RE: [provision] What exactly do we mean by provisioning?

["Truitt, Edward D. (OSED)" <OSED@chevrontexaco.com>]

Title: RE: [provision] What exactly do we mean by provisioning?

I don't have a problem with trying to narrow the scope. However, I think we need to think beyond people. For example, I can see other types of objects (e.g. workstations, applications) being "provisioned" (granted access to IT resources & services) in the future, especially if we are using provisioning as a means of managing RBAC. This is a significant point that has been made by several NAC members over the past year - that we should seek to avoid being "person-centric" when defining requirements and designing solutions.

Therefore, I would suggest that Hal's first idea is the "best" choice here. Think of all the types of objects (entries) that we might want to store in directories and manage access to resources and services for (I can certainly accept an IT focus for now, lest we end up in an ocean-boiling exercise), and focus on how to encode the schema for these so that the various provisioning systems and the provisioned (target) systems can easily communicate amongst each other.

If "eProvisioning" isn't owned by somebody, that might be the best term to use. Otherwise, I would prefer something like "IT Services Provisioning" or "ProvisionIT" which the TC could define as it wishes.

-Ed Truitt
-----Original Message-----
From: Hal Lockhart [mailto:hal.lockhart@entegrity.com]
Sent: Tuesday, November 27, 2001 2:51 PM
To: provision@lists.oasis-open.org
Subject: [provision] What exactly do we mean by provisioning?

It is time to be more precise about the charter of this group. In particular I am concerned about the meaning of the unmodified word "Provisioning" which I believe may mean different things to different people.

[snipped for brevity]
The second is broader than the first, but both are much narrower than the meaning above in that they revolve around the concept of "user" and therefore identity. For example, if a web hosting company sets up a virtual server for a new customer, this would be included in the broader meaning, but not the narower one. Thumbing through the materials from the XRPM meeting, it seems to me that most of the people present had in mind the narrower meaning. In particular, Phil called for a standardized way to encode the identity schema.

The ADPr site offers this: "eProvisioning refers to automating the process of systematically providing resources and services, according to business requirements." However all the examples they cite revolve around a person.

So I guess the choice boils do to pretty much two ideas:
1. Eveything you do in responce to an order for service.
2. Everything you do to provide service for a person.
My position is that I don't feel strongly about what scope is chosen as long as it is made explicit. I offer the following observations:

1. We need to limit scope in some way if we hope to accomplish anything.
2. If the scope is limited to "identity-related" considerations, we might want to qualify the term provisioning with an adjective, since there are a large number of organizations that use the term in a broader sense and are likely to misinterpret our use. Possibilities include: User Provisioning, User Service Provisioning, Identity-related Provisioning.

Hal