Service Provisioning Markup Language (SPML) v2.0 Ratified as OASIS Standard

BEA Systems, BMC Software, Capgemini, CA, Hewlett-Packard, IBM, Microsoft, Oracle, RSA Security, SAP, SOA Software, Sun Microsystems, and Others Develop OASIS Standard for Exchanging User, Resource, and Service Provisioning Information

Boston, MA, USA; 11 April 2006 – The OASIS international standards consortium today announced that its members have approved the Service Provisioning Markup Language (SPML) version 2.0 as an OASIS Standard, a status that signifies the highest level of ratification. SPML provides an XML-based framework for managing the allocation of system resources within and between organizations. Encompassing the entire life-cycle management of resources, SPML defines the provisioning of digital services such as user accounts and access privileges on systems, networks and applications, as well as non-digital or physical resources such as cell phones and credit cards.

“One of the hardest parts of provisioning is interoperability,” noted analyst, Mark Diodati of Burton Group’s Identity and Privacy Strategies. “SPML provides a standards-based approach, and version 2.0 adds important functionality that is required for robust provisioning services.”

“SPML v2.0 will further facilitate the seamless application of identity management solutions to the day-to-day challenges of provisioning and de-provisioning business services,” said Gavenraj Sodhi of CA, co-chair of the OASIS Provisioning Services Technical Committee. “The result will be more efficient IT administration, improved security, and easier extension of services beyond organizational boundaries.”

“SPML 2.0 provides a service-oriented identity protocol that goes far beyond just enterprise provisioning while enabling customers to spend less time connecting systems and applications, and more time focusing on the technology issues and implementations most important to their business needs and services,” said Jeff Bohren, of BMC Software, co-chair of the OASIS Provisioning Services Technical Committee.

The SPML v2.0 OASIS Standard offers enhanced functionality as well as a new profile that lets users and other objects be manipulated more easily. Additional features include improved password management, user suspension capabilities, and user attribute schema discovery.

“SPML was developed alongside other key security specifications, including the Security Assertion Markup Language (SAML) and WS-Security, both of which are also OASIS Standards,” noted Patrick Gannon, president and CEO of OASIS. “Our security committees work together to exploit the benefits of reuse and coordination to the greatest extent possible. We congratulate the members of the OASIS Provisioning Services Technical Committee for this outstanding achievement.”

The OASIS Provisioning Services Technical Committee remains open to new participation. All interested parties are encouraged to exchange information on implementing SPML via the spml-dev mailing list. As with all Consortium projects, archives of the OASIS Provisioning Services Technical Committee’s work are accessible to both members and non-members, and OASIS hosts an open mail list for public comment on the standard.

Support for the SPML OASIS Standard

BMC Software “BMC Software is pleased with the approval of SPML 2.0 as an OASIS Standard,” said Doron Cohen, CTO, Identity Management Business Unit, BMC Software. “BMC is committed to working with organizations like OASIS to create and promote the influence of standards in the market that help customers effectively and efficiently build an identity-aware business.”

CA “CA is excited to be co-authors of the SPML 2.0 specification. Its ratification as an OASIS Standard is a significant milestone for security management standards and is inline with the maturity of Identity Management solution requirements,” said Gavenraj Sodhi, director of product management for security management at CA and co-chair of the OASIS Provisioning Services Technical Committee. “We look forward to continued adoption of identity management standards, with the goal of encouraging interoperability and thus promoting more efficient processes for implementing Identity Management Solutions.”

Oracle “Oracle is deeply committed to helping bring security standards to the market and building support for these standards into our family of identity management products,” said Prateek Mishra, director, Security Standards, Oracle. “As a member of the OASIS Provisioning Services Technical Committee, we are pleased that the standard has been finalized, and we look forward to helping accelerate its adoption throughout the industry and across our customer base.”

Additional Information

OASIS Provisioning Services Technical Committee

About OASIS:
OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL, CAP, DITA, DocBook, DSML, ebXML CPPA, ebXML Messaging, ebXML Registry, EML, OpenDocument, SAML, SPML, UBL, UDDI, WSDM, WS-Reliability, WSRP, WS-Security, XACML, XCBF, and XML Catalogs. http://www.oasis-open.org

Press contact: Carol Geyer Director of Communications, OASIS carol.geyer@oasis-open.org +1.978.667.5115 x209