[provision] IBM Input for OASIS Provisioning Services Scope Discussion

[Karl Gottschalk <karlgott@us.ibm.com>]

Here are some initial thoughts and suggestions from the IBM team on the
approach we should take to defining provisioning standards, as well as the
scope of provisioning.

Proposed Provisioning Services Standardization Approach

We suggest that the Provisioning Services Technical Committee deliver a
standards-based framework for enabling access to and interopability among
disparate provisioning systems that may be based on different standards.
In particular, we would like to see the development of  a set of
implementation-independent horizontal and vertical interfaces to
provisioning systems using web services definitions and XML schemas. An
additional deliverable should be an XML vocabulary that can serve as a
"capsule" for the wide range of standards (XML and non-XML) pertinent to
the provisioning domain.

The TC should where possible rely on the use of existing standards from
OASIS, the W3C, the TeleManagement Forum and other standards bodies to
provide the definition of provisioning domains, and just point to the
appropriate standards in the framework.  The TC will also have to consider
an approach to ensuring compliance with the set of standards it defines and
identifies in the framework.

Scope of Provisioning:  IBM input:
Standards are needed for interoperability of provisioning systems and also
for communication between provisioning systems, users and resources.We
think that the following are some (but by no means all)  of the areas which
standards for horizontal and vertical interoperability should cover:
     Identity of users and resources
     Relationships of users to users, users to resources, and resources to
   resources
     Identity of provisioning system
     Identity of accessing administrator or provisioning system
     Authentication to provisioning system
     Publication and retrieval of users and resources (create, read,
   update, delete)
     Control of users and resources (access, use rights)
     Usage / billing information collection on users and resources


Following is the vision of some folks within IBM of a provisioning services
platform that implies that a wide range of standards is needed between
provisioning systems and other entities, including applications,
subscribers or users of services, and subscriber devices.  Work is going on
in many of the areas described, and the Technical Committee should identify
where we have appropriate standards and where they are still needed.

A service platform needs to support provisioning from the point of view of
a service/application, subscribers and subscriber devices (such as laptops,
PDAs and phones). We want to look at each one of the elements, which
require provisioning, as a managed object which has its own lifecycle.
What does it mean to provision in a Web Services, Telecom Services, Mobile
applications environment?
·    Application/service point of view
o    To be able to hot-deploy a service/application in the system while it
is being executed
o    To publish the characteristics and interfaces of the
service/application in a directory
o    To control the service/application lifecycle ? to deploy, activate,
publish, deactivate, hide, modify, remove
o    To monitor running applications and services in real-time and get
information on their performance, statistics, billing information, etc.
o    To set authorization information and access control lists for the
services/applications if needed
·    Subscriber Device point of view
o    To publish the device information to the system so that the system
will be able to know about the characteristics and interfaces of the
devices
o    To be able to store and send device profile information stored on the
device for future analysis
o    To be able to answer device interrogation requests to the system
o    To receive access to services and applications according to the device
characteristics. In the case multiple versions of applications/services
exist,  select the suitable version based on the device characteristic
which may be based on registered information or interrogated in real-time.
·    Subscriber point of view
o    To be able to dynamically register in the system
o    To be able to publish subscriber profiles and store them in a
directory
o    To be able to discover new services and subscribe to them, using the
preferred interface indicate by the subscriber and the capabilities of his
device
·    Service/Application execution platform point of view
o    To be able to monitor every state change in the life cycle of the
service/application
o    To be able to instrument in a seamless  way the execution state
changes of a service/application
o    To generate instrumentation information so that it will be possible to
log information for data mining, and generate information to enable billing
for the usage of services and applications.

The provisioning platform is responsible for enabling subscribers and
subscriber devices to be dynamically recognized by the system and enable
them to access and subscribe to services and applications. On the other
hand, it enables applications and services to be dynamically discovered by
the subscribers through the system provisioning middleware. New middleware
based on provisioning standards should have the ability to provision
services and applications in a standardised way, allowing them to converge
with  Telco services as well as Web services and applications for  Mobile
devices. It will also dramatically contribute to the evolution of standards
such as UDDI, SyncML, Java Client Provisioning, packaging formats and
device interrogation. It will enrich the service providers with the ability
to manage and provision their services/applications as an entity, rather
than managing the components, which contribute to the service alone.
This is a revolutionary way of thinking comparing to what is used today for
management and provisioning. Unlike existing available systems that
provision devices, processes, servers, applications as closed entities,
each in its own way, the platform based on provisioning standards will
enable the management of elements across multiple horizontal and vertical
levels. In the past, subsystems such as database servers or transaction
monitors, had to develop their own provisioning and management features as
part of their architecture and used their own proprietary ways. In contrast
to the previous approaches, where provisioning and management is connected
to the components which exist in the network or required proprietary
management, in this case the provisioning interfaces and middleware are
defined and created during the development of the service or application,
in a standard way, and will be used during  deployment.





Karl Gottschalk
tie 441-9611
ext. 919-543-9611