Web services ID management touted

Web services identity management from OASIS (Organization for the Advancement of Structured Information Standards) will be showcased at the Catalyst Conference in San Francisco in July, OASIS said on Thursday.

The first public demonstration of the OASIS Service Provisioning Markup Language Specification (SPML) Version 1.0 will be held on July 9, according to the organization. SPML is an XML-based framework for exchanging and administering user access rights and resource information across heterogeneous environments. Ten OASIS members will show the stability of the specification and demonstrate interoperability between SPML-conformant products, according to OASIS.

The specification provides a mechanism for exchanging information between provisioning service points on the Internet, OASIS said. It is designed to work with SOAP, SAML (Security Assertion Markup Language), and the OASIS WS-Security specification.

Among vendors endorsing the specification are BMC Software, Business Layers, Entrust, OpenNetwork, PeopleSoft, Sun Microsystems, Waveset, Thor Technologies, and TruLogica, according to OASIS.

SPML currently is undergoing public review in the OASIS process for consideration of standards.

An analyst in an e-mail response to questions stressed the importance of identity management but added that SPML could overlap with other specifications.

"SPML adds to the identity management capabilities by providing a standard way in which access to these critical infrastructure resources can be granted or denied," said analyst Ronald Schmelzer of ZapThink in Waltham, Mass. "This means that companies can build applications that have strict identity and security policies without having to do so in a proprietary and noninteroperable manner."

"While SPML has more to do with provisioning physical access to specific resources, there is definitely potential for overlap or at least complementary offering to the WS-Security and WS-Policy specifications," Schmelzer said.