The OASIS Provisioning Services Technical Committee uses the following definition of "provisioning":
Goal of SPML
The goal of SPML is to allow organizations to securely and quickly set up user interfaces for Web services and applications, by letting enterprise platforms such as Web portals, application servers, and service centers generate provisioning requests within and across organizations. This can lead to automation of user or system access and entitlement rights to electronic services across diverse IT infrastructures, so that customers are not locked into proprietary solutions.
SPML Functionality
SPML version 2.0 defines the following functionality:
Core functions
listTargets - Enables a requestor to determine the set of targets that a provider makes available for provisioning.
add - The add operation enables a requestor to create a new object on a target.
lookup - The lookup operation enables a requestor to obtain the XML that represents an object on a target.
modify - The modify operation enables a requestor to change an object on a target.
delete - The delete operation enables a requestor to remove an object from a target.
status - The status operation enables a requestor to determine whether an asynchronous operation has completed successfully or has failed or is still executing.
Batch capability
batch - Supports batch execution of requested operations.
Bulk capability
bulkModify - Allows multiple modify requests to be run together.
bulkDelete - Allows multiple delete requests to be run together.
Password capability
setPassword - Enables a requestor to specify a new password for an object.
expirePassword - Marks as invalid the current password for an object.
resetPassword - Enables a requestor to change the password for an object and to obtain that newly generated password value.
validatePassword - Enables a requestor to determine whether a specified value would be valid as the password for a specified object.
Search capability
search - The search operation obtains every object that matches a specified query.
iterate - The iterate operation obtains the next set of objects from the result set that the provider selected for a search operation.
closeIterator - The closeIterator operation tells the provider that the requestor has no further need for the search result that a specific represents.
Suspend capability
suspend - The suspend operation enables a requestor to disable an object.
resume - The resume operation enables a requestor to re-enable an object that has been suspended.
active - The active operation enables a requestor to determine whether a specified object has been suspended.
Updates capability
updates - The updates operation obtains records of changes to objects.
iterate - The iterate operation obtains the next set of objects from the result set that the provider selected for an updates operation.
closeIterator - The closeIterator operation tells the provider that the requestor has no further need for the updates result set that a specific represents.
Custom capabilities
An individual provider can define a custom capability that integrates with SPMLv2.
Features
Provisioning Service Object (PSO)
The key identifier in SPML is a PSO. A Provisioning Service Object, sometimes simply called an object, represents a data entity or an information object on a target. For example, a provider would represent as an object each account that the provider manages. Every object is contained by exactly one target. Each object has a unique identifier.
Profile
SPMLv2 defines two “profiles” in which a requestor and provider may exchange SPML protocol:
XML Schema as defined in the “SPMLv2 XSD Profile” .
DSMLv2 as defined in the “SPMLv2 DSMLv2 Profile” .
A requestor and a provider may exchange SPML protocol in any profile to which they agree. The DSMLv2 Profile may be more convenient for applications that access mainly targets that are LDAP or X500 directory services. The XSD Profile may be more convenient for applications that access mainly targets that are web services.
