ⓘ Service Provisioning Markup Language is an XML-based framework, being developed by OASIS, for exchanging user, resource and service provisioning information bet ..

                                     

ⓘ Service Provisioning Markup Language

Service Provisioning Markup Language is an XML-based framework, being developed by OASIS, for exchanging user, resource and service provisioning information between cooperating organizations.

The Service Provisioning Markup language is the open standard for the integration and interoperation of service provisioning requests. SPML is an OASIS standard based on the concepts of Directory Service Markup Language. SPML version 1.0 was approved in October 2003. SPML version 2.0 was approved in April 2006. Security Assertion Markup Language exchanges the authorization data.

                                     

1. Goal of SPML

The goal of SPML is to allow organizations to securely and quickly set up user interfaces for Web services and applications, by letting enterprise platforms such as Web portals, application servers, and service centers generate provisioning requests within and across organizations. This can lead to automation of user or system access and entitlement rights to electronic services across diverse IT infrastructures, so that customers are not locked into proprietary solutions.

                                     

2. SPML Functionality

SPML version 2.0 defines the following functionality:

Batch capability

  • batch - Supports batch execution of requested operations.

Bulk capability

  • bulkModify - Allows multiple modify requests to be run together.
  • bulkDelete - Allows multiple delete requests to be run together.

Custom capabilities

  • An individual provider or any third party can define a custom capability that integrates with SPMLv2.
                                     

2.1. SPML Functionality Core functions

  • lookup - The lookup operation enables a requestor to obtain the XML that represents an object on a target.
  • delete - The delete operation enables a requestor to remove an object from a target.
  • listTargets - Enables a requestor to determine the set of targets that a provider makes available for provisioning.
  • modify - The modify operation enables a requestor to change an object on a target.
  • add - The add operation enables a requestor to create a new object on a target.
                                     

2.2. SPML Functionality Batch capability

  • batch - Supports batch execution of requested operations.
                                     

2.3. SPML Functionality Bulk capability

  • bulkModify - Allows multiple modify requests to be run together.
  • bulkDelete - Allows multiple delete requests to be run together.
                                     

2.4. SPML Functionality Password capability

  • validatePassword - Enables a requestor to determine whether a specified value would be valid as the password for a specified object.
  • expirePassword - Marks as invalid the current password for an object.
  • resetPassword - Enables a requestor to change to an unspecified value the password for an object and to obtain that newly generated password value.
  • setPassword - Enables a requestor to specify a new password for an object.


                                     

2.5. SPML Functionality Search capability

  • closeIterator - The closeIterator operation tells the provider that the requestor has no further need for the search result that a specific represents.
  • search - The search operation obtains every object that matches a specified query.
  • iterate - The iterate operation obtains the next set of objects from the result set that the provider selected for a search operation.
                                     

2.6. SPML Functionality Suspend capability

  • suspend - The suspend operation enables a requestor to disable an object.
  • active - The active operation enables a requestor to determine whether a specified object has been suspended.
  • resume - The resume operation enables a requestor to re-enable an object that has been suspended.
                                     

2.7. SPML Functionality Updates capability

  • closeIterator - The closeIterator operation tells the provider that the requestor has no further need for the updates result set that a specific represents.
  • updates - The updates operation obtains records of changes to objects.
  • iterate - The iterate operation obtains the next set of objects from the result set that the provider selected for an updates operation.
                                     

2.8. SPML Functionality Custom capabilities

  • An individual provider or any third party can define a custom capability that integrates with SPMLv2.
                                     

3. Features

Provisioning Service Object PSO

The key identifier in SPML is a PSO.

A Provisioning Service Object PSO, sometimes simply called an object, represents a data entity or an information object on a target. For example, a provider would represent as an object each account that the provider manages.

Every object is contained by exactly one target. Each object has a unique identifier PSO-ID.

Profile

SPMLv2 defines two" profiles” in which a requestor and provider may exchange SPML protocol:

  • XML Schema as defined in the" SPMLv2 XSD Profile”.

A requestor and a provider may exchange SPML protocol in any profile to which they agree.

The DSMLv2 Profile may be more convenient for applications that access mainly targets that are LDAP or X500 directory services. The XSD Profile may be more convenient for applications that access mainly targets that are web services.

                                     
  • based on that of LDAP, that could be carried in SOAP. The Service Provisioning Markup Language SPML also from OASIS is based on the concepts of DSMLv2
  • service - provisioning information - SPML Service Provisioning Markup Language for managing the provisioning and allocation of identity information and
  • Synthesis Markup Language a language for speech synthesis applications SPML: user, resource and service provisioning information Strategy Markup Language StratML
  • Data Center Markup Language DCML is an XML - based markup language which provides a means for describing data center environments such as dependencies
  • Web Services for Remote Portlets WS - Provisioning Describes the APIs and schemas necessary to facilitate interoperability between provisioning systems
  • environment. SPML - Service Provisioning Markup Language a standard XML - based protocol for the integration and interoperation of service provisioning requests.
  • Security Assertion Markup Language OAuth, OpenID, Security Tokens Simple Web Tokens, JSON Web Tokens, and SAML assertions Web Service Specifications
  • interaction via the World Wide Web. Semantic services are a component of the semantic web because they use markup which makes data machine - readable in a detailed
  • authentication to online services and The Authentication Service is responsible for the creation of Security Assertion Markup Language SAML assertions confirming
  • represented in an XML called FML Farm Markup language and enacted via a Java - based engine that managed provisioning complete with safe clean - room networks
  • Multi - factor authentication and advanced adaptive authentication Provisioning and de - provisioning of users Role - based access control and flexible security policies