Press Release

OASIS Members Demonstrate Support for New Provisioning Identity Management Solution for Web Services

BMC Software, Business Layers, Entrust, OpenNetwork, PeopleSoft, Sun Microsystems, Waveset, Thor Technologies, TruLogica, and Others Showcase Specification for Exchanging Information Between Provisioning Service Points on the Internet

Boston, MA, USA; 26 June 2003 — The first public demonstration of the OASIS Service Provisioning Markup Language Specification (SPML) v1.0 will be held on 9 July 2003 at the Catalyst Conference in San Francisco. SPML is an XML-based framework for exchanging and administering user access rights and resource information across heterogeneous environments. Ten members of the OASIS standards consortium will come together at Catalyst to prove the stability of the new specification and demonstrate interoperability between SPML-conformant security software products.

"SPML is the product of an open collaboration process involving identity management vendors committed to the creation of a standard that any application or software product could use to request provisioning services," said Phil Schacter vice president and director, directory and security strategies, Burton Group. "The effort and commitment by these vendors to create SPML demonstrates their recognition of the key role standards play in enabling the virtual enterprise. Provisioning is clearly becoming a key component in the identity management infrastructure for many companies."

SPML lets organizations automate, centralize, and manage the process of provisioning user access to internal and external corporate systems and data. SPML has been designed to work with the World Wide Web Consortium’s SOAP, the OASIS Standard SAML, the OASIS WS-Security specification, and other open standards that allow companies to securely leverage Web services.

"SPML allows cooperating elements of an Identity Management infrastructure to securely exchange provisioning and service subscription requests using an open standards-based protocol," explained Darran Rolls of Waveset, chair of the OASIS Provisioning Services Technical Committee. "This demonstration highlights interoperability between the industry’s leading provisioning and identity management vendors, based on our committee’s specification. As infrastructure becomes more identity-centric and companies start to model and deploy Web services, SPML will be a critical element of an end-to-end standards-based identity management strategy."

"We are very pleased with the work surrounding the development of the SPML specification," said Gavenraj Sodhi of Business Layers, secretary for the OASIS Provisioning Services Technical Committee. "This is a collective effort by industry leaders to take an administrative burden off the customer by creating an open standard that will be applied to Web services strategies moving forward." Sodhi will make an SPML presentation at the Catalyst Conference.

"Clearly, security is essential for the proliferation of Web services. That’s why it’s so significant that these SPML developers are proving interoperability on a major scale, in a public forum," said Karl Best, vice president of OASIS. "The demonstration is a milestone in the development and recognition of SPML 1.0 as an crucial security layer in the Web services stack."

The SPML specification is currently in a public review period which occurs prior to being submitted to the OASIS membership at-large for consideration as an OASIS Standard. SPML is one of several security standards being developed at OASIS. Other standards and specifications include WS-Security for high-level security services, XACML for access control, XCBF for describing biometrics data, and SAML for exchanging authentication and authorization information.

Industry Leaders Support SPML

BMC Software: "BMC Software is proud to be a member of the OASIS SPML Interoperability Demonstration. As the identity management market emerges, addressing the need for integration and interoperability of disparate access control components and business applications becomes a top priority of our customers’ identity management strategy. Provisioning systems can now use a standard language to exchange identity information with business applications and service providers to achieve automated provisioning of users and services. SPML adds a much needed dimension to the open and secure identity management solution market," said Doron Cohen, Chief Architect, Security Business Unit, BMC Software.

Business Layers: "Business Layers is proud to be part of the process in ratifying the SPML specification. This is an important achievement for both customers and vendors that support them. We look forward to continuing our investment and active involvement with OASIS through our commitment to open standards for Identity Management and Provisioning," said Adrian Viego, chief technology officer for Business Layers.

Entrust: "SPML represents a significant step forward in the industry’s collective efforts to help governments and businesses manage user identities across a broad range of applications in a cost-effective and timely manner. As a strong advocate of open standards, Entrust is proud to have played an active role in SPML’s development to date, and we look forward to demonstrating our ongoing commitment to this important specification at the upcoming OASIS SPML Interoperability Demonstration," said Tim Moses, director of advanced security technology at Entrust.

OpenNetwork: "As technologists and active participants in OASIS, we are committed to delivering standards-based solutions that meet our customers’ challenges of securely managing identities across complex enterprises. We are excited about the benefits of the new SPML specification and are pleased to team with our partners and deliver the first prototype of its kind to the market," said Bob Worner, vice president of product engineering at OpenNetwork.

Waveset: "More and more Waveset customers are adopting Web services as a way to build and expand business opportunities. By providing open, SPML-enabled identity management solutions, we can help them protect and maximize current enterprise investments, while also leveraging the latest, most innovative technologies for continued competitive advantage. We are proud of our contribution to OASIS, which underscores a continued commitment to industry standards in the development and deployment of award-winning products," said Kevin Cunningham, vice president of marketing at Waveset.

About OASIS (

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 2,000 participants representing over 600 organizations and individual members in 100 countries.

Press inquiries:

Carol Geyer OASIS Director of Communications +1.941.284.0403