Previously, there was no one way to do this in a uniform manner. With SPML, companies don’t have to waste what could be millions of dollars on development work in order to get people provisioned or deprovisioned, said ZapThink Senior Analyst Ronald Schmelzer.

“What this means for companies is that as they purchase applications that require some sort of user access, they should make sure that they have a standard way of provisioning users on, and deprovisioning users from that application,” Schmelzer told internetnews.com.

“SPML will most likely work within a broader framework for enterprise-wide security infrastructure such as those provided by other standardization initiatives, such as WS-Security and WS-Policy,” he said. “WS-Security and WS-Policy are more concerned with specific user access to business logic, but there are clearly going to be cases when the two specifications will need to overlap. At the very least, any comprehensive security platform for Web Services will need to handle both of these sets of specifications — provisioning of physical and virtual assets and the access to these applications.”

Read more at: Internetnews.com