OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

provision message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [provision] Scope of SPML -- Identities and Resources

Title: Message
My comments, below.

Edward D. (Ed) Truitt
Systems Analyst, Directory Services
Global Infrastructure Delivery / Global IT Delivery
ChevronTexaco  Information Technology Company
+1 281.596-3246 Fax# +1 281.596-2714
Cell phone / Pager #
+1 832.443-7283

"Got IT?"

-----Original Message-----
From: Ranthidevan, Anand [mailto:aranthidevan@jamcracker.com]
Sent: Thursday, December 06, 2001 4:13 PM
To: provision@lists.oasis-open.org
Subject: [provision] Scope of SPML -- Identities and Resources

[snip for brevity] 

IDENTITIES: As *who* requires to be added, modified, or deleted. This shouldn't be limited to just Users, as that's too narrow. The main ones we've come across and have implemented (albeit without the benefit of a standard) are:


[Truitt, Edward D. sez] While this is a good list, I still feel strongly that we need to include other inanimate IT entities in the list - like PC and server systems, switches, routers, PBXes, applications...  The reason is that, while may of us think of these as "resources" or "services" to be provisioned, in a real sense they can take on the role of "provisionee" - for example, you could use a provisioning system to connect an application to a middleware bus (e.g. TIBCO), or to "provision" a certain level of network service (QoS) to a web server, or to "provision" a PC to the Active Directory (create/manage its computer account).  This could allow us to extend RBAC into places we are just beginning to think of (example:  I may want to prohibit any system from running the IIS service, unless it is in a role that requires it, and unless the primary user for that system understands this and is aware of the risks involved.  So, I define what "roles" a machine must occupy in order to be authorized to start the IIS service, and "provision" the machine to that service via a provisioning flow - for example, placing the machine into a specific group, or OU within the directory.) 

 [More snippage for brevity]

 To make this more concrete, I can go ahead and put together some general business scenarios and use cases.  Would that work for everyone?  Should I post them to this list?  

[Truitt, Edward D. (OSED) sez] Works for me! 


[Anand Ranthidevan]
Product Manager - Jamcracker Platform

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC