Service Provisioning Markup Language (SPML) is an XML-based framework, being developed by OASIS, for exchanging user, resource and service provisioning information between cooperating organizations.
Contents
- Definition
- Goal of SPML
- SPML Functionality
- Core functions
- Async capability
- Batch capability
- Bulk capability
- Password capability
- Search capability
- Suspend capability
- Updates capability
- Custom capabilities
- Provisioning Service Object PSO
- Profile
- References
The Service Provisioning Markup language is the open standard for the integration and interoperation of service provisioning requests. SPML is an OASIS standard based on the concepts of Directory Service Markup Language. SPML version 1.0 was approved in October 2003. SPML version 2.0 was approved in April 2006. Security Assertion Markup Language exchanges the authorization data.
Definition
The OASIS Provisioning Services Technical Committee uses the following definition of "provisioning":
Goal of SPML
The goal of SPML is to allow organizations to securely and quickly set up user interfaces for Web services and applications, by letting enterprise platforms such as Web portals, application servers, and service centers generate provisioning requests within and across organizations. This can lead to automation of user or system access and entitlement rights to electronic services across diverse IT infrastructures, so that customers are not locked into proprietary solutions.
SPML Functionality
SPML version 2.0 defines the following functionality:
Core functions
Async capability
Batch capability
Bulk capability
Password capability
Search capability
Suspend capability
Updates capability
Custom capabilities
Provisioning Service Object (PSO)
The key identifier in SPML is a PSO.
A Provisioning Service Object (PSO), sometimes simply called an object, represents a data entity or an information object on a target. For example, a provider would represent as an object each account that the provider manages.
Every object is contained by exactly one target. Each object has a unique identifier (PSO-ID).
Profile
SPMLv2 defines two “profiles” in which a requestor and provider may exchange SPML protocol:
A requestor and a provider may exchange SPML protocol in any profile to which they agree.
The DSMLv2 Profile may be more convenient for applications that access mainly targets that are LDAP or X500 directory services. The XSD Profile may be more convenient for applications that access mainly targets that are web services.