YOUR FEEDBACK
Why Do 'Cool Kids' Choose Ruby or PHP to Build Websites Instead of Java?
Thomas wrote: I have about twenty years development experience, from assem...
AJAXWorld $200 "Gold Pass" Savings Expire February 1st - Register Today!
Did you read today's front page stories & breaking news?


2007 West
GOLD SPONSORS:
Active Endpoints
Your SOA Needs BPEL for Orchestration
BEA
Virtualized SOA: Adaptive Infrastructure for Demanding Applications
Nexaweb
Overcoming Bandwidth Challenges with Nexaweb
TIBCO
What is Service Virtualization?
SILVER SPONSORS:
WSO2
Using Web Services Technologies and FOSS Solutions
Click For 2007 East
Event Webcasts

2007 West
DIAMOND SPONSOR:
Laszlo
The Browser, the Portal, and the Desktop

PLATINUM SPONSORS:
Cynergy
Connecting the Dots: The Distributed User Experience
IBM
Developing Situational Applications with Web 2.0 Mashups
JackBe
Let My People Mash: Empowering Business Users with Enterprise Mashups
Oracle
Accelerating Business Execution with Fusion Middleware & Oracle Applications

GOLD SPONSORS:
Backbase
AJAX for the Enterprise
ICEsoft
ICEfaces and Mobile AJAX
Kapow
The Enterprise Value of Mashups
Microsoft
Building Cloud Data Services: An Early Look at Microsoft Astoria
Nexaweb
AJAX, Open Source, and Enterprise Web 2.0
Sun
Sun's Participation in the World of AJAX
Tele Atlas
Location-Enabled Apps in Today's Mashup World
TIBCO
Rapid Development with AJAX & Services

Click For 2006 Event Webcasts
I'm Wondering What Comes After SOA
At the end of the year, it's always interesting to take a moment and try to imagine what's next. In this case, I'm not thinking about whether the Patriots will win the Super Bowl, I'm wondering what comes after service-oriented architecture. Although SOA has been dramatically hyped as the solution t
SYS-CON.TV
TODAY'S TOP SOA & WEBSERVICES LINKS


SOA Feature - Service Provisioning via SPML in SOA
Simplifying identity and resource management for distributed services

Digg This!

Page 1 of 2   next page »

Provisioning is the automation of all the steps required to manage user accounts or system access facilities or data relative to electronically published services.

The Provisioning Services Technical Committee (PSTC) at OASIS, the premier standards body for SOA-related standards, defined an XML-based framework named Service Provisioning Markup Language (SPML) for exchanging user information, resource information, and service provisioning information in systems. In this article, we'll explore the role of SPML in managing identity and resource information in SOA environments.

What Is SPML?
SPML is an XML-based request response protocol that is used to integrate and interoperate service provisioning requests. The use of SPML is to enable organizations to set up interfaces for Web Services and applications quickly and securely. This is done by letting portals, application servers, and service centers generate provisioning requests in and across organizations.

If you take a typical SOA security stack, SPML satisfies a complementary requirement for authentication, authorization and fine-grained access control. SPML is used for service provisioning whereas the authentication and authorization of data is done through SAML. Fine-grained XML access control is done through XACML.

Identity Management and SPML's Role
Nowadays user credentials play an important role, be it a network-oriented system or a specific application. Managing user identity is challenging in today's environment given the increasing diversity and complexity of systems. Identity management refers to the management of the entire lifecycle of one or more identities, from creation to destruction, and managing privileges.

SPML deals with provisioning these identities in enterprise ecosystems. It brings standardization in preparing system infrastructure to accomplish business activities. A typical SPML use case scenario in organizations is the situation of hiring a new employee, which involves lots of procedures that can be included in a provisioning workflow. Provisioning involves both digital as well as physical activities. A physical activity involves procuring a PC or laptop and a digital activity involves creating a user account in various applications.

SPML in Enterprise Identity Management
The Different Components of an Enterprise Provisioning System

The typical provisioning system contains three essential components: a Requesting Authority (RA), a Provisioning Service Provider (PSP), and a Provisioning Service Target (PST). This is represented in Figure 1.

•  Requesting Authority (RA): In a typical provisioning system the RA is the client. Well-formed SPML documents are created by the RA and are sent to the SPML service point, which is basically a Provisioning Service Provider (PSP). These requests describe an operation to be performed at the PSP end. For an RA to issue a request to the PSP, a trust relationship must exist between the RA and PSP. Sometimes the PSP can act as the RA for another PSP
•  Provisioning Service Point (PSP): This is the component that listens to the request from the RA, processes it, and returns a response to the RA. Any component that listens and processes well-formed SPML documents is called a Provisioning Service Point.
•  Provisioning Service Target (PST): The Target is basically actual software or an application on which action is taken. For example, it could be a directory that stores all of an organization's user accounts, or it could be an asset allocation system used to log requests for acquiring IT assets like laptops/PCs.

A typical provisioning system using SPML has one Requesting Authority with an PSP in the middle and one or more PSTs. Suppose there are three systems. Without using SPML the user information would have to be keyed into all three systems using the system portal. User information like name, address, contact number, date of birth, and SSN would have to be keyed in repeatedly across the three systems. By introducing a ProvisioningServiceProvider (PSP) layer and using SPML the user information can be keyed into a single Requesting Authority and be reflected across multiple targets. So we avoid keying the same set of information into various systems.

Operations Supported by SPML
SPML 2.0 supports various core, search , batch as well as async operations related to provisioning.

SPML Core Operations

  • list Targets: to find the list of existing target (PST) systems supported by PSP
  • add: to add an object to a given PST system
  • modify: to modify an object in a given PST system
  • delete: to remove an object from a given PST system
  • lookup: to obtain an XML representation of an object from a given PST system
SPML Search Operations
  • search: to get all the objects that match specified selection criteria (query)
  • iterate: to get the next set of objects from the result set that the provider selects for a search operation (using selection criteria )
  • closeIterator: to tell the provider that the requestor has no further need of the search result that a specific iterator represents
SPML Batch Operations
  • Batch: to combine any number of individual requests into a single request
SPML Async Operations
  • Cancel: To enable a requestor to stop the execution of an asynchronous operation
  • Status (Async capability): To enable a requestor to determine whether an asynchronous operation has successfully completed or has failed or is still executing.
Problems with Provisioning
So a typical provisioning system consists of requesting authorities, a provider, and a target. Before provisioning, the Requesting Authority might use its own portal to update the user information. A typical problem with this kind of system is that it might already be in place and a lot of user information might have been keyed in for a particular target. Now after developing a new provisioning system and putting it in place, the user information might not be there in the audit details of the provisioning system.

Provisioning can be done for different targets at the same time. But doing this makes it difficult to synchronize the data unless you pass the data through the provisioning service provider for the different Requesting Authorities and multiple targets.

Use Cases of SPML
Some typical use cases of SPML will be explored in the sections:

  1. A mass federated identity use case, and
  2. Partner credential provisioning


Page 1 of 2   next page »
About Manivannan Gopalan
Manivannan Gopalan specializes in legacy systems, legacy migration to SOA, and Web services. He currently works with the Web Services Centre of Excellence in SETLabs, the technology research division at Infosys Technologies, India. He has published papers in international conferences such as the IEEE International Conference of Web Services.

SOA WORLD LATEST STORIES
Nastel to Sponsor SOA World Conference & Expo
Nastel is a recognized market leader in providing solutions for application performance monitoring and management. Nastel's solutions empower IT teams to consistently assure high performance and availability of business applications. Nastel's AutoPilot Suite of software rapidly identif
Software AG Named "Gold Sponsor" of SOA World Conference & Expo
Software AG is the world's largest independent provider of Business Infrastructure Software. The company's 4,000 global customers achieve measurable business results by modernizing and automating their IT systems and rapidly building new systems and processes to meet growing business d
Web Age Solutions Named "Gold Sponsor" of SOA World Conference & Expo
Web Age Solutions is a leading provider of technology mentoring and education to the Fortune 500. Their 'Preferred Vendor' status with the global leaders is a result of their highly progressive approach to knowledge transfer and relentless pursuit of customer satisfaction. While many o
TIBCO Software Named "Gold Sponsor" of SOA World Conference & Expo
TIBCO Software is a leading business integration and process management software company that enables real-time business. TIBCO has delivered the value of real-time business, what TIBCO calls The Power of Now, to over 3,000 customers around the world and in a wide variety of industries
SOA & Virtualization: The Secret Inside HP's Quiet Little Billion-Dollar "Semantic Document" Acquisition
This is the kind of stuff IBM, EMC, Google and even the poverty-stricken Xerox want to be able to do but HP figures it's gotten a jump on the so-called Semantic document. The Kentucky-based Exstream will become part of HP's Web Services and software business in its Imaging and Printing
Active Endpoints to Drive Mass Adoption of SOA
Active Endpoints announced new funding, additions to its management team and an expanded go-to-market strategy, all of which are designed to implement the company's new mission to make it easier for line of business project teams to modernize their applications, accelerate project deli
SUBSCRIBE TO THE WORLD'S MOST POWERFUL NEWSLETTERS
SUBSCRIBE TO OUR RSS FEEDS & GET YOUR SYS-CON NEWS LIVE!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021

TODAY'S TOP SOA LINKS YOU MUST CLICK ON !


ADS BY GOOGLE