OpenSPML is a site dedicated to the promotion and distribution of an open source client code that supports the Service Provisioning Markup Language (SPML) and provides an open interface to service provisioning activities. OpenSPML is a cooperative initiative by independent software vendors and implementers of the SPML version 1.0 specification. Initially developed in Java™, the OpenSPML client code is expected to be available in other languages in the near future.
The Service Provisioning Markup language (SPML) is the open standard protocol for the integration and interoperation of service provisioning requests. SPML version 1.0 is a draft OASIS standard due for ratification in Summer 2003.
In late 2001, the OASIS Provisioning Services Technical Committee (PSTC) was formed to define an XML-based framework for exchanging user, resource, and service provisioning information.
Service provisioning refers to the "preparation beforehand" of IT systems' materials or supplies required to carry out a specific activity. It goes beyond the initial "contingency" of providing resources, to encompass the entire lifecycle management of these resources. This includes the provisioning of digital services such as user accounts and access privileges on systems, networks and applications, as well as the provisioning of non-digital or "physical" resources such as cell phones and credit cards.
The following short definition has been adopted by the Provisioning Services Technical Committee as its forma definition of the general term "provisioning":
"Provisioning is the automation of all the steps required to manage (setup, amend and revoke) user or system access entitlements or data relative to electronically published services".
It is not necessary to define the implementation or physical makeup of a service provisioning system. Simply assume the existence of a network service whose sole purpose is the execution and management of provisioning requests. A given Requesting Authority (client) sends the provisioning service a set of requests in the form of a well formed SPML document. Based on a pre-defined service execution model, the provisioning service takes the operations specified within the SPML document and executes provisioning actions against pre-defined service targets or resources.
Figure 1 shows a high-level schematic of the operational components of an SPML model system. In SPML request flow A, the Requesting Authority (client) constructs an SPML document subscribing to a pre-defined service offered by Provisioning System One (PS One). PS One takes the data passed in this SPML document, constructs its own SPML document and sends it to Provisioning Service Target One, PST One (SPML request flow B). PST One represents an independent resource that provides an SPML-compliant service interface. In order to fully service the initial Requesting Authority's request, PS One then forwards a provisioning request (SPML request flow C) to a second network service called Provisioning System Two (PS Two). PS Two is autonomously offering a provisioning service it refers to as Resource E. In this case, Resource E is a relational database within which PS Two creates some data set. Having successfully received PS One's request, PS Two carries out the implementation of its service by opening a JDBC connection to Resource E and adding the relevant data (data flow D).
In this example, the SPML document flow follows a simple request/response protocol that supports both synchronous and asynchronous operations. Importantly, these SPML flows are initiated unidirectionally. When PS One made a request of PS Two, it assumed the role of a Requesting Authority and initiated its own request/response flow with its chosen service point. When PS Two implemented its service at Resource E, it DID NOT use an SPML protocol message as Resource E did not support an SPML interface.
The exchange of user information between two points, or identity management systems, depends upon the acceptance of an open, XML-based standard such as SPML. Previous standardization efforts from XRPM (eXtensible Resource Provisioning Markup) and ADPR (Active Digital Profile) identified this need at opposite ends of the provisioning scenario depicted in Figure 1. XRPM set out to define a standard for interoperability and functioning between Provisioning Systems. ADPR set out to define a standard for interoperability and functioning between the Provisioning System and the managed resource. The PSTC and was formed to address the specification of a single XML-based framework for the exchange of information at all levels by allowing a Provisioning Service Target (the resource) to adopt the role of a Provisioning Service Point (a server), respond to client requests and operate as a full service point responsible for a single service or resource, itself.