Provision 1C user accounts thru SPML gateway

Service Provisioning Markup Language (SPML) is an XML-based standard, developed by the OASIS consortium, for exchanging user, resource and service provisioning information. SPML came in response to the need of unifying and automating the management of user accounts and rights inside a corporation. Indeed, with the multiplication of IT systems --logistics, accounting, customer management, human resources, you name it-- inside the companies we work for, the old (manual) ways of dealing with users --Dear Admin, please create account for new employee... Dear Admin, please give me access right for the folder/document... who doesn't remember writing one of these emails?-- could not keep up, responsible for too much incorrect data, leading to information leaks and productivity loss.

Today in its version 2.0 --version 1.0 had limited number of operations, limited scheme for user information and simpler using/integrating--, SPML has enabled the software industry to develop interoperable solutions of identity management, for the various IT systems themself to communicate and propagate changes in user information and rights. Examples of commercial solutions that are SPML-compliant include Sun Identity Manager and Oracle Identity Manager. We believe that it is essential that Enterprise Resource Management (ERM) applications today support advanced identity management operations beyond single sign-on --on that topic, check out this OpenSSO integration work.

Based in Moscow, 1C is a leading Russian software vendor, with 1M+ customers for their ERM software suite 1C:Enterprise and 18.7% market share in the Russia ERM market --making it the top #2 vendor in 2008 per a recent IDC study. 1C is particularly known as the maker of the most popular enterprise accounting system 1C:Accounting sold in the CIS region; about every company in Russia runs a copy of that software, I have been told. With such a large installed base, 1C has evolved to become the center of a large ecosystem and network of 5000+ partner integrators, resellers and software vendors. Some of which being Sun Microsystems partners as well.

To help our partners differentiate and add value in the legacy 1C ecosystem with Sun open technologies, the local ISV Engineering team engaged last year in the prototype development of an SPML interface for 1C:Enterprise, so it can integrate into the identity management frameworks deployed at large corporations. Because the 1C platform is fully based on Microsoft technologies and there was no external interfaces except Microsoft COM, our solution was to write a proxy gateway for translating SPML requests into COM API requests, and exchanging provisioning information. The gateway is embedding a web server for handling HTTP requests so an administrator can simply install the SPML gateway along with the 1C client on a clean Windows machine. That done, the provisioning information inside the 1C database can be managed from any machine on the network.

We have had very good feedback from our partners about this solution so far. It has proven to save a lot of time --and money too!-- at deployment time and in managing 1C:Enterprise, because the service could litterally be managed as an appliance and the solution did not require to install a 1C client on the machine where the Identity Management server sits. We encourage all of the 1C:Franchising network to leverage our work and put it to good use at their 1C customers. The code for the 1C SPML Gateway has been shared under an open-source license for that matter and is available for free download.

As a general solution --I'm talking outside of the 1C ecosystem now, I'm thinking of any ISV out there needing to have its application exchange user information with identity management systems--, there is a lot one can learn from this particular project. The gateway approach enables to plug legacy applications into a customer's identity infrastructure with no modification to the application --provided you have some kind of interfaces, of course. In addition, the SPML open protocol ensures maximum interoperability with modern identity management frameworks.

To conclude, anyone really is welcome to leverage our work as is, extend it --please join the community and share back-- or use it as a stub for another application --why not using Project Kenai to host and share your project as well? Most of the documentation for the 1C SPML Gateway is currently in Russian but we will be soon posting an English summary of it to make life easier. In any case, you can right away post questions in English in the issue tracker and/or mailing list.


Now that I remember, another good source for open-source client code that supports SPML is the OpenSPML Project at

Posted by Frederic Pariente on November 20, 2009 at 12:51 AM CET #

I have added some project description in English so you can look into it. But as always code could say more that any words -

Posted by Alexey Abashev on November 26, 2009 at 09:34 AM CET #

Post a Comment:
  • HTML Syntax: NOT allowed

How open innovation and technology adoption translates to business value, with stories from our developer support work at Oracle's ISV Engineering.



« July 2016