info/rfc9325>.

	[RFC9110] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,	[RFC9110] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
	Ed., "HTTP Semantics", STD 97, RFC 9110,	Ed., "HTTP Semantics", STD 97, RFC 9110,
	DOI 10.17487/RFC9110, June 2022,	DOI 10.17487/RFC9110, June 2022,
	<https://www.rfc-editor.org/info/rfc9110>.	<https://www.rfc-editor.org/info/rfc9110>.


	Acknowledgments and Contributions	Acknowledgments

	The authors would like to acknowledge the contribution of Paul Lanzi
	(IDenovate) in leading the writing of the Security Considerations
	section.

	The authors would also like to acknowledge the following individuals	The authors would also like to acknowledge the following individuals

	who provided valuable feedback while reviewing the document:	who provided valuable feedback while reviewing the document: Aaron
		Parecki, David Brossard, Dean H. Saxe, and Pamela Dingle.
	Aaron Parecki
	Okta

	David Brossard
	Axiomatics


	Dean H. Saxe	Contributors
	Independent


	Pamela Dingle	The authors would like to acknowledge the contribution of Paul Lanzi
	Microsoft	(IDenovate) in leading the writing of the Security Considerations
		section.

	Authors' Addresses	Authors' Addresses

	Matt Peterson (editor)	Matt Peterson (editor)
	Entrust	Entrust
	Email: matt.peterson@entrust.com	Email: matt.peterson@entrust.com

	Danny Zollner	Danny Zollner
	Independent	Independent
	Email: danny@zollnerd.com	Email: danny@zollnerd.com

End of changes. 10 change blocks.
	23 lines changed or deleted	16 lines changed or added
This html diff was produced by rfcdiff 1.48.