Blogger: Mark Diodati
Two weeks ago, Burton Group published a blog post on the viability
of using SPML
to build viable, interoperable provisioning services. Many thanks to those
who have contributed to the discussion. In particular, Jeff
Kaushik, and Jackson
Shaw shared some sound insights about SPML. I have great respect for these
gentlemen. If you are interested in the topic, I recommend that you read their
blog posts. I’d like to comment on several topics from these blog posts. First,
a thought from Nishant:
“Is SPML on
life support? Not quite, judging from all the RFP requests that still ask for
it to be supported.”
The assertion—that customers are asking for SPML in their RFPs—is true. The conclusion—that SPML is not on life support—is incorrect. Our position is based upon speaking to many organizations with deployed provisioning systems, as well as organizations that are considering the purchase of a provisioning product. For many customers, standards support is a “checklist” item. For other customers, leveraging SPML to build provisioning services is a long-term goal. Provisioning RFPs which specify SPML support is expected. But very few organizations have created provisioning services based upon SPML. The request for SPML support is based upon a key assumption—
SPML can be used to build viable provisioning services with
interoperability among the components. As we discussed in our blog
post, that just ain’t so.
A second thought from Nishant’s blog post:
“I believe Oracle (led by folks like Prateek Mishra) will be looking to take some leadership in the evolution of the standard. Let’s see if we can turn things around.”
This is good news. For SPML to become viable, it will require a benefactor to lead the process of improving the standard. It will also require that the vendor community work together. Oracle’s position in the identity management market means that it has the muscle to lead this effort, if it sincerely commits to it.
From Jackson Shaw’s blog:
“My experience so far with SPML has been good. Quest Software supports SPML V2 in our ActiveRoles Server product. We have a number of customers who have used Sun’s Identity Manager to provision and manage Active Directory, Exchange and SharePoint by via ARS and its SPML provider. When SPML works it really works and the benefit is quite clear to the customer.”
Quest is to be applauded for building one of the few commercial SPML provisioning service points. Last month, we spoke to a leader of the Quest Active Roles Server development team. The conversation focused specifically on interoperability between ARS and the different provisioning products via SPML. To accommodate the different vendor implementations, Quest must customize the ARS SPML interface for each provisioning product. The customization includes using different operations supported by each provisioning vendor. A future reference implementation for SPML v2 (that is, Core operations and optional Capabilities) would help facilitate interoperability between provisioning components.
The recent show of vendor interest in SPML v2 is a great sign. Let's hope it leads to real work to improve the standard in the coming months.