Skip the navigation
)

QuickStudy: Services Provisioning Markup Language (SPML)

By Tommy Peterson
October 20, 2003 12:00 PM ET

Computerworld - As any general knows, an effective system for distributing and managing appropriate provisions for the troops is essential to success on the battlefield. The same is true of companies trying to win wars in the marketplace. But instead of bombs, bullets and MRE rations, a corporation must provision access to items like cell phones and credit cards and, perhaps more important, to digital assets, such as networks and applications.

The provisioning process has always been a security and administrative nightmare for IT and human resources departments. In the past, it generated tons of paper, ate up administrators' time and caused plenty of errors that resulted in decreased productivity, security vulnerabilities and lost physical assets.

A Piece of the Puzzle

The advent of provisioning software within identity management systems has improved the situation. With automation, companies have a better chance of keeping up with the growing number and variety of systems, applications and devices within their organizations. Automation can also help contain the costs of managing user IDs and permissions.

But self-enclosed, proprietary provisioning systems can solve only a piece of the problem. As companies increasingly consolidate their systems and open them up to customers and partners over the Internet, the need for a standard that will allow centralized provisioning within and across organizations is clear to users and vendors.

This summer, a technical working group of the Organization for the Advancement of Structured Information Standards (OASIS) publically unveiled the Services Provisioning Markup Language to meet that need. SPML 1.0 is built on OASIS's Directory Services Markup Language V.2, which is an XML representation of the Lightweight Directory Access Protocol. If it's ratified as expected next month, SPML will join a family of standards designed to ease the implementation of Web services, including XACML, SAML, UDDI, WSDL and SOAP.

The goal of ratifying the specification is to establish interoperability among provisioning systems that will allow organizations to securely create end-user accounts for Web services and applications from a single point in an organization.

In July, at Burton Group's Catalyst Conference in San Francisco, 10 vendors that had been working to create SPML under the aegis of OASIS demonstrated that they could use one SPML request message to simultaneously create user accounts in all of their provisioning systems.

In San Francisco, all the vendors were set up in one hotel meeting room, but the idea is that SPML-enabled provisioning systems will work across geographic and corporate boundaries.

In a typical scenario, when a company hires a new employee, the HR system generates an SPML request to the company's provisioning system that creates all the access accounts the employee needs within the company. The provisioning system then automatically generates another SPML request to the provisioning systems of customer companies that give the employee access to the applications and data he needs to do his job.

Deprovisioning can be accomplished by HR by generating an SPML message request closing the employee's access accounts upon his leaving the company. The automated chain of SPML messages will then wipe out the employee's access to customer systems as well, eliminating the scourge of orphaned accounts. Used with SAML, the XML-based protocol for exchanging user authentication and authorization information, SPML may eventually be at the heart of a true single-sign-on system.

Although OASIS is just finalizing its approval of SPML, the standard has already drawn fire from critics who say that it doesn't do enough. For example, it doesn't enable functions such as moving or suspending accounts.

Chief among the naysayers have been IBM and Microsoft Corp., which have contended that SPML isn't powerful or flexible enough to work in conjunction with the group of standards the big vendors are developing, called WS-*, which includes WS-Security and WS-Federation.

SPML 1.0 is likely to emerge as a provisional standard as OASIS, IBM and Microsoft work toward compromise.

SPML Scenario

The HR department of a supplier company adds a new employee to its personnel system, which generates an SPML document. The document is passed to the supplier's provisioning system, triggering the creation of appropriate internal accounts for the employee. The internal provisioning system forwards an SPML request to the company's customer provisioning system to create appropriate accounts there.

SPML Scenario


See additional Computerworld QuickStudies

Read more about Enterprise Architecture and SOA in Computerworld's Enterprise Architecture and SOA Topic Center.



What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
Additional Resources
Security KnowledgeVault
WHITE PAPER
Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

Cut Communications Costs Once and for All
WHITE PAPER
New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

Enterprise Architecture and SOA White Papers
Activities Streams Base An Integrated Social Layer
The enterprise social software market is exploding thanks to converging trends of consumerization, cloud, and mobile. In this must-read report, "The Forrester Wave:...
Beyond EDI: Reducing Your Automation Deficit with Business Intergration
In this white paper, we compare EDI integration with other business integration models, and identify four keys to achieving broader business automation, "Beyond...
Five Steps to Successful IT Consolidation
Mapping out a 5 step consolidation process can ensure that the goals of IT consolidation are achieved. Read this white paper to learn...
Shape Your Apps Strategy to Reflect New SaaS Licensing and Pricing Trends by Forrester Research
Forrester¿s review of 11 vendors in SaaS enterprise resource planning (ERP), customer relationship management (CRM), and supply chain management (SCM) confirms that, motivated...
IDC MarketScape: Worldwide Business Process Platforms 2011 Vendor Analysis
This IDC study uses the IDC MarketScape model to assess the capabilities of vendors to support midrange to complex process improvement scenarios using...
All Enterprise Architecture and SOA White Papers
Enterprise Architecture and SOA Webcasts
Configure, Don't Customize Your Service Desk
Join Pink Elephant Analyst George Spalding and Nimsoft Service Desk expert Tim Rochte to learn the perils of customizing your service desk and...
Whiteboard Presentation: Transform the Internet for Enterprise Applications - No Hardware, No Software, No Code Changes
Watch this whiteboard presentation to learn how to transform the Internet for enterprise applications with no hardware, no software and no code changes.
Distributed Database Security with Real-time Monitoring
View this demo and learn how IBM InfoSphere Guardium database activity monitoring can help protect your sensitive data in distributed DBMS environments with...
InfoSphere Warehouse Packs Demo
These flash modules make warehousing more tangible and relevant to business users through detailed explanations of the InfoSphere Warehouse Packs.
Delivery Management -- Extending Lifecycle Management
Date: Wednesday, June 20, 2012, 1:00 PM EDT

Siloed organizations continue doing the wrong things and doing things wrong, leading to increased costs,...
All Enterprise Architecture and SOA Webcasts
Newsletter Sign-Up

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  1. View all newsletters | Privacy Policy
IT Jobs