SPML eases information exchange

Service Provisioning Markup Language expected to establish an open, standard protocol for the integration and interoperability of service provisioning requests.

Provisioning is the process of managing the allocation of system resources to employees, partners and contractors as part of identity management. Provisioning now is becoming a widely available network service, and with this maturation comes the need for open standards to support the integration of account and service management in identity infrastructures.

Service Provisioning Markup Language (SPML) is an XML-based framework for exchanging user, resource and service provisioning information between organizations. The framework is expected to establish an open, standard protocol for the integration and interoperability of service provisioning requests.

Developed by the Organization for the Advancement of Structured Information Standards’ (OASIS) Provisioning Services Technical Committee (PSTC), SPML 1.0 is slated for ratification this summer.

PSTC interprets provisioning to mean the upfront preparation of IT system materials or supplies required to carry out pre-defined business activities. The committee goes beyond the initial contingency of providing resources to encompass the entire life-cycle management of these resources. This includes provisioning of digital services such as user accounts and access privileges on systems, networks and applications, as well as the provisioning of non-digital or physical resources such as cell phones and credit cards.

The sole purpose of a provisioning service in a network is to execute and manage provisioning requests. A given requesting authority, or client, sends the provisioning service a set of requests via a well-formed SPML document (an XML document that conforms to the SPML standard). Based on a pre-defined service execution model, the provisioning service takes the operations specified within the SPML document and executes provisioning actions on a pre-defined set of service targets or resources.

The general model for SPML is one in which clients perform protocol operations on servers. In this model, a client issues an SPML request describing the operation to be performed at a given service point or endpoint. The service point is then responsible for performing the necessary operations to implement the request. Once the operation is complete, the service point sends the client an SPML response detailing results or errors.

SPML aims to minimize the complexity of the client interface by supporting widespread deployment of applications that can issue standardized service provisioning requests. To make this possible, SPML provides a simple set of core operations for add, modify, delete and search functions, and an open model for the definition and discovery of service schema (the data required to subscribe to a service).

To complement this, SPML Version 1.0 provides an operations extension model and a synchronous and asynchronous batch request/response processing model. This lets a requesting authority batch sets of provisioning actions and control the execution semantics for individual requests as well as for the batch as a whole.

SPML allows cooperating parties to securely exchange provisioning and service subscription requests using an open-standards-based protocol. It is easy to understand and work with, and is supported by an ever-widening set of vendors.

As more infrastructure becomes identity-centric and companies start to build and deploy Web services, SPML will be a critical element of an end-to-end standards-based identity management strategy.

Rolls is director of technology for Waveset and chair of the OASIS Provisioning Services Technical Committee. He can be reached at Darran.Rolls@waveset.com.