The Catalyst Conference, which focused solely on directory services just four years ago when I attended my first one, has become the place for identity management announcements and demonstrations of specifications and their interoperability. The conference, held in San Francisco this year, did not disappoint.
While identity management was the headliner at this weeks conference, the demonstration of the OASIS (Organization for the Advancement of Structured Information Standards) SPML (Service Provisioning Markup Language) could have a larger impact on enterprises in the near future.
At the conference, 10 members of OASIS publicly demonstrated the interoperability between security software products using SPML, as well as the specifications stability, for the first time (see article here).
SPML is the XML-based framework for exchanging and administering user access rights and resource information across heterogeneous environments. In essence, the specification is designed to create interoperability across provisioning systems so they can talk to one another. Other applications could also use the specification to request provisioning commands.
Currently, the SPML specification is in an OASIS public review stage, the final stage of the OASIS approval process before submission to the standards bodys membership for consideration.
In conversations Ive had with IT managers, provisioning has become an increasingly important issue for enterprises, especially with the maturity of Web services. SPML applications may ease the pain in large enterprises by enabling account creation and maintenance via multiple provisioning systems within a variety of organizations. And although it may need some additional work to address Web services, it could also be used for creating accounts in Web services with which an enterprise system is interacting.
SPML lacks the support given to the OASIS SAML (Security Assertions Markup Language) specification at last years Catalyst Conference, so this years conference was the place to see who is lining up behind it. PeopleSoft, Sun, Entrust, Business Layers and Open Network Technologies, among others, all back the specification. Naturally, all will be prepared to sell you SPML-compliant solutions in the near future.
If youre having trouble selling provisioning to your CIO, consider the method used by Tom King, chief information security officer at Lehman Bros. King, who presented a case study on provisioning, said he manages the log-ins for 15,000 employees with 230,000 systems accounts.
In the past, it cost Lehman Bros. $33 every time an account had to be changed. So although the costs of deploying a provisioning system were high, he said it only took one statement to get his CIO to sign off on the project: The ability to know what each employee is accessing is priceless.
How are you handling provisioning? Let me know at firstname.lastname@example.org.