A posting from Darran Rolls (OASIS PSTC Chair) announces the adoption of three documents as a Committee Specification set for the Service Provisioning Markup Language (SPML). "Provisioning" in the context of this TC activity is "the automation of all the steps required to manage (setup, amend, and revoke) user or system access entitlements or data relative to electronically published services." The OASIS Provisioning Services Technical Committee (PSTC) was chartered to "define an XML-based framework for exchanging user, resource, and service provisioning information. The resulting Committee Specification defines the concepts, operations deployment and XML schema for an XML based request and response protocol for provisioning." The specification set includes Service Provisioning Markup Language (SPML) Version 1.0 (Core), Bindings for the Service Provisioning Markup Language (SPML) Version 1.0, and SPML Core XML Schema. Waveset Technologies, Business Layers, and OpenNetwork Technologies have certified their use of the SPML V1.0 specification. The SPML specification is being advanced for public review under the OASIS process toward approval as an OASIS Open Standard. The public review period for SPML (CS) begins June 05, 2003 and closes July 05, 2003.
SPML V1.0 Committee Specification Documents
Service Provisioning Markup Language (SPML) Version 1.0. OASIS Committee Specification. Edited by Darran Rolls (Waveset Technologies). 3-June-2003. Document identifier: cs-pstc-spml-core-1.0.doc. Send comments to: firstname.lastname@example.org. 75 pages. Contributors include: Archie Reed (Critical Path), Doron Cohen (BMC), Gavenraj Sodhi (Business Layers), Gerry Woods (IBM), Hal Lockhart (BEA), Jeff Bohren (OpenNetwork Technologies), Jeff Larson (Waveset Technologies), Jesus Fernandez (Computer Associates), Matthias Leibmann (Microsoft), Mike Polan (IBM), Paul Madsen (Entrust), Rami Elron (BMC), Tony Gallotta (Access/IBM), Yoav Kirsh (Business Layers).
Bindings for the Service Provisioning Markup Language (SPML) Version 1.0. OASIS Committee Specification. Edited by Jeff Bohren (OpenNetwork Technologies). 3-June-2003. Document identifier: cs-pstc-spml-bindings-1.0.doc. 14 pages. Contributors include Steve Anderson (OpenNetwork Technologies) and Darran Rolls (Waveset Technologies).
Excerpts from the SPML V1.0 Specification
Service provisioning means many different things to many different people. In the context of this specification it refers to the 'preparation beforehand' of IT systems' 'materials or supplies' required to carry out some defined activity. It goes further than the initial 'contingency' of providing resources, to the onward management lifecycle of these resources as managed items. This could include the provisioning of purely digital services like user accounts and access privileges on systems, networks and applications. It could also include the provisioning of non-digital or 'physical' resources like the requesting of office space, cell phones and credit cards."
A provisioning system assumes "the existence of a network service whose sole purpose is the execution and management of provisioning requests. A given Requesting Authority (client) sends the provisioning service a set of requests in the form of a well formed SPML document. Based on a pre-defined service execution model, the provisioning service takes the operations specified within the SPML document and executes provisioning actions against pre-defined service targets or resources... In [an example] SPML request flow A, the Requesting Authority (client) constructs an SPML document subscribing to a pre-defined service offered by Provisioning System One (PS One). PS One takes the data passed in this SPML document, constructs its own SPML document and sends it to PST one (SPML request flow B). PST One represents an independent resource that provides an SPML-compliant service interface. In order to fully service the initial Requesting Authority's request, PS One then forwards a provisioning request (SPML request flow C) to a second network service called Provisioning System Two (PS Two). PS Two is autonomously offering a provisioning service it refers to as Resource E. In this case, Resource E is a relational database within which PS Two creates some data set. Having successfully received PS One's request, PS Two carries out the implementation of its service by opening a JDBC connection to Resource E and adding the relevant data (data flow D)..."
"Protocol Overview: The general model adopted by this protocol is one of clients performing protocol operations against servers. In this model, a client issues an SPML request describing the operation to be performed at a given service point. The service point is then responsible for performing the necessary operation(s) to constitute the implementation of the requested service. Upon completion of the operation(s), the service point returns to the client an SPML response detailing any results or errors pertinent to that request.
"In order to promote standardization of the service subscription and provisioning interface, it is an active goal of this protocol to minimize the complexity of the client interface in order to promote widespread deployment of applications capable of issuing standardized service provisioning requests. With this goal in mind SPML builds on a simplistic core operations model in which the semantics of an individual provisioning action lay in the definition of the underlying service schema.
"The core operations schema provides a small number of generic operations (Add, Modify, Delete, Search) and an open model for the definition and discovery of that schema as a set of simple name=(multi)value pairs. To complement this, SPML V1.0 also provides an operations extension model based on an <ExtendedRequest> operation that allows individual providers to define new operations that do not overlap with V1.0 core operations.
"SPML V1.0 provides both a synchronous and asynchronous batch request model. However, there is no requirement for a blocking synchronous behavior on the part of either clients or servers in either operating model. Requests and responses for multiple operations may be freely exchanged between a client and server in any order, provided the client eventually receives a response for every request that requires one..." [adapted from the Core SPML CS level spec]
SPML Protocol Bindings
Two bindings are sanctioned by the OASIS PSTC: the SOAP/HTTP binding and the file binding.
SOAP 1.1 (Simple Object Access Protocol) is a specification for RPC-like interactions and message communications using XML and HTTP. It has three main parts. One is a message format that uses an envelope and body metaphor to wrap XML data for transmission between parties. The second is a restricted definition of XML data for making strict RPC-like calls through SOAP, without using a predefined XML schema. Finally, it provides a binding for SOAP messages to HTTP and extended HTTP. This binding is limited to SOAP/HTTP and SOAP/HTTPS. SPML using SOAP over a non-HTTP protocol may behave significantly different and is considered outside of the scope of this binding. SOAP/HTTPS is considered to be within the scope of this binding as an HTTP variant... body. SPML request-response protocol elements must be enclosed within the SOAP message body..."
The File Binding refers to using SPML elements in a file, typically for the purposes of bulk processing provisioning data and provisioning schema documentation... When using the SPML File binding for bulk processing of provisioning operations, the input file must consist of a single SPML request element. An SPML Application may output a file containing an SPML response element that corresponds to the request element. If it exists, the resulting output file must consist of a single SPML response element..." [adapted from the Bindings CS level spec]
- Announcement 2003-06-04: "SPML Committee Specification for OASIS Review."
- Sources for SPML V1.0 Committee Specification Documents
- "OASIS Member Companies Host SPML Identity Management Interoperability Event."
- "OASIS Provisioning Services Technical Committee SPML V1.0 Interoperability Event." Technical and Operations Plan.
- Companies certifying the use of SPML V1.0:
- OASIS Provisioning Services TC website
- OASIS PSTC Mailing List Archives
- Formation of the Service Provisioning TC
- "XML-Based Provisioning Services" - Main reference page.