Upload
lilian-wilkinson
View
219
Download
1
Embed Size (px)
Citation preview
OASIS Provisioning Services Technical Committee
An Introduction to version 2 of the Service Provisioning Markup
Language
Overview
• Who is the PSTC?
– OASIS technical committee focused on developing open standards for Service & Identity Provisioning
• Founded in 2001• Contributors:
– BEA - Mycroft– BMC Software - Open Network Technologies– CA (Netegrity) - Oracle (PeopleSoft)– Critical Path - HP (Thor)– Entrust - TruLogica– IBM - Sun (Waveset)
• Deliverable - Service Provisioning Markup Language– V1 - OASIS Open Standard November 3rd 2003 – V2 – Planned complete March 05
Overview
• What is SPML?– Open standard for defining and exchanging
provisioning requests in XML using Web Services technologies
– XML RPC interface for Identity Provisioning– Interface model and management abstraction
for an Identity Life-cycle
Specification Deliverables
• Specification consisting of three elements:
– An XML Schema – an XSD that defines the syntactical rules of SPML message format and data flow
– A Core Specification – normative and non-normative text that describes what SPML is and exactly how to works
– Resource Schema Profiles – definitions of how to use various resource and provisioning target schema languages with SPML V2
• Native XML Schema • SPML V1 DSML V2 Schema
SPML Vocabulary
RA PSP
PST
PSO
• Requesting Authority (RA)
– An issuer of SPML requests
• Provisioning Service Point (PSP)
– Listens for and processes SPML requests
• Provisioning Service Target (PST)
– A request end-point supporting core operations and defined capabilities
• Provisioning Service Object (PSO)
– Uniquely identifiable data object or element on a PST
SPML Operating Model
SPML Service Point
Portal
UDDI
WSDL
TargetTarget
Target
Value added Service…
SPML/SOAPSPML/SOAPWS-Sec Secured
XSD
Specification Concepts
Service Point
Requestor
Specification Concepts
Service Point
Requestor
WSDL
TargetTarget
Target
XSD
In-Spec
Out of Spec
Request Response
Capabilities
Lis
t of
Tar
gets
Core O
perations
Ref to XSD
V1Schema
Batches
Bulk Operations
Sync/Async Model
Transport Security Model
Trust Model (inc. establishment)
AuthN & AuthZ Model
Specification Elements
• Protocol– Simple Request-Response protocol– Synchronous & Asynchronous operations – Individual & batch request models– Support for bulk operations
Requestor Provider
Specification Elements• Core Operations (mandatory)
– addRequest / addResponse• Create a new object on a target • Controllable returned data set
– lookup• Single object query• Controllable returned data set
– modifyRequest / modifyResponse• Change an object on a target• Controllable returned data set
– deleteRequest / deleteResponse• Remove an object from a target
– listTargets• List all provisioning targets available at a given service point
Specification Elements
• Targets & Objects– A Target is an end-point for a request
– Requestors can list available Targets
– A Target supports core operations and defined capabilities
– A PSP must supports at least one Target
– A Provisioning Service Object is a uniquely identifiable data element “within the domain” of a given Target
– Targets have a defined query-able schema
– Targets can have many Objects
– Object ID’s are unique within a scope of a given PSP
ProvisioningService
Point
TargetTarget
Target
Capability
Capability
Capability
Capability
Capability
Capability
ObjectObject
Object
Object
Object Object
Object
Schema
Schema
Schema
Specification Elements
• Capabilities– Optional operations interfaces for domain
specific actions• Password operations
– setPasword– expirePassword– resetPassword– validatePassword
• Suspend actions– Suspend– Resume– Active
• Reference relationship definitions
Specification Elements
• Capabilities– Place for optional elements of the core protocol
• Async protocol definitions– Cancel operation– Status request
• Batch operation– Batch
• Bulk operations– bulkModify– bulkDelete
• Search operations– Search– Iterate
– Key extension point for future new operations
Specification Elements
• Target Schema– Each Target has a defined schema
– Operations are requested relative to that schema
– Target schema uses an extensible model with two “profiles” defined by the TC
• Native XML Schema
– Point to location of published XSD
• SPML V1 DSML V2 Schema
– DSML V2 name=value schema defined in-band
Target
Schema
V1 SchemaExternal XSD