OASIS Provisioning Services Technical Committee

An Introduction to version 2 of the Service Provisioning Markup

Language

Overview

• Who is the PSTC?

– OASIS technical committee focused on developing open standards for Service & Identity Provisioning

• Founded in 2001• Contributors:

– BEA - Mycroft– BMC Software - Open Network Technologies– CA (Netegrity) - Oracle (PeopleSoft)– Critical Path - HP (Thor)– Entrust - TruLogica– IBM - Sun (Waveset)

• Deliverable - Service Provisioning Markup Language– V1 - OASIS Open Standard November 3rd 2003 – V2 – Planned complete March 05

Overview

• What is SPML?– Open standard for defining and exchanging

provisioning requests in XML using Web Services technologies

– XML RPC interface for Identity Provisioning– Interface model and management abstraction

for an Identity Life-cycle

Specification Deliverables

• Specification consisting of three elements:

– An XML Schema – an XSD that defines the syntactical rules of SPML message format and data flow

– A Core Specification – normative and non-normative text that describes what SPML is and exactly how to works

– Resource Schema Profiles – definitions of how to use various resource and provisioning target schema languages with SPML V2

• Native XML Schema • SPML V1 DSML V2 Schema

SPML Vocabulary

RA PSP

PST

PSO

• Requesting Authority (RA)

– An issuer of SPML requests

• Provisioning Service Point (PSP)

– Listens for and processes SPML requests

• Provisioning Service Target (PST)

– A request end-point supporting core operations and defined capabilities

• Provisioning Service Object (PSO)

– Uniquely identifiable data object or element on a PST

SPML Operating Model

SPML Service Point

Portal

UDDI

WSDL

TargetTarget

Target

Value added Service…

SPML/SOAPSPML/SOAPWS-Sec Secured

XSD

Specification Concepts

Service Point

Requestor

Specification Concepts

Service Point

Requestor

WSDL

TargetTarget

Target

XSD

In-Spec

Out of Spec

Request Response

Capabilities

Lis

t of

Tar

gets

Core O

perations

Ref to XSD

V1Schema

Batches

Bulk Operations

Sync/Async Model

Transport Security Model

Trust Model (inc. establishment)

AuthN & AuthZ Model

Specification Elements

• Protocol– Simple Request-Response protocol– Synchronous & Asynchronous operations – Individual & batch request models– Support for bulk operations

Requestor Provider

Specification Elements• Core Operations (mandatory)

– addRequest / addResponse• Create a new object on a target • Controllable returned data set

– lookup• Single object query• Controllable returned data set

– modifyRequest / modifyResponse• Change an object on a target• Controllable returned data set

– deleteRequest / deleteResponse• Remove an object from a target

– listTargets• List all provisioning targets available at a given service point

Specification Elements

• Targets & Objects– A Target is an end-point for a request

– Requestors can list available Targets

– A Target supports core operations and defined capabilities

– A PSP must supports at least one Target

– A Provisioning Service Object is a uniquely identifiable data element “within the domain” of a given Target

– Targets have a defined query-able schema

– Targets can have many Objects

– Object ID’s are unique within a scope of a given PSP

ProvisioningService

Point

TargetTarget

Target

Capability

Capability

Capability

Capability

Capability

Capability

ObjectObject

Object

Object

Object Object

Object

Schema

Schema

Schema

Specification Elements

• Capabilities– Optional operations interfaces for domain

specific actions• Password operations

– setPasword– expirePassword– resetPassword– validatePassword

• Suspend actions– Suspend– Resume– Active

• Reference relationship definitions

Specification Elements

• Capabilities– Place for optional elements of the core protocol

• Async protocol definitions– Cancel operation– Status request

• Batch operation– Batch

• Bulk operations– bulkModify– bulkDelete

• Search operations– Search– Iterate

– Key extension point for future new operations

Specification Elements

• Target Schema– Each Target has a defined schema

– Operations are requested relative to that schema

– Target schema uses an extensible model with two “profiles” defined by the TC

• Native XML Schema

– Point to location of published XSD

• SPML V1 DSML V2 Schema

– DSML V2 name=value schema defined in-band

Target

Schema

V1 SchemaExternal XSD