Talking SPML

Oddly enough the New Year has seen a spate of SPML discussions. James McGovern gets the whole thing kicked off here. Jackson Shaw adds his thoughts here, and makes the point that SaaS really needs federation and provisioning to work well.

Mark Diodotti (who has been following SPML for a long time) has some interesting thoughts about it here. Mark points out that SPML lacks built in authn and authz capabilities. This was an intentional design decision in both SPML 1.0 and 2.0 as it was felt at the time that authn and authz should be part of the web services infrastructure, not the provisioning standard. In retrospect that decision put too much faith in how well authn and authz standards would be adopted. This also points out the unique position that identity web services are in. They must be secured yet they must drive the security as well. It’s a real chicken-egg dilemma. Or to use the WSDM nomenclature, a real MUWS-MOWS dilemma.

Ian Glazer (a former colleague of mine at Access360 and who also served with me on the PSTC) wants to stop talking about federated provisioning. Ian makes the point that federated provisioning is not really any different than enterprise provisioning. Ian is correct in that they are basically the same, although there are some subtle differences in how they play out in deployment.

I really hope that these discussions lead to some real movement around leveraging SPML to enable SaaS services. I am always up for an SPML conversion. If you want to discuss SPML (or identity or change management), my work email is my first initial and last name at sunviewsoftware.com and my personal email is the same at yahoo.com.

Advertisements

2 responses to “Talking SPML

  1. Hi Jeff,

    Great blog entry! It’s not clear from my blog entry (http://identityblog.burtongroup.com/bgidps/2009/01/new-years-resolution-lets-talk-more-about-spml.html) that I believe that authorization and authentication should be externalized. No sense in re-inventing the wheel. It is clear in the SPML document Burton Group published. Thanks once again for the great insight about SPML!

  2. Mark,

    Since I no longer work for a company that is a client of the Burton Group, I can’t access things like your SPML document.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s