Discussion around a new charter
Richard Sand | CEO
239 Kings Highway East | Haddonfield | New Jersey 08033 | USA
Mobile: +1 267 984 3651| Office: +1 856 795 1722| Fax: +1 856 795 1733
From: Richard Sand
Sent: Monday, June 21, 2010 11:02 PM
To: 'Bohren, Jeff'; Dee Schur; Mary McRae; yvonne.wilson@oracle.com;
martin.raepple@sap.com; romanenko@softerra.com; a.chukanov@softerra.com; 'John
Fontana'; Tony.Goulding@ca.com; Gavenraj Sodhi; Daniel A. Perry; Patrick
Harding; jackson.shaw@quest.com; Darren Platt; Mark Diodati;
bblakley@burtongroup.com; Dale Olds; jbohren@caremedic.com.; jbohren@yahoo.com
Cc: laurent.liscia Liscia; James Bryce Clark; Carol Geyer
Subject: RE: SPML3 Charter
Hi Jeff,
Thanks for the feedback!
Regarding number 3, I see your point – these items may be better served under
the last item i.e. as templates for implementations as opposed to part of the
core standard.
For 4 & 5 – yes I noticed
the autonumber problem after I hit send J
For 6, I guess you are talking
about the the Capabilities mechanism? Again a lot of my thinking here may
fall under the category of templates or additional profiles, but what I want to
do is get more specific with operational metadata – especially the metadata
generally needed to enable auditing and compliance measurement.
For 7 – XACML is a tool that can
be used here – for example we could use XACML as a language for defining these
models. Same type of thinking – XACML is a lower-level general purpose language
whereas what I want to accomplish is to put some structure and scaffolding in
place to facilitate the communication of role information between parties.
Keep it coming!
Mary, from a chicken-and-egg standpoint,
do we need to have the charter locked down before (re)convening a committee?
Should the charter be more general? Basically what’s the next step so we can
bring these discussions into an active committee as opposed to being an
informal discussion about possibly forming a committee?
FYI I had John Fontana’s e-mail
address wrong in the previous e-mails, I’ve corrected it in this one.
Best regards,
Richard Sand | CEO
239 Kings Highway East | Haddonfield | New Jersey 08033 | USA
Mobile: +1 267 984 3651| Office: +1 856 795 1722| Fax: +1 856 795 1733
From: Bohren, Jeff [mailto:jbohren@caremedic.com]
Sent: Monday, June 21, 2010 1:07 PM
To: Richard Sand; Dee Schur; Mary McRae; yvonne.wilson@oracle.com;
martin.raepple@sap.com; romanenko@softerra.com; a.chukanov@softerra.com;
John.Fontana@pingidentity.com; Tony.Goulding@ca.com; Gavenraj Sodhi; Daniel A.
Perry; Patrick Harding; jackson.shaw@quest.com; Darren Platt; Mark Diodati;
bblakley@burtongroup.com; Dale Olds; jbohren@caremedic.com.; jbohren@yahoo.com
Cc: laurent.liscia Liscia; James Bryce Clark; Carol Geyer
Subject: RE: SPML3 Charter
Richard,
I just back from PTO (with out cell phone or internet access).
After looking over the proposed charter I have some comments/questions:
- I don’t think
item 3 is appropriate. There is nothing in SPML today that would preclude
multi-tenancy as far as I know. As for delegation, registration, and
identification, these seem to be specific to a specific business model and
I can’t see a standard dictating these features.
- I think you
meant items 4 and 5 to be one item (damned auto numbering).
- I don’t see what
you are getting at for item 6. SPML already has a metadata mechanism that
should be sufficient for those purposes. Or are you suggesting a
replacement of the metadata mechanism?
- What’s the
difference between item 7 and XACML?
From: Richard Sand
[mailto:Richard.Sand@skyworthttg.com]
Sent: Thursday, June 17, 2010 1:58 PM
To: Dee Schur; Mary McRae; yvonne.wilson@oracle.com;
martin.raepple@sap.com; romanenko@softerra.com; a.chukanov@softerra.com;
John.Fontana@pingidentity.com; Tony.Goulding@ca.com; Gavenraj Sodhi; Daniel A.
Perry; Patrick Harding; jackson.shaw@quest.com; Darren Platt; Mark Diodati;
bblakley@burtongroup.com; Dale Olds; jbohren@caremedic.com.
Cc: laurent.liscia Liscia; James Bryce Clark; Carol Geyer
Subject: RE: SPML3 Charter
Hi all- does anyone have any
feedback on the draft charter?
Richard Sand | CEO
239 Kings Highway East | Haddonfield | New Jersey 08033 | USA
Mobile: +1 267 984 3651| Office: +1 856 795 1722| Fax: +1 856 795 1733
From: Richard Sand
Sent: Thursday, June 10, 2010 1:04 AM
To: 'Dee Schur'; 'Mary McRae'; 'yvonne.wilson@oracle.com';
'martin.raepple@sap.com'; 'romanenko@softerra.com'; 'a.chukanov@softerra.com';
'John.Fontana@pingidentity.com'; 'Tony.Goulding@ca.com'; Gavenraj Sodhi; Daniel
A. Perry; 'Patrick Harding'; 'jackson.shaw@quest.com'; 'Darren Platt'; 'Mark
Diodati'; 'bblakley@burtongroup.com'; 'Dale Olds'; 'jbohren@caremedic.com.'
Cc: 'laurent.liscia Liscia'; 'James Bryce Clark'; 'Carol Geyer'
Subject: SPML3 Charter
Hi all,
I’ve
written here my draft proposal for an SPML 3 charter. It basically hints at the
shortfallings of SPML 2 and gives general guidelines from a methodology
standpoint how we plan to address those shortfalls, and then gives some details
on the various additions we’d like to see added to the specification to give it
more relevance, solve real problems, and provide ease of deployment.
This is not
an official document by any stretch so feel free to flame / roast / etc. as you
see fit!
SPML 3.0 Charter
The purpose of the OASIS Provisioning Services
Technical Committee (PSTC) is to define an XML-based framework for exchanging
user, resource, and service provisioning event information. The Technical
Committee will develop an end-to-end, open provisioning specification designed
to handle cases both within an organization and federated cases, such as those
encountered in B2B and service-based environments.
The previous version of SPML ,
version 2.0, provided the basic semantics for expressing atomic provisioning
operations and for batching multiple operations into single requests. SPML 3.0
will include all of this functionality, and will build upon it to provide
higher level complex operations required by identity management systems for
managing the full lifecycle of user identities both within the enterprise and
between enterprises. It will also put forth simple yet extensible standard
templates for identity schema, role models, and organizational design for
easing adoption of SPML 3.0 implementations. The focus will be on providing
breadth of functionality but in a simple and straightforward fashion for the
majority of cases.
Some of the focus areas of SPML
3.0 will be:
1.
Solving more business provisioning problems - such as
bidirectional account flow and synchronization – which are even more prevalent
in B2B or service provider scenarios
2.
Adding higher level IDM tasks, such as: an employee moving
between departments, various forgotten password reset and recovery tasks,
temporary delegation of rights, other self service requests such as for
additional roles or access rights
3.
Adding support for common service provider models (such as
multi-tenancy, delegation, registration and identification of organizations)
4.
Defining multiple standard schema that can be used and extended
upon for various use cases. Some examples for these standard schema could be
based
5.
upon LDAP InetOrgPerson, Active Directory User, industry specific
schema for education, healthcare, government, retail.
6.
Defining provisioning metadata for all operations that can be
used for workflow, automation, audit & compliance purposes
7.
Defining one or more flexible, extensible role model(s) to serve
common role-based access control use case
8.
Creating an extensible set of templates which can be used to
accelerate implementations for the common cases, and can be easily extended or
even replaced as needed. Templates would include a bit of all of the facets of
SPML, e.g. standard schema, supported operations, metadata definition, role and
org structure, so that these can be selected as a starting point for the whole
provisioning rollout for an organization and extended from there
Richard Sand | CEO
239 Kings Highway East | Haddonfield | New Jersey 08033 | USA
Mobile: +1 267 984 3651| Office: +1 856 795 1722| Fax: +1 856 795 1733