draft-ietf-regext-rdap-sorting-and-paging-12.txt   draft-ietf-regext-rdap-sorting-and-paging-13.txt 
Registration Protocols Extensions M. Loffredo Registration Protocols Extensions M. Loffredo
Internet-Draft M. Martinelli Internet-Draft M. Martinelli
Intended status: Standards Track IIT-CNR/Registro.it Intended status: Standards Track IIT-CNR/Registro.it
Expires: October 19, 2020 S. Hollenbeck Expires: November 30, 2020 S. Hollenbeck
Verisign Labs Verisign Labs
April 17, 2020 May 29, 2020
Registration Data Access Protocol (RDAP) Query Parameters for Result Registration Data Access Protocol (RDAP) Query Parameters for Result
Sorting and Paging Sorting and Paging
draft-ietf-regext-rdap-sorting-and-paging-12 draft-ietf-regext-rdap-sorting-and-paging-13
Abstract Abstract
The Registration Data Access Protocol (RDAP) does not include core The Registration Data Access Protocol (RDAP) does not include core
functionality for clients to provide sorting and paging parameters functionality for clients to provide sorting and paging parameters
for control of large result sets. This omission can lead to for control of large result sets. This omission can lead to
unpredictable server processing of queries and client processing of unpredictable server processing of queries and client processing of
responses. This unpredictability can be greatly reduced if clients responses. This unpredictability can be greatly reduced if clients
can provide servers with their preferences for managing large can provide servers with their preferences for managing large
responses. This document describes RDAP query extensions that allow responses. This document describes RDAP query extensions that allow
skipping to change at page 1, line 41 skipping to change at page 1, line 41
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 19, 2020. This Internet-Draft will expire on November 30, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 24 skipping to change at page 3, line 24
2. Information related to the number of results and the specific 2. Information related to the number of results and the specific
portion of the result set to be returned, in addition to a set of portion of the result set to be returned, in addition to a set of
ready-made links for the result set scrolling, are inserted in ready-made links for the result set scrolling, are inserted in
the HTTP header of the request/response. the HTTP header of the request/response.
However, there are some drawbacks associated with the use of the HTTP However, there are some drawbacks associated with the use of the HTTP
header. First, the header properties cannot be set directly from a header. First, the header properties cannot be set directly from a
web browser. Moreover, in an HTTP session, the information on the web browser. Moreover, in an HTTP session, the information on the
status (i.e. the session identifier) is usually inserted in the status (i.e. the session identifier) is usually inserted in the
header or in the cookies, while the information on the resource header or in a cookie, while the information on the resource
identification or the search type is included in the query string. identification or the search type is included in the query string.
The second approach is therefore not compliant with the HTTP standard The second approach is therefore not compliant with the HTTP standard
[RFC7230]. As a result, this document describes a specification [RFC7230]. As a result, this document describes a specification
based on the use of query parameters. based on the use of query parameters.
Currently, the RDAP protocol [RFC7482] defines two query types: Currently, the RDAP protocol [RFC7482] defines two query types:
o lookup: the server returns only one object; o lookup: the server returns only one object;
o search: the server returns a collection of objects. o search: the server returns a collection of objects.
While the lookup query does not raise issues in the response While the lookup query does not raise issues in response size
management, the search query can potentially generate a large result management, the search query can potentially generate a large result
set that could be truncated according to the server limits. In set that could be truncated according to server limits. In addition,
addition, it is not possible to obtain the total number of the it is not possible to obtain the total number of objects found that
objects found that might be returned in a search query response might be returned in a search query response [RFC7483]. Lastly,
[RFC7483]. Lastly, there is no way to specify sort criteria to there is no way to specify sort criteria to return the most relevant
return the most relevant objects at the beginning of the result set. objects at the beginning of the result set. Therefore, the client
Therefore, the client might traverse the whole result set to find the might traverse the whole result set to find the relevant objects or,
relevant objects or, due to truncation, could not find them at all. due to truncation, might not find them at all.
The specification described in this document extends RDAP query The specification described in this document extends RDAP query
capabilities to enable result sorting and paging, by adding new query capabilities to enable result sorting and paging, by adding new query
parameters that can be applied to RDAP search path segments. The parameters that can be applied to RDAP search path segments. The
service is implemented using the Hypertext Transfer Protocol (HTTP) service is implemented using the Hypertext Transfer Protocol (HTTP)
[RFC7230] and the conventions described in RFC 7480 [RFC7480]. [RFC7230] and the conventions described in RFC 7480 [RFC7480].
The implementation of the new parameters is technically feasible, as The implementation of the new parameters is technically feasible, as
operators for counting, sorting and paging rows are currently operators for counting, sorting and paging rows are currently
supported by the major RDBMSs. supported by the major RDBMSs.
1.1. Conventions Used in This Document 1.1. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in BCP 14 [RFC2119]
[RFC8174] when, and only when, they appear in all capitals, as shown
here.
2. RDAP Query Parameter Specification 2. RDAP Query Parameter Specification
The new query parameters are OPTIONAL extensions of path segments The new query parameters are OPTIONAL extensions of path segments
defined in RFC 7482 [RFC7482]. They are as follows: defined in RFC 7482 [RFC7482]. They are as follows:
o "count": a boolean value that allows a client to request the total o "count": a boolean value that allows a client to request return of
number of objects found (that due to truncation can be different the total number of objects found;
from the number of returned objects);
o "sort": a string value that allows a client to request a specific o "sort": a string value that allows a client to request a specific
sort order for the result set; sort order for the result set;
o "cursor": a string value representing a pointer to a specific o "cursor": a string value representing a pointer to a specific
fixed size portion of the result set. fixed size portion of the result set.
Augmented Backus-Naur Form (ABNF) [RFC5234] is used in the following Augmented Backus-Naur Form (ABNF) [RFC5234] is used in the following
sections to describe the formal syntax of these new parameters. sections to describe the formal syntax of these new parameters.
2.1. Sorting and Paging Metadata 2.1. Sorting and Paging Metadata
According to most advanced principles in REST design, collectively According to most advanced principles in REST design, collectively
known as HATEOAS (Hypermedia as the Engine of Application State) known as HATEOAS (Hypermedia as the Engine of Application State)
([HATEOAS]), a client entering a REST application through an initial ([HATEOAS]), a client entering a REST application through an initial
URI should use the server-provided links to dynamically discover URI should use server-provided links to dynamically discover
available actions and access the resources it needs. In this way, available actions and access the resources it needs. In this way,
the client is not requested to have prior knowledge of the service the client is not requested to have prior knowledge of the service
and, consequently, to hard code the URIs of different resources. and, consequently, to hard code the URIs of different resources.
This would allow the server to make URI changes as the API evolves This allows the server to make URI changes as the API evolves without
without breaking the clients. Definitively, a REST service should be breaking clients. Definitively, a REST service should be as self-
as self-descriptive as possible. descriptive as possible.
Therefore, servers implementing the query parameters described in Therefore, servers implementing the query parameters described in
this specification SHOULD provide additional information in their this specification SHOULD provide additional information in their
responses about both the available sorting criteria and the possible responses about both the available sorting criteria and possible
pagination. Such information is collected in two OPTIONAL response pagination. Such information is collected in two OPTIONAL response
elements named, respectively, "sorting_metadata" and elements named, respectively, "sorting_metadata" and
"paging_metadata". "paging_metadata".
The "sorting_metadata" element contains the following properties: The "sorting_metadata" element contains the following properties:
o "currentSort": "String" (OPTIONAL) either the value of sort o "currentSort": "String" (OPTIONAL) either the value of sort
"parameter" as specified in the query string or the sort applied "parameter" as specified in the query string or the sort applied
by default, if any; by default, if any;
o "availableSorts": "AvailableSort[]" (OPTIONAL) an array of objects o "availableSorts": "AvailableSort[]" (OPTIONAL) an array of
each one describing an alternate available sorting criterion. objects, with each element describing an available sort criterion.
Members are: Members are:
* "property": "String" (REQUIRED) the name that can be used by * "property": "String" (REQUIRED) the name that can be used by
the client to request the sorting criterion; the client to request the sort criterion;
* "default": "Boolean" (REQUIRED) whether the sorting criterion * "default": "Boolean" (REQUIRED) whether the sort criterion is
is applied by default; applied by default;
* "jsonPath": "String" (OPTIONAL) the JSONPath of the RDAP field * "jsonPath": "String" (OPTIONAL) the JSONPath of the RDAP field
corresponding to the property; corresponding to the property;
* "links": "Link[]" (OPTIONAL) an array of links as described in * "links": "Link[]" (OPTIONAL) an array of links as described in
RFC 8288 [RFC8288] containing the query string that applies the RFC 8288 [RFC8288] containing the query string that applies the
sorting criterion. sort criterion.
At least one between "currentSort" and "availableSorts" MUST be At least one of the "currentSort" and "availableSorts" properties
present. MUST be present.
The "paging_metadata" element contains the following fields: The "paging_metadata" element contains the following fields:
o "totalCount": "Numeric" (OPTIONAL) a numeric value representing o "totalCount": "Numeric" (OPTIONAL) a numeric value representing
the total number of objects found. It MUST be provided if the the total number of objects found. It MUST be provided if the
query string contains the "count" parameter; query string contains the "count" parameter;
o "pageSize": "Numeric" (OPTIONAL) a numeric value representing the o "pageSize": "Numeric" (OPTIONAL) a numeric value representing the
number of objects returned in the current page. It MUST be number of objects returned in the current page. It MUST be
provided when the total number of objects exceeds the page size. provided when the total number of objects exceeds the page size.
skipping to change at page 5, line 49 skipping to change at page 5, line 49
be helpful if the end user interacts with the server through a web be helpful if the end user interacts with the server through a web
browser; browser;
o "pageNumber": "Numeric" (OPTIONAL) a numeric value representing o "pageNumber": "Numeric" (OPTIONAL) a numeric value representing
the number of the current page in the result set. It MUST be the number of the current page in the result set. It MUST be
provided when the total number of objects found exceeds the page provided when the total number of objects found exceeds the page
size; size;
o "links": "Link[]" (OPTIONAL) an array of links as described in RFC o "links": "Link[]" (OPTIONAL) an array of links as described in RFC
8288 [RFC8288] containing the reference to the next page. In this 8288 [RFC8288] containing the reference to the next page. In this
specification, only the forward pagination is dealt because it is specification, only forward pagination is described because it is
considered satisfactory in order to traverse the result set. all that is necessary to traverse the result set.
Examples of additional references are to: the previous page, the
first page, the last page.
2.1.1. RDAP Conformance 2.1.1. RDAP Conformance
Servers returning the "paging_metadata" element in their response Servers returning the "paging_metadata" element in their response
MUST include "paging" in the rdapConformance array as well as servers MUST include the string literal "paging" in the rdapConformance
returning the "sorting_metadata" element MUST include "sorting". array. Servers returning the "sorting_metadata" element MUST include
the string literal "sorting".
2.2. "count" Parameter 2.2. "count" Parameter
Currently, the RDAP protocol does not allow a client to determine the Currently, the RDAP protocol does not allow a client to determine the
total number of the results in a query response when the result set total number of the results in a query response when the result set
is truncated. This is rather inefficient because the user cannot is truncated. This is inefficient because the user cannot determine
evaluate the query precision and, at the same time, cannot receive if the result set is complete.
information that could be relevant.
The "count" parameter provides additional functionality (Figure 1) The "count" parameter provides additional functionality (Figure 1)
that allows a client to request information from the server that that allows a client to request information from the server that
specifies the total number of objects matching the search pattern. specifies the total number of objects matching the search pattern.
https://example.com/rdap/domains?name=*nr.com&count=true https://example.com/rdap/domains?name=*nr.com&count=true
Figure 1: Example of RDAP query reporting the "count" parameter Figure 1: Example of RDAP query reporting the "count" parameter
The ABNF syntax is the following: The ABNF syntax is the following:
skipping to change at page 7, line 24 skipping to change at page 7, line 24
"domainSearchResults": [ "domainSearchResults": [
... ...
] ]
} }
Figure 2: Example of RDAP response with "paging_metadata" element Figure 2: Example of RDAP response with "paging_metadata" element
containing the "totalCount" field containing the "totalCount" field
2.3. "sort" Parameter 2.3. "sort" Parameter
The RDAP protocol does not provide any capability to specify results The RDAP protocol does not provide any capability to specify result
sort criteria. A server could implement a default sorting scheme set sort criteria. A server could implement a default sorting scheme
according to the object class, but this feature is not mandatory and according to the object class, but this feature is not mandatory and
might not meet user requirements. Sorting can be addressed by the might not meet user requirements. Sorting can be addressed by the
client, but this solution is rather inefficient. Sorting features client, but this solution is rather inefficient. Sorting features
provided by the RDAP server could help avoid truncation of relevant provided by the RDAP server could help avoid truncation of relevant
results. results.
The "sort" parameter allows the client to ask the server to sort the The "sort" parameter allows the client to ask the server to sort the
results according to the values of one or more properties and results according to the values of one or more properties and
according to the sort direction of each property. The ABNF syntax is according to the sort direction of each property. The ABNF syntax is
the following: the following:
sort = "sort=" sortItem *( "," sortItem ) sort = "sort=" sortItem *( "," sortItem )
sortItem = property-ref [":" ( "a" / "d" ) ] sortItem = property-ref [":" ( "a" / "d" ) ]
property-ref = ALPHA *( ALPHA / DIGIT / "_" ) property-ref = ALPHA *( ALPHA / DIGIT / "_" )
"a" means that the ascending sort MUST be applied, "d" means that the "a" means that an ascending sort MUST be applied, "d" means that a
descending sort MUST be applied. If the sort direction is absent, an descending sort MUST be applied. If the sort direction is absent, an
ascending sort MUST be applied (Figure 3). ascending sort MUST be applied (Figure 3).
https://example.com/rdap/domains?name=*nr.com&sort=name https://example.com/rdap/domains?name=*nr.com&sort=name
https://example.com/rdap/domains?name=*nr.com&sort=registrationDate:d https://example.com/rdap/domains?name=*nr.com&sort=registrationDate:d
https://example.com/rdap/domains?name=*nr.com&sort=lockedDate,name https://example.com/rdap/domains?name=*nr.com&sort=lockedDate,name
Figure 3: Examples of RDAP query reporting the "sort" parameter Figure 3: Examples of RDAP query reporting the "sort" parameter
With the only exception of the sort on IP addresses, servers MUST With the exception of sorting IP addresses, servers MUST implement
implement sorting according to the JSON value type of the RDAP field sorting according to the JSON value type of the RDAP field the
the sorting property refers to: JSON strings MUST be sorted sorting property refers to. That is, JSON strings MUST be sorted
lexicographically and JSON numbers MUST be sorted numerically. Even lexicographically and JSON numbers MUST be sorted numerically. If IP
if IP addresses are represented as JSON strings, they MUST be sorted addresses are represented as JSON strings, they MUST be sorted based
based on their numeric conversion. on their numeric conversion.
If the "sort" parameter reports an allowed sorting property, it MUST If the "sort" parameter reports an allowed sorting property, it MUST
be provided in the "currentSort" field of the "sorting_metadata" be provided in the "currentSort" field of the "sorting_metadata"
element. element.
2.3.1. Sorting Properties Declaration 2.3.1. Sorting Properties Declaration
In the "sort" parameter ABNF syntax, property-ref represents a In the "sort" parameter ABNF syntax, property-ref represents a
reference to a property of an RDAP object. Such a reference could be reference to a property of an RDAP object. Such a reference could be
expressed by using a JSONPath. The JSONPath in a JSON document expressed by using a JSONPath. The JSONPath in a JSON document
[RFC8259] is equivalent to the XPath [W3C.CR-xpath-31-20161213] in a [RFC8259] is equivalent to the XPath [W3C.CR-xpath-31-20161213] in a
XML document. For example, the JSONPath to select the value of the XML document. For example, the JSONPath to select the value of the
ASCII name inside an RDAP domain object is "$.ldhName", whereby $ ASCII name inside an RDAP domain object is "$.ldhName", where $
identifies the root of the document (DOM). Another way to select a identifies the root of the document (DOM). Another way to select a
value inside a JSON document is the JSON Pointer [RFC6901]. While value inside a JSON document is the JSON Pointer [RFC6901]. While
JSONPath or JSON Pointer are both standard ways to select any value JSONPath or JSON Pointer are both standard ways to select any value
inside JSON data, neither is particularly easy to use (e.g. inside JSON data, neither is particularly easy to use (e.g.
"$.events[?(@.eventAction='registration')].eventDate" is the JSONPath "$.events[?(@.eventAction='registration')].eventDate" is the JSONPath
expression of the registration date in an RDAP domain object). expression of the registration date in an RDAP domain object).
Therefore, this specification provides a definition of property-ref Therefore, this specification provides a definition of property-ref
in terms of RDAP properties. However, not all the RDAP properties in terms of RDAP properties. However, not all the RDAP properties
are suitable to be used in sort criteria, such as: are suitable to be used in sort criteria, such as:
o properties providing service information (e.g. links, notices, o properties providing service information (e.g. links, notices,
remarks, etc.); remarks, etc.);
o multivalued properties (e.g. status, roles, variants, etc.); o multivalued properties (e.g. status, roles, variants, etc.);
o properties modeling relationships to other objects (e.g. o properties modeling relationships to other objects (e.g.
entities). entities).
On the contrary, some properties expressed as values of other On the contrary, properties expressed as values of other properties
properties (e.g. registration date) could be used in such a context. (e.g. registration date) could be used in such a context. The list
of properties an RDAP server MAY implement are divided into two
In the following, a list of properties an RDAP server MAY implement groups: object common properties and object specific properties.
is presented. The properties are divided into two groups: object
common properties and object specific properties.
o Object common properties. Object common properties are derived o Object common properties. Object common properties are derived
from the merge of the "eventAction" and the "eventDate" from the merge of the "eventAction" and the "eventDate"
properties. The following values of the "sort" parameter are properties. The following values of the "sort" parameter are
defined: defined:
* registrationDate * registrationDate
* reregistrationDate * reregistrationDate
* lastChangedDate * lastChangedDate
* expirationDate * expirationDate
* deletionDate * deletionDate
* reinstantiationDate * reinstantiationDate
* transferDate * transferDate
* lockedDate * lockedDate
* unlockedDate * unlockedDate
o Object specific properties. With regard to the specific o Note that some of the object specific properties are also defined
properties, some of them are already defined among the query as query paths. The object specific properties include:
paths. In the following a list of possible sorting properties,
grouped by objects, is shown:
* Domain: name * Domain: name
* Nameserver: name, ipV4, ipV6. * Nameserver: name, ipV4, ipV6.
* Entity: fn, handle, org, email, voice, country, cc, city. * Entity: fn, handle, org, email, voice, country, cc, city.
The correspondence between the sorting properties and the RDAP fields The correspondence between these sorting properties and the RDAP
is shown in Table 1: object classes is shown in Table 1:
+-----------+-----------+---------------------+------+-------+------+ +-----------+-----------+---------------------+------+-------+------+
| Object | Sorting | RDAP property | RFC | RFC | RFC | | Object | Sorting | RDAP property | RFC | RFC | RFC |
| class | property | | 7483 | 6350 | 8605 | | class | property | | 7483 | 6350 | 8605 |
+-----------+-----------+---------------------+------+-------+------+ +-----------+-----------+---------------------+------+-------+------+
| Searchabl | Common pr | eventAction values | 4.5. | | | | Searchabl | Common pr | eventAction values | 4.5. | | |
| e objects | operties | suffixed by "Date" | | | | | e objects | operties | suffixed by "Date" | | | |
| | | | | | | | | | | | | |
| Domain | name | unicodeName/ldhName | 5.3. | | | | Domain | name | unicodeName/ldhName | 5.3. | | |
| | | | | | | | | | | | | |
skipping to change at page 10, line 36 skipping to change at page 10, line 36
| | | vcard adr | | | | | | | vcard adr | | | |
| | cc | country code in | 5.1. | | 3.1 | | | cc | country code in | 5.1. | | 3.1 |
| | | vcard adr | | | | | | | vcard adr | | | |
| | city | locality in vcard | 5.1. | 6.3.1 | | | | city | locality in vcard | 5.1. | 6.3.1 | |
| | | adr | | | | | | | adr | | | |
+-----------+-----------+---------------------+------+-------+------+ +-----------+-----------+---------------------+------+-------+------+
Table 1: Sorting properties definition Table 1: Sorting properties definition
With regard to the definitions in Table 1, some further With regard to the definitions in Table 1, some further
considerations must be made to disambiguate some cases: considerations are needed to disambiguate some cases:
o since the response to a search on either domains or nameservers o Since the response to a search on either domains or nameservers
might include both A-labels and U-labels ([RFC5890]) in general, a might include both A-labels and U-labels ([RFC5890]) in general, a
consistent sorting policy shall take unicodeName and ldhName as consistent sorting policy MUST treat the unicodeName and ldhName
two formats of the same value rather than separately. Therefore, as two representations of the same value. By default, the
the unicodeName value MUST be taken while sorting, when unicodeName value MUST be used while sorting. When unicodeName is
unicodeName is missing, the value of ldhName MUST be considered unavailable, the value of ldhName MUST be used instead;
instead;
o the jCard "sort-as" parameter MUST be ignored for the purpose of o The jCard "sort-as" parameter MUST be ignored for the purpose of
the sorting capability as described in this document; the sorting capability described in this document;
o even if a nameserver can have multiple IPv4 and IPv6 addresses, o Even if a nameserver can have multiple IPv4 and IPv6 addresses,
the most common configuration includes one address for each IP the most common configuration includes one address for each IP
version. Therefore, the assumption of having a single IPv4 and/or version. Therefore, the assumption of having a single IPv4 and/or
IPv6 value for a nameserver cannot be considered too stringent. IPv6 value for a nameserver cannot be considered too stringent.
When more than one address per IP version is reported, sorting When more than one address per IP version is reported, sorting
MUST be applied to the first value; MUST be applied to the first value;
o multiple events with a given action on an object might be o Multiple events with a given action on an object might be
returned. When it occurs, sorting MUST be applied to the most returned. If this occurs, sorting MUST be applied to the most
recent event; recent event;
o with the exception of handle values, all the sorting properties o With the exception of handle values, all the sorting properties
defined for entity objects can be multivalued according to the defined for entity objects can be multivalued according to the
definition of vCard as given in RFC 6350 [RFC6350]. When more definition of vCard as given in RFC 6350 [RFC6350]. When more
than one value is reported, sorting MUST be applied to the than one value is reported, sorting MUST be applied to the
preferred value identified by the parameter pref="1". If the pref preferred value identified by the parameter pref="1". If the pref
parameter is missing, sorting MUST be applied to the first value. parameter is missing, sorting MUST be applied to the first value.
Each RDAP provider MAY define other sorting properties than those
shown in this document as well as it MAY map those sorting properties
onto different locations.
The "jsonPath" field in the "sorting_metadata" element is used to The "jsonPath" field in the "sorting_metadata" element is used to
clarify the RDAP field the sorting property refers to. The mapping clarify the RDAP field the sorting property refers to. The mapping
between the sorting properties and the JSONPaths of the RDAP fields between the sorting properties and the JSONPaths of the RDAP fields
is shown in Table 2. The JSONPaths are provided according to the is shown in Table 2. The JSONPaths are provided according to the
Goessner v.0.8.0 specification ([GOESSNER-JSON-PATH]). Further Goessner v.0.8.0 specification ([GOESSNER-JSON-PATH]). Further
documentation about JSONPath operators used in Table 2 is included in documentation about JSONPath operators used in Table 2 is included in
Appendix A. Appendix A.
+-------+-------------+---------------------------------------------+ +-------+-------------+---------------------------------------------+
| Objec | Sorting | JSONPath | | Objec | Sorting | JSONPath |
skipping to change at page 12, line 38 skipping to change at page 12, line 34
| | country | $.entitySearchResults[*].vcardArray[1][?(@[ | | | country | $.entitySearchResults[*].vcardArray[1][?(@[ |
| | | 0]=="adr")][3][6] | | | | 0]=="adr")][3][6] |
| | cc | $.entitySearchResults[*].vcardArray[1][?(@[ | | | cc | $.entitySearchResults[*].vcardArray[1][?(@[ |
| | | 0]=="adr")][1].cc | | | | 0]=="adr")][1].cc |
| | city | $.entitySearchResults[*].vcardArray[1][?(@[ | | | city | $.entitySearchResults[*].vcardArray[1][?(@[ |
| | | 0]=="adr")][3][3] | | | | 0]=="adr")][3][3] |
+-------+-------------+---------------------------------------------+ +-------+-------------+---------------------------------------------+
Table 2: Sorting properties - JSONPath Mapping Table 2: Sorting properties - JSONPath Mapping
Note about the JSONPaths of Table 2 that: Table 2 JSONPath notes:
o those related to the event dates are defined only for the "domain" o Those related to the event dates are defined only for the "domain"
object. To obtain the equivalent JSONPaths for "entity" and object. To obtain the equivalent JSONPaths for "entity" and
"nameserver", the path segment "domainSearchResults" must be "nameserver", the path segment "domainSearchResults" must be
replaced with "entitySearchResults" and "nameserverSearchResults" replaced with "entitySearchResults" and "nameserverSearchResults"
respectively; respectively;
o those related to vCard elements are specified without taking into o Those related to vCard elements are specified without taking into
account the "pref" parameter. Servers always applying sorting to account the "pref" parameter. Servers that sort those values
those values identified by the pref parameter SHOULD update a identified by the pref parameter SHOULD update a JSONPath by
JSONPath by adding an appropriate filter. For example, if the adding an appropriate filter. For example, if the email values
email values identified by pref="1" are considered for sorting, identified by pref="1" are considered for sorting, the JSONPath of
the JSONPath of the "email" sorting property should be: the "email" sorting property should be:
$.entitySearchResults[*].vcardArray[1][?(@[0]=="email" && $.entitySearchResults[*].vcardArray[1][?(@[0]=="email" &&
@[1].pref=="1")][3] @[1].pref=="1")][3]
2.3.2. Representing Sorting Links 2.3.2. Representing Sorting Links
An RDAP server MAY use the "links" array of the "sorting_metadata" An RDAP server MAY use the "links" array of the "sorting_metadata"
element to provide ready-made references [RFC8288] to the available element to provide ready-made references [RFC8288] to the available
sort criteria (Figure 4). Each link represents a reference to an sort criteria (Figure 4). Each link represents a reference to an
alternate view of the results. alternate view of the results.
skipping to change at page 15, line 11 skipping to change at page 15, line 11
Figure 4: Example of a "sorting_metadata" instance to implement Figure 4: Example of a "sorting_metadata" instance to implement
result sorting result sorting
2.4. "cursor" Parameter 2.4. "cursor" Parameter
The cursor parameter defined in this specification can be used to The cursor parameter defined in this specification can be used to
encode information about any pagination method. For example, in the encode information about any pagination method. For example, in the
case of a simple implementation of the cursor parameter to represent case of a simple implementation of the cursor parameter to represent
offset pagination information, the cursor value offset pagination information, the cursor value
"b2Zmc2V0PTEwMCxsaW1pdD01MAo=" is the mere Base64 encoding of "b2Zmc2V0PTEwMCxsaW1pdD01MAo=" is the Base64 encoding of
"offset=100,limit=50". Likewise, in a simple implementation to "offset=100,limit=50". Likewise, in a simple implementation to
represent keyset pagination information, the cursor value represent keyset pagination information, the cursor value
"a2V5PXRoZWxhc3Rkb21haW5vZnRoZXBhZ2UuY29t=" represents the mere "a2V5PXRoZWxhc3Rkb21haW5vZnRoZXBhZ2UuY29t=" represents the Base64
Base64 encoding of "key=thelastdomainofthepage.com" whereby the key encoding of "key=thelastdomainofthepage.com" whereby the key value
value identifies the last row of the current page. identifies the last row of the current page.
This solution lets RDAP providers to implement a pagination method This solution lets RDAP providers implement a pagination method
according to their needs, the user access levels, the submitted according to their needs, a user's access level, and the submitted
queries. In addition, servers can change the method over time query. In addition, servers can change the method over time without
without announcing anything to the clients. The considerations that announcing anything to clients. The considerations that has led to
has led to this solution are reported in more detail in Appendix B. this solution are reported in more detail in Appendix B.
The ABNF syntax of the cursor paramter is the following: The ABNF syntax of the cursor paramter is the following:
cursor = "cursor=" 1*( ALPHA / DIGIT / "/" / "=" / "-" / "_" ) cursor = "cursor=" 1*( ALPHA / DIGIT / "/" / "=" / "-" / "_" )
https://example.com/rdap/domains?name=*nr.com https://example.com/rdap/domains?name=*nr.com
&cursor=wJlCDLIl6KTWypN7T6vc6nWEmEYe99Hjf1XY1xmqV-M= &cursor=wJlCDLIl6KTWypN7T6vc6nWEmEYe99Hjf1XY1xmqV-M=
Figure 5: An example of RDAP query reporting the "cursor" parameter Figure 5: An example of RDAP query reporting the "cursor" parameter
2.4.1. Representing Paging Links 2.4.1. Representing Paging Links
An RDAP server SHOULD use the "links" array of the "paging_metadata" An RDAP server SHOULD use the "links" array of the "paging_metadata"
element to provide a ready-made reference [RFC8288] to the next page element to provide a ready-made reference [RFC8288] to the next page
of the result set (Figure 6). Examples of additional "rel" values a of the result set (Figure 6). Examples of additional "rel" values a
server MAY implements are "first", "last", "prev". server MAY implement are "first", "last", and "prev".
{ {
"rdapConformance": [ "rdapConformance": [
"rdap_level_0", "rdap_level_0",
"paging" "paging"
], ],
... ...
"notices": [ "notices": [
{ {
"title": "Search query limits", "title": "Search query limits",
skipping to change at page 16, line 46 skipping to change at page 16, line 46
... ...
] ]
} }
Figure 6: Example of a "paging_metadata" instance to implement cursor Figure 6: Example of a "paging_metadata" instance to implement cursor
pagination pagination
3. Negative Answers 3. Negative Answers
The value constraints for the parameters are defined by their ABNF The value constraints for the parameters are defined by their ABNF
syntax. Therefore, each request including an invalid value for a syntax. Therefore, each request that includes an invalid value for a
parameter SHOULD obtain an HTTP 400 (Bad Request) response code. The parameter SHOULD produce an HTTP 400 (Bad Request) response code.
same response SHOULD be returned in the following cases: The same response SHOULD be returned in the following cases:
o if in both single and multi sort the client provides an o If in both single and multi sort the client provides an
unsupported value for the "sort" parameter as well as a value unsupported value for the "sort" parameter, as well as a value
related to an object property not included in the response; related to an object property not included in the response;
o if the client submits an invalid value for the "cursor" parameter. o If the client submits an invalid value for the "cursor" parameter.
Optionally, the response MAY include additional information regarding Optionally, the response MAY include additional information regarding
the negative answer in the HTTP entity body. the negative answer in the HTTP entity body.
4. Implementation Considerations 4. Implementation Considerations
The implementation of the new parameters is technically feasible, as Implementation of the new parameters is technically feasible, as
operators for counting, sorting and paging are currently supported by operators for counting, sorting and paging are currently supported by
the major RDBMSs. the major RDBMSs. Similar operators are completely or partially
supported by the most known NoSQL databases (MongoDB, CouchDB, HBase,
Similar operators are completely or partially supported by the most Cassandra, Hadoop).
known NoSQL databases (MongoDB, CouchDB, HBase, Cassandra, Hadoop) so
the implementation of the new parameters seems to be practicable by
servers working without the use of an RDBMS.
5. Implementation Status 5. Implementation Status
NOTE: Please remove this section and the reference to RFC 7942 prior NOTE: Please remove this section and the reference to RFC 7942 prior
to publication as an RFC. to publication as an RFC.
This section records the status of known implementations of the This section records the status of known implementations of the
protocol defined by this specification at the time of posting of this protocol defined by this specification at the time of posting of this
Internet-Draft, and is based on a proposal described in RFC 7942 Internet-Draft, and is based on a proposal described in RFC 7942
[RFC7942]. The description of implementations in this section is [RFC7942]. The description of implementations in this section is
skipping to change at page 18, line 46 skipping to change at page 18, line 43
Published specification: This document. Published specification: This document.
Contact: IESG <iesg@ietf.org> Contact: IESG <iesg@ietf.org>
Intended usage: This extension describes a best practice for Intended usage: This extension describes a best practice for
result set sorting. result set sorting.
7. Security Considerations 7. Security Considerations
Security services for the operations specified in this document are Security services for the operations specified in this document are
described in RFC 7481 [RFC7481]. described in RFC 7481 [RFC7481].
The search query typically requires more server resources (such as A search query typically requires more server resources (such as
memory, CPU cycles, and network bandwidth) when compared to the memory, CPU cycles, and network bandwidth) when compared to a lookup
lookup query. This increases the risk of server resource exhaustion query. This increases the risk of server resource exhaustion and
and subsequent denial of service due to abuse. This risk can be subsequent denial of service due to abuse. This risk can be
mitigated by either restricting search functionality or limiting the mitigated by either restricting search functionality or limiting the
rate of search requests. Servers can also reduce their load by rate of search requests. Servers can also reduce their load by
truncating the results in the response. However, this last security truncating the results in a response. However, this last security
policy can result in a higher inefficiency if the RDAP server does policy can result in a higher inefficiency if the RDAP server does
not provide any functionality to return the truncated results. not provide any functionality to return the truncated results.
The new parameters presented in this document provide the RDAP The new parameters presented in this document provide RDAP operators
operators with a way to implement a secure server without penalizing with a way to implement a server that reduces inefficiency risks.
its efficiency. The "count" parameter gives the user a measure to The "count" parameter gives the client te ability to evaluate the
evaluate the query precision and, at the same time, returns a completeness of a response. The "sort" parameter allows the client
significant information. The "sort" parameter allows the user to to obtain the most relevant information at the beginning of the
obtain the most relevant information at the beginning of the result result set. This can reduce the amount of unnecessary search
set. In both cases, the user doesn't need to submit further requests. Finally, the "cursor" parameter enables the user to scroll
unnecessary search requests. Finally, the "cursor" parameter enables the result set by submitting a sequence of sustainable queries within
the user to scroll the result set by submitting a sequence of server-acceptable limits.
sustainable queries according to the server limits.
8. Acknowledgements 8. Acknowledgements
The authors would like to acknowledge Brian Mountford, Tom Harrison, The authors would like to acknowledge Brian Mountford, Tom Harrison,
Karl Heinz Wolf and Jasdip Singh for their contribution to the Karl Heinz Wolf and Jasdip Singh for their contribution to the
development of this document. development of this document.
9. References 9. References
9.1. Normative References 9.1. Normative References
skipping to change at page 20, line 30 skipping to change at page 20, line 25
[RFC7483] Newton, A. and S. Hollenbeck, "JSON Responses for the [RFC7483] Newton, A. and S. Hollenbeck, "JSON Responses for the
Registration Data Access Protocol (RDAP)", RFC 7483, Registration Data Access Protocol (RDAP)", RFC 7483,
DOI 10.17487/RFC7483, March 2015, DOI 10.17487/RFC7483, March 2015,
<https://www.rfc-editor.org/info/rfc7483>. <https://www.rfc-editor.org/info/rfc7483>.
[RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running [RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running
Code: The Implementation Status Section", BCP 205, Code: The Implementation Status Section", BCP 205,
RFC 7942, DOI 10.17487/RFC7942, July 2016, RFC 7942, DOI 10.17487/RFC7942, July 2016,
<https://www.rfc-editor.org/info/rfc7942>. <https://www.rfc-editor.org/info/rfc7942>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8259] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data [RFC8259] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data
Interchange Format", STD 90, RFC 8259, Interchange Format", STD 90, RFC 8259,
DOI 10.17487/RFC8259, December 2017, DOI 10.17487/RFC8259, December 2017,
<https://www.rfc-editor.org/info/rfc8259>. <https://www.rfc-editor.org/info/rfc8259>.
[RFC8288] Nottingham, M., "Web Linking", RFC 8288, [RFC8288] Nottingham, M., "Web Linking", RFC 8288,
DOI 10.17487/RFC8288, October 2017, DOI 10.17487/RFC8288, October 2017,
<https://www.rfc-editor.org/info/rfc8288>. <https://www.rfc-editor.org/info/rfc8288>.
[RFC8605] Hollenbeck, S. and R. Carney, "vCard Format Extensions: [RFC8605] Hollenbeck, S. and R. Carney, "vCard Format Extensions:
skipping to change at page 22, line 16 skipping to change at page 22, line 16
A JSONPath expression represents a path to find an element (or a set A JSONPath expression represents a path to find an element (or a set
of elements) in a JSON content. of elements) in a JSON content.
The base JSONPath specification requires that implementations support The base JSONPath specification requires that implementations support
a set of "basic operators". These operators are used to access the a set of "basic operators". These operators are used to access the
elements of a JSON structure like objects and arrays, and their elements of a JSON structure like objects and arrays, and their
subelements, respectively, object members and array items. No subelements, respectively, object members and array items. No
operations are defined for retrieving parent or sibling elements of a operations are defined for retrieving parent or sibling elements of a
given element. The root element is always referred to as $ given element. The root element is always referred to as $
regardless if it is an object or array. regardless of it being an object or array.
Additionally, the specification permits implementations to support Additionally, the specification permits implementations to support
arbitrary script expressions: these can be used to index into an arbitrary script expressions. These can be used to index into an
object or an array, or to filter elements from an array. While object or an array, or to filter elements from an array. While
script expression behaviour is implementation-defined, most script expression behaviour is implementation-defined, most
implementations support the basic relational and logical operators, implementations support the basic relational and logical operators,
as well as both object member and array item access, sufficiently as well as both object member and array item access, sufficiently
similarly for the purposes of this document. Commonly-supported similarly for the purposes of this document. Commonly-supported
operators/functions divided into "top-level operators" and "filter operators/functions divided into "top-level operators" and "filter
operators" are documented in Table 3 and Table 4 respectively. operators" are documented in Table 3 and Table 4 respectively.
+-------------------+-----------------------------------------+ +-------------------+-----------------------------------------+
| Operator | Descritpion | | Operator | Descritpion |
skipping to change at page 23, line 30 skipping to change at page 23, line 30
Table 4: JSONPath Filter Operators Table 4: JSONPath Filter Operators
Appendix B. Approaches to Result Pagination Appendix B. Approaches to Result Pagination
An RDAP query could return a response with hundreds, even thousands, An RDAP query could return a response with hundreds, even thousands,
of objects, especially when partial matching is used. For that of objects, especially when partial matching is used. For that
reason, the cursor parameter addressing result pagination is defined reason, the cursor parameter addressing result pagination is defined
to make responses easier to handle. to make responses easier to handle.
Presently, the most popular methods to implement pagination in REST Presently, the most popular methods to implement pagination in a REST
API are: offset pagination and keyset pagination. Both two API include offset pagination and keyset pagination. Neither
pagination methods don't require the server to handle the result set pagination method requires the server to handle the result set in a
in a storage area across the requests since a new result set is storage area across multiple requests since a new result set is
generated each time a request is submitted. Therefore, they are generated each time a request is submitted. Therefore, they are
preferred in comparison to any other method requiring the management preferred in comparison to any other method requiring the management
of a REST session. of a REST session.
Using limit and offset operators represents the traditionally used Using limit and offset operators represents the traditionally used
method to implement results pagination. Both of them can be used method to implement results pagination. Both of them can be used
individually: individually:
o "limit": means that the server must return the first N objects of o "limit": means that the server MUST return the first N objects of
the result set; the result set;
o "offset": means that the server must skip the first N objects and o "offset": means that the server MUST skip the first N objects and
must return objects starting from position N+1. MUST return objects starting from position N+1.
When limit and offset are used together, they allow to identify a When limit and offset are used together, they provide the ability to
specific portion of the result set. For example, the pair identify a specific portion of the result set. For example, the pair
"offset=100,limit=50" returns first 50 objects starting from position "offset=100,limit=50" returns the first 50 objects starting from
101 of the result set. position 101 of the result set.
Despite its easiness of implementation, offset pagination raises some Though easy to implement, offset pagination also includes drawbacks:
well known drawbacks:
o when offset has a very high value, scrolling the result set could o When offset has a very high value, scrolling the result set could
take some time; take some time;
o it always requires to fetch all the rows before dropping as many o It always requires fetching all rows before dropping as many rows
rows as specified by offset; as specified by offset;
o it may return inconsistent pages when data are frequently updated o It may return inconsistent pages when data are frequently updated
(i.e. real-time data) but this doesn't seem the case of (i.e. real-time data).
registration data.
The keyset pagination [SEEK] consists in adding a query condition Keyset pagination [SEEK] adds a query condition that enables the
that enables the selection of the only data not yet returned. This selection of the only data not yet returned. This method has been
method has been taken as the basis for the implementation of a taken as the basis for the implementation of a "cursor" parameter
"cursor" parameter [CURSOR] by some REST API providers (e.g. [CURSOR] by some REST API providers (e.g.
[CURSOR-API1],[CURSOR-API2]). The cursor is an opaque URL-safe [CURSOR-API1],[CURSOR-API2]). The cursor is an opaque URL-safe
string representing a logical pointer to the first result of the next string representing a logical pointer to the first result of the next
page (Figure 5). page (Figure 5).
Nevertheless, even keyset pagination can be troublesome: Nevertheless, even keyset pagination can be troublesome:
o it needs at least one key field; o It needs at least one key field;
o it does not allow to sort just by any field because the sorting o It does not allow to sort just by any field because the sorting
criterion must contain a key; criterion must contain a key;
o it works best with full composite values support by DBMS (i.e. o It works best with full composite values support by DBMS (i.e.
[x,y]>[a,b]), emulation is possible but ugly and less performant; [x,y]>[a,b]), emulation is possible but ugly and less performant;
o it does not allow to directly navigate to arbitrary pages because o It does not allow direct navigation to arbitrary pages because the
the result set must be scrolled in sequential order starting from result set must be scrolled in sequential order starting from the
the initial page; initial page;
o implementing the bi-directional navigation is tedious because all o Implementing bi-directional navigation is tedious because all
comparison and sort operations have to be reversed. comparison and sort operations have to be reversed.
B.1. Specific Issues Raised by RDAP B.1. Specific Issues Raised by RDAP
Furthermore, in the RDAP context, some additional considerations can Furthermore, in the RDAP context, some additional considerations can
be made: be made:
o an RDAP object is a conceptual aggregation of information o An RDAP object is a conceptual aggregation of information
generally collected from more than one data structure (e.g. table) generally collected from more than one data structure (e.g. table)
and this makes even harder for the developers the implementation and this makes it even harder to implement keyset pagination, a
of the keyset pagination that is already quite difficult. For task that is already quite difficult. For example, the entity
example, the entity object can gather information from different object can include information from different data structures
data structures (registrars, registrants, contacts, resellers, and (registrars, registrants, contacts, resellers, and so on), each
so on), each one with its own key field mapping the RDAP entity one with its own key field mapping the RDAP entity handle;
handle;
o depending on the number of the page results as well as the number o Depending on the number of page results as well as the number and
and the complexity of the properties of each RDAP object in the the complexity of the properties of each RDAP object in the
response, the time required by offset pagination to skip the response, the time required by offset pagination to skip the
previous pages could be much faster than the processing time previous pages could be much faster than the processing time
needed to build the current page. In fact, RDAP objects are needed to build the current page. In fact, RDAP objects are
usually formed by information belonging to multiple data usually formed by information belonging to multiple data
structures and containing multivalued properties (i.e. arrays) structures and containing multivalued properties (i.e. arrays)
and, therefore, data selection might be a time consuming process. and, therefore, data selection might be a time consuming process.
This situation occurs even though the selection is supported by This situation occurs even though the selection is supported by
indexes; indexes;
o depending on the access levels defined by each RDAP operator, the o Depending on the access levels defined by each RDAP operator, the
increase of complexity and the decrease of flexibility of keyset increase of complexity and the decrease of flexibility of keyset
pagination with respect to the offset pagination could be pagination with respect to offset pagination could be considered
considered impractical. impractical.
Ultimately, both pagination methods have benefits and drawbacks. Ultimately, both pagination methods have benefits and drawbacks.
Appendix C. Change Log Appendix C. Change Log
00: Initial working group version ported from draft-loffredo-regext- 00: Initial working group version ported from draft-loffredo-regext-
rdap-sorting-and-paging-05 rdap-sorting-and-paging-05
01: Removed both "offset" and "nextOffset" to keep "paging_metadata" 01: Removed both "offset" and "nextOffset" to keep "paging_metadata"
consistent between the pagination methods. Renamed consistent between the pagination methods. Renamed
"Considerations about Paging Implementation" section in ""cursor" "Considerations about Paging Implementation" section in ""cursor"
skipping to change at page 26, line 27 skipping to change at page 26, line 23
* corrected the JSONPath of the "lastChanged" sorting property; * corrected the JSONPath of the "lastChanged" sorting property;
* provided a JSONPath example taking into account the vCard * provided a JSONPath example taking into account the vCard
"pref" parameter. "pref" parameter.
10: Corrected the JSONPaths of both "fn" and "org" sorting 10: Corrected the JSONPaths of both "fn" and "org" sorting
properties in Table 2. Corrected JSON content in Figure 4. Moved properties in Table 2. Corrected JSON content in Figure 4. Moved
[W3C.CR-xpath-31-20161213] and [RFC7942] to the "Normative [W3C.CR-xpath-31-20161213] and [RFC7942] to the "Normative
References". Changed the rdapConformance tags "sorting_level_0" References". Changed the rdapConformance tags "sorting_level_0"
and "paging_level_0" to "sorting" and "paging" respectively. and "paging_level_0" to "sorting" and "paging" respectively.
11: Added the "JSONPath operators" section to appendix. 11: Added the "JSONPath operators" section to appendix.
12: Changed the content of "JSONPath operators" section. 12: Changed the content of "JSONPath operators" section.
13: Minor pre-AD review edits.
Authors' Addresses Authors' Addresses
Mario Loffredo Mario Loffredo
IIT-CNR/Registro.it IIT-CNR/Registro.it
Via Moruzzi,1 Via Moruzzi,1
Pisa 56124 Pisa 56124
IT IT
Email: mario.loffredo@iit.cnr.it Email: mario.loffredo@iit.cnr.it
 End of changes. 72 change blocks. 
169 lines changed or deleted 156 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/