Security standards always fascinated me and by no wonder the one for Cloud computing. Though I believe the future computing is through cloud, a bit of skeptic on their security mechanisms in place. The significance of a standard way of provisioning is the first and foremost security measure that delights a cloud user especially in corporate sector. Security Provisioning Markup Language, a standard derived by OASIS, is for exchanging user information, resource information, and service provisioning information in systems. This is my first hand feelings on the usage of SMPL in cloud though not an expert opinion.
Let me start by asking the question: What is provisioning?
As per the OASIS Provisioning Service Technical committee, provisioning is the automation of all the steps required to manage (setup, amend and revoke) user or system access entitlements or data relative to electronically published services. Before we get into the details of provisioning let us take a scenario of an employee joining a company. In most of the modern enterprises he or she will be greeted with a set of docos and followed by a pc or laptop. Now the hard work of HR starts to setup the working environment for the employee. It starts with getting the credentials and mail account. Apart from that based on the role he may need access to various business applications in the enterprise. The earlier the better!
So now our HR executive is busy in a series of calls accompanied by emails to the IT admin saying that we have a new joiner and need to set up accounts and get him the pc. IT Service requires a set of details like last name, SSN etc to create the account and add it. Arguably in some of the big enterprises this may be automated as part of a workflow process. This is sufficient in case of an in-house IT set up. But let us consider an enterprise with services spread across cloud. Each service may be hosted by different cloud provider. This makes the situation of our HR reps really complex. He needs to ensure that all are well. The situation is more catastrophic in the case if an employee resigns. It is really important that this user needs to de-provision (Who know there is a word deprovision!) the next minute he left the organisation otherwise the organisations assets could be in danger. So we need a standard based automatic provisioning system in place where we need to live in a heterogeneous IT eco system. Here comes the importance of SPML. It provides standards for securely communicate provisioning details between various applications/services.
In SPML theory a provisioning system contains three essential components: a Requesting Authority (RA), a Provisioning Service Provider (PSP), and a Provisioning Service Target (PST).
Requesting Authority (RA): In a typical provisioning system the RA is the client. Well-formed SPML documents are created by the RA and are sent to the SPML service point. These requests describe an operation to be performed at the PSP end.
Provisioning Service Point (PSP): A component that listens and processes well-formed SPML documents is called a Provisioning Service Point.
Provisioning Service Target (PST): The Target is basically actual software or an application on which action is taken.
Though the standard SPML was there a few years back (So laszy to check the exact year!), the importance is augmented by the dawn of Cloud computing.
Posts
