RealTime IT News

OASIS Takes the Wraps Off SPML

SAN FRANCISCO -- With a couple keystrokes, a new employee is added to a HR system at one company. But in a simultaneous message blast, that same employee gets LDAP and other accounts established at several other companies.

While the technique is currently used through the wisdom of proprietary agents, adaptors and connectors, an industry standards consortia Tuesday showed how it could be done using only an open standards-based variation of XML.

Members of OASIS (Organization for the Advancement of Structured Information Standards) the Burton Group's Catalyst conference here demonstrated the interoperability of service provisioning using its latest specification: Service Provisioning Markup Language (SPML). The technology was designed to work with the World Wide Web Consortium's SOAP , the OASIS Standard SAML , the OASIS WS-Security specification, and other open standards.

Championed by companies like BMC Software , PeopleSoft , Novell , BEA Business Layers, Entrust, OpenNetwork, Waveset, Thor Technologies, TruLogica, and Sun Microsystems , the spec lets companies that wouldn't normally talk with each other provide external access to sensitive data and corporate systems while maintaining secure, federated identity management.

"IT management is in the buy cycle and at the core is the identity. The question is how does the identity get there and how do I subscribe to that identity," OASIS member and SPML chairman Darran Rolls told internetnews.com. "SPML is very much about managing accounts or subscriptions and this provides a standards-based model."

The comparison there being previous protocols sometimes made it difficult to communicate because each vendor had to come up with its own version of how to deal with translating the documents.

In addition to HR departments being able to coordinate with outside vendors, like a 401k management firm, Rolls says SPML could easily provide similar services for the financial community, airlines, and ISPs to name a few.

In the demo, Rolls showed how a fictitious PeopleSoft employee is established using a SOAP-based platform and encapsulated within a SPML document. The schema then went through a "mulitiplexer" supplied by Mycroft, taking the message, creating a sub document, and sending it to everyone in the room.

"The value-add is on that backend because it is all maintained in the provisioning system," Rolls said. "It's exciting too because we're able to produce something nine months ago we said we would do for the Burton Catalyst conference."

Rolls also addressed security issues saying that it is actually a multi-level process.

"The security danger is gone," he said. "The message turned up, but the system operates so that you can have an administrator do a visual check before accepting the Web service or document. That way, workflow and approvals still remain intact."

But, that kind of dexterity may radically change the way some companies compete in the Web services business.

Waveset systems engineer Michael Hunt says the new specfication has the potential of making competitors even more

"If two vendors have an HP system, for example, and the systems both speak SPML, you could tear out one vendor and replace it with another without much effort," Hunt said. "Instead of using an agent from IBM or BMC; or Thor adaptors; or connectors from Novell or Critical Path, you have one platform. From a code based perspective, that's three pieces of glue that was proprietary that you can throw it out. Corporate white pages could be all over the map."

Published on June 1, SPML is currently under review by OASIS's voting membership at large, which could approve the standard in late August. Hunt says some companies have already prepared for the ratification.

"At Waveset, we are using SPML internally. I know of a few other companies that have built it into their systems knowing that ratification is coming. The beauty of it is you don't have to do a massive overhaul and throw out your fixtures."

OASIS members are expected to formally test the capabilities of the SPML spec publicly for the first time Wednesday.