OASIS Stamps Approval on Provisioning Standard

Previously, there was no one way to do this in a uniform manner. With SPML, companies don’t have to waste what could be millions of dollars on development work in order to get people provisioned or deprovisioned, said ZapThink Senior Analyst Ronald Schmelzer.

“What this means for companies is that as they purchase applications that require some sort of user access, they should make sure that they have a standard way of provisioning users on, and deprovisioning users from that application,” Schmelzer told internetnews.com.

“SPML will most likely work within a broader framework for enterprise-wide security infrastructure such as those provided by other standardization initiatives, such as WS-Security and WS-Policy,” he said. “WS-Security and WS-Policy are more concerned with specific user access to business logic, but there are clearly going to be cases when the two specifications will need to overlap. At the very least, any comprehensive security platform for Web Services will need to handle both of these sets of specifications — provisioning of physical and virtual assets and the access to these applications.”

Read more at: Internetnews.com

Web services ID management touted

“SPML adds to the identity management capabilities by providing a standard way in which access to these critical infrastructure resources can be granted or denied,” said analyst Ronald Schmelzer of ZapThink in Waltham, Mass. “This means that companies can build applications that have strict identity and security policies without having to do so in a proprietary and noninteroperable manner.”

“While SPML has more to do with provisioning physical access to specific resources, there is definitely potential for overlap or at least complementary offering to the WS-Security and WS-Policy specifications,” Schmelzer said.

Read more at: InfoWorld

Service-Oriented Management

Web Services management applications provide software that helps companies manage the systems and applications that underlie their Web Services implementations. The Web Services management products on the market today offer functionality in five basic categories: system management, lifecycle management, business management, security management, and the most important, Service-Oriented Architecture enablement.

The latter category is especially important because many Web Services management products provide the critical infrastructure necessary for companies to take their fine-grained, atomic Web Services and other data sources and encapsulate and compose them into coarse-grained business Services that make up a Service-Oriented Architecture. Such architectures offer far more long-term business value than the point-to-point applications of Web Services common today.

ZapNote: Business Layers

eProvisioning describes the process of identifying and allocating resources to users with business needs, including employees, customers, business partners, and contractors. Increasingly XML is being used to solve this problem, and Business Layers has both a product and proposed specification called Active Digital Profile (ADPr) to meet these needs.