SPML Dev Toolkit Open for Free Download

This week, developers can download a free, Open Source toolkit for SPML -- as OASIS nears full adoption of the SPML 1.0 standard, which uses XML to help ensure cross-platform interoperability for identity and access-control technologies. Take a test drive of the latest tools for helping devs build secure end-to-end web services.

Tags: SPML, Provisioning, Toolkit, Open Source, Standard, Resources, Enterprise,

The first developer toolkit for working with Service Provisioning Markup Language is now available as a free, Open Source download. The kit becomes available on the eve of OASIS' formal adoption of its first SPML standard (SPML 1.0), an XML-based approach designed to help devs expedite the cross-platform provisioning of secure web services.

The SPML toolkit was developed and made available by Waveset Technologies, a provider of identity-management software and member of the OASIS SPML working group. The toolkit is designed to speed practical adoption of SPML by enterprise devs by masking many SPML complexities behind an easy-to-use GUI.

SPML-complaint platforms and software aim for automation of human and/or machine access and access rights to data and application services across different IT infrastructures. SPML 1.0 proposes to enable organizations to automate, centralize and manage the process of provisioning user access to internal and external corporate systems and data. SPML was designed to work with the W3C's recently ratified SOAP 1.2 and the OASIS SAML and WS-Security specifications.

Why SPML Helps Devs Build an "Interoperable Infrastructure"
SPML 1.0 is slated to be adopted as a full OASIS standard in October, sources told IDN. Co-sponsors include major web services infrastructure firms BMC IBM, BEA, Microsoft, Computer Associates and Entrust, as well as smaller, specialized firms, including Waveset Technologies, OpenNetwork Technologies and Business Layers.
The SP (Service Provisioning) portion of SPML 1.0 goes beyond the initial "contingency" of providing resources to encompass the entire lifecycle management of these resources. This includes the provisioning of digital services such as user accounts and access privileges on systems, networks and applications, as well as the provisioning of non-digital or "physical" resources such as cell phones and credit cards.
SPML backers cite several key benefits for speeding deployment and management of interoperable web services security between enterprises. Among them, they note SPML-compliant applications or services will:
  • Validate access to resources and services;
  • Provide full end-to-end audit trail processes providing consolidated reporting;
  • Enable the inclusion of "two-factor authentication" methods for security; and
  • Ease administration of access to back-end resources/services.

In addition to these capabilities, SPML concedes that interoperability with other standards, such as WS-Security and SAML, is also key.

Their goals include ensuring that SPML components interoperate with SAML request and response. The bridging of the two would enable:
  • Delegated administration of digital resources to the extended enterprise (e.g., access to back-end resources for supply chain users);
  • Exchange of provisioning requests between users; and
  • Exchange of provisioning request and response between organizations.

Inside Waveset's SPML Open Source Tool
Waveset's SPML toolkit Toolkit v1.0) is designed to reduces the time and SPML expertise devs will need. for SPML message generation and analysis. The SPML toolkit is currently available in Java, with delivery of a Microsoft .NET-compliant version expected later this year. The Waveset SPML toolkit is publicly .available for download at no cost at the Open SPML website.

The toolkit offers a unique browser capability that scans SPML-enabled provisioning systems to provide a graphical view of services offered -- much like a standard Web services UDDI browser -- as well as to generate and debug test requests.

In specific, Waveset's tool helps organizations extend secure user access privileges and profile information to dynamic user populations, particularly in Web services environments, by providing devs support for configuring, issuing and interpreting SPML-compliant provisioning requests across multiple identity infrastructures (both standards-based and vendor-specific).

The Burton Group's vice president of directory and security strategies, Phil Schacter, said that such free, Open Source tools will help seed SPML use among end users and vendors. In a statement, Schacter said, "The availability of an open source implementation of SPML is a critical step in gaining broad industry adoption of this important emerging standard. Standards play a key role in an enterprise identity management architecture by solving difficult integration and interoperability… Waveset's release of its open SPML toolkit will make it easier for both commercial application software providers and enterprise application developers to take advantage of SPML."