OASIS Provisioning Services Technical Committee An Introduction to version 2 of the Service Provisioning Markup Language
Overview Who is the PSTC? –OASIS technical committee focused on developing open standards for Service & Identity Provisioning Founded in 2001 Contributors: –BEA- Mycroft –BMC Software- Open Network Technologies –CA (Netegrity)- Oracle (PeopleSoft) –Critical Path- HP (Thor) –Entrust- TruLogica –IBM - Sun (Waveset) Deliverable - Service Provisioning Markup Language –V1 - OASIS Open Standard November 3rd 2003 –V2 – Planned complete March 05
Overview What is SPML? –Open standard for defining and exchanging provisioning requests in XML using Web Services technologies –XML RPC interface for Identity Provisioning –Interface model and management abstraction for an Identity Life-cycle
Specification Deliverables Specification consisting of three elements: –An XML Schema – an XSD that defines the syntactical rules of SPML message format and data flow –A Core Specification – normative and non-normative text that describes what SPML is and exactly how to works –Resource Schema Profiles – definitions of how to use various resource and provisioning target schema languages with SPML V2 Native XML Schema SPML V1 DSML V2 Schema
SPML Vocabulary Requesting Authority (RA) –An issuer of SPML requests Provisioning Service Point (PSP) –Listens for and processes SPML requests Provisioning Service Target (PST) –A request end-point supporting core operations and defined capabilities Provisioning Service Object (PSO) –Uniquely identifiable data object or element on a PST
SPML Operating Model SPML Service Point Portal UDDI WSDL Target Value added Service… SPML/SOAP WS-Sec Secured XSD
Specification Concepts Service Point Requestor
Specification Concepts Service Point Requestor WSDL Target XSD In-Spec Out of Spec RequestResponse Capabilities List of Targets Core Operations Ref to XSD V1 Schema Batches Bulk Operations Sync/Async Model Transport Security Model Trust Model (inc. establishment) AuthN & AuthZ Model
Specification Elements Protocol –Simple Request-Response protocol –Synchronous & Asynchronous operations –Individual & batch request models –Support for bulk operations RequestorProvider
Specification Elements Core Operations (mandatory) –addRequest / addResponse Create a new object on a target Controllable returned data set –lookup Single object query Controllable returned data set –modifyRequest / modifyResponse Change an object on a target Controllable returned data set –deleteRequest / deleteResponse Remove an object from a target –listTargets List all provisioning targets available at a given service point
Specification Elements Targets & Objects –A Target is an end-point for a request –Requestors can list available Targets –A Target supports core operations and defined capabilities –A PSP must supports at least one Target –A Provisioning Service Object is a uniquely identifiable data element “within the domain” of a given Target –Targets have a defined query-able schema –Targets can have many Objects –Object ID’s are unique within a scope of a given PSP Provisioning Service Point Target Capability Object Schema
Specification Elements Capabilities –Optional operations interfaces for domain specific actions Password operations –setPasword –expirePassword –resetPassword –validatePassword Suspend actions –Suspend –Resume –Active Reference relationship definitions
Specification Elements Capabilities –Place for optional elements of the core protocol Async protocol definitions –Cancel operation –Status request Batch operation –Batch Bulk operations –bulkModify –bulkDelete Search operations –Search –Iterate –Key extension point for future new operations
Specification Elements Target Schema –Each Target has a defined schema –Operations are requested relative to that schema –Target schema uses an extensible model with two “profiles” defined by the TC Native XML Schema –Point to location of published XSD SPML V1 DSML V2 Schema –DSML V2 name=value schema defined in-band Target Schema V1 SchemaExternal XSD