SPML rising above the noise level?

I talk to customers about a lot of identity related topics and in the past few months, the topic of Service Provisioning Markup Language (SPML) has come up on many occasions. This is of course regarding integration to a provisioning infrastructure. The frequency of interest in SPML appears to demonstrate a pattern (at least from my perspective) of the maturity and applicability of the SPML standard to current identity solutions.

First, what is SPML? Service Provisioning Markup Language is an OASIS standard

Sun Java System Identity Manager includes SPML handlers which listen for incoming SPML requests. A sample SPML Resource Adapter is also provided in the REF-KIT for outbound SPML provisioning. In Identity Manager 7.x there are three SPML listeners:

1) The SPML1: http://://servlet/rpcrouter2
Using SPML 1.0 with Identity Manager Web Services

2) The SPML2: http://://servlet/openspml2
Using SPML 2.0 with Identity Manager Web Services

3) The SPMLspe handler: http://://servlet/spespml
Using SPML 1.0 with Identity Manager Web Services

Sample SPML 2.0 Resource Adapter
Identity Manager provides a sample SPML 2.0 resource adapter that can be modified and used to talk to third-party resources that support SPML 2.0 core operations.

SPML is capable of many things and the operations use SOAP / HTTP, however, due to the extensible nature of SPML to support extended operations and schema differences, SPML does not provide a .wsdl interface to define it's operations. This is not a limitation of Identity Manager, it is just how SPML was designed. It allows for tremendous flexibility using this approach.

The SPML options for interfacing with Identity Manager assume that you are using an SPML api. There is an openspml java api for SPML.

For an implementation which needs a web service with .wsdl defined web service (like a SOA infrastructure or .net application, for example). This effectively acts as a wrapper with specific operations around the more general purpose SPML interface which is exposed.

Since there is a java openspml api available, a web service which is specific to an implementation (for example CRUD operation with specific user attributes used in a deployment) in a .wsdl interface which in turn invokes spml operations to Identity Manager. This approach assumes that a Java application server is available to host the web service since the openspml apis are written in java. This approach could be hosted on the same application server or on a remote Java application server which uses SPML to contact Identity Manager. I have been involved in several examples of using this approach to integrate with Sun's Identity Manager in the past 6 months. This approach enables the provisioning infrastructure to do it's normal job of user provisioning and compliance auditing, but enables it to be accessible in new and interesting ways.

Comments:

Post a Comment:
Comments are closed for this entry.
About

harcey

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today