Service Provisioning Markup Language Explained

Service Provisioning Markup Language (SPML) is an XML-based framework, being developed by OASIS, for exchanging user, resource and service provisioning information between cooperating organizations.

The Service Provisioning Markup language is the open standard for the integration and interoperation of service provisioning requests. SPML is an OASIS standard based on the concepts of Directory Service Markup Language. SPML version 1.0 was approved in October 2003. SPML version 2.0 was approved in April 2006.Security Assertion Markup Language exchanges the authorization data.

Definition

The OASIS Provisioning Services Technical Committee uses the following definition of "provisioning":[1]

Goal of SPML

The goal of SPML is to allow organizations to securely and quickly set up user interfaces for Web services and applications, by letting enterprise platforms such as Web portals, application servers, and service centers generate provisioning requests within and across organizations. This can lead to automation of user or system access and entitlement rights to electronic services across diverse IT infrastructures, so that customers are not locked into proprietary solutions.

SPML Functionality

SPML version 2.0 [2] defines the following functionality:

Core functions

Async capability

Batch capability

Bulk capability

Password capability

Search capability

Suspend capability

Updates capability

Custom capabilities

Features

Provisioning Service Object (PSO)

The key identifier in SPML is a PSO.

A Provisioning Service Object (PSO), sometimes simply called an object, represents a data entity or an information object on a target. For example, a provider would represent as an object each account that the provider manages.

Every object is contained by exactly one target. Each object has a unique identifier (PSO-ID).

Profile

SPMLv2 defines two “profiles” in which a requestor and provider may exchange SPML protocol:

A requestor and a provider may exchange SPML protocol in any profile to which they agree.

The DSMLv2 Profile may be more convenient for applications that access mainly targets that are LDAP or X500 directory services. The XSD Profile may be more convenient for applications that access mainly targets that are web services.

External links

Notes and References

  1. http://java.net/projects/openspml/pages/FAQ Open SPML FAQ
  2. http://www.oasis-open.org/specs/#spmlv2.0 SPML Version 2