Download pdf - User provisioning with SPML

1. IntroductionDuring the last half of the decade, the

economy has been going through a cyclic

process: businesses have been encouraged to

cut spending, encouraging layoffs of all

numbers; mergers and acquisitions of great

proportions have been occurring; and

employee disatisfaction leading to

sometimes corporate negligence, espionage,

and identity fraud has occurred.

Corporations have learned that to succeed

in this type of environment, they must be

versatile, lean, and economically diligent.

This often does not sit well with their

employees, as often is the case that they

must go through lay off procedures.

Another major initiative in curving the

spending has been to develop and further

enhance business practices.

All the concepts I have just talked about

have one common theme: managing

identities and securely provisioning and de-

provisioning identities effectively, to

resources inside and outside of your

organisation. This may sound easy, but

with new technologies come hurdles of

developing and incorporating business

practices, privacy policies, corporate goals,

because often technologies are immature

and these technologies may have raised

visibility with management, especially with

the great cost of purchasing and

implementing. I thought it may be

interesting to talk about where the

technology has gone and how standards,

like Service Provisioning Mark-up

Language (SPML) are being developed to

ensure the longevity of the technologies a

company has invested in would sustain

their investments they have made.

Investments have been great that

companies are determined to ensure the

technologies facilitate efficiency with their

organisations but provisioning is a difficult

tool to implement from a business process

point of view and from a deployment

point of view.

Throughout this paper, I will be

discussing about the concept of identities,

defining provisioning and how SPML,

Service Provisioning Mark-up Language,

can make a difference, especially as

businesses mature. During the stage of

defining the technologies that are being

developed to make provisioning an easier

solution to deploy and manage,

understanding the concept of identities,

how provisioning came about and why

technologies like SPML are important is

essential to make provisioning customer

deployments successful. I will start off by

defining what is an identity, why they need

to be managed then moving into the

technology of provisioning, providing a

business scenario, and explaining why

SPML is such an important technology

within all the XML standards there are.

1.1. What are identities?

Users’ identities are pieces of information

that identify your association of existence

at work, at home, with your friends, on the

phone, on the Internet, everywhere. In the

scope of this paper, identities are really at

the core of your business. To allow users to

utilize and benefit from the many

applications and services offered today,

organisations of all types assign identifiers,

or unique codes, to individuals in order to

represent their uniqueness to the

organisation, and easily map to applications

and services. Individuals may take on

multiple roles, throughout their lifetime

with their employer, by using these

identifiers as their digital identities when

they move through the organisational

structure. These identifiers may morph as

they adapt from business to business or

supplier to manufacturer but the uniqueness

maps back to the original identifier.

Identities are required for all users,

including employees, business partners and

customers. As online operations become the

standard of today’s business model, identity

is also becoming a key asset to all levels of

business operations.

86 1363-4127/04/© 2004, Elsevier Ltd

User provisioning with SPMLGavenraj Sodhi

Computer Associates,

Irvine, California, 92694,

USA

Gavenraj Sodhi is Product

Manager eTrust at Computer

Associates International, Inc.

(CA). In this role, Gavenraj is

responsible for defining and

evangelizing the product and

marketing strategy for the

eTrust Admin product line

and contributes to the overall

Identity and Access

Management security

solution strategy within CA’s

eTrust brand unit. Gavenraj

is co-founder and current

secretary of the Provisioning

Services Technical

Committee (PSTC), creators

of the Service Provisioning

Mark-up Language (SPML)

Standard, and chairs the

Mobile & Directory

Challenge as well as serving

on a number of industry

consortia groups including

the Identity Management

Steering Committee within

the Open Group.

Gavenraj holds a degree in

Chemical Engineering from

Illinois Institute of

Technology with a Masters in

Business Administration from

the University of Phoenix.

Previously, Gavenraj served

in a variety of positions in

the Provisioning and Identity

& Access Management space

for a number of years at

Business Layers

(Netegrity) and Access360

(IBM).

1.2. The management of identitiesfor provisioning

Multiple, parallel approaches to managing

identities have often appeared – even within

a single company. However, identities

cannot be securely and cost-effectively

managed in silos. A consistent, efficient and

secure method is needed to manage

identities both internally and externally.

Managing identities and identifiers across

this complex landscape is now a core

organisational survival skill that requires

consistent, cost-effective administration and

enforcement of access privileges with end-

to-end auditing of all identity-related

activity.

The proliferation of identities has also

increased the need to manage access to

business assets. An organisation’s success

depends on the integrity, confidentiality and

privacy of its information and processes

with the ability to audit governance,

compliance and use. Because today’s

business systems are all too accessible,

organisations need fine-grained, policy-

based protection to protect their mission-

critical data and services.

2. Business and technologytrendsOrganisations want to leverage the 24/7

availability of the Web to provide their

customers with access to information. In

many cases, this also includes the ability to

place orders, track shipments and delivery

dates, ask questions and contact customer

service representatives. However, we are also

living in a time concerned with identity

theft and security of personal data as well

as financial and other business confidential

data. Additional concerns are posed by

super users, who can gain unrestricted

access to virtually all of your files and

commands – regardless of their permissions

– and ‘ghost’ users – where some access

points are not revoked after an employee

leaves a company. Today, organisations need

to provide auditable proof that only

appropriate access is granted to critical

data.

2.1. Dimensions of identity andaccess management

Organisations need to manage relationships

with multiple and distinct populations of

‘identities.’ These may include employees,

customers and business partners. Every type

of population requires identity and access

management, but has its own unique

requirements:

• Employee populations need a

traditional, inward-facing security

management solution that focuses on

users’ access to physical resources and IT

systems, and protects internal systems. In

addition, it must reduce costs and

improve auditing while supporting tens

or hundreds of thousands of users. Key

to its success is the integration of the

solution itself, as well as with business

processes.

• Customer populations need an

outward-facing security management

solution that enables provisioning of

secure web access to customer services.

From the business perspective, its focus is

on customer acquisition and enabling

new customer services. From the

customer’s perspective, its focus is on

ease of use, and providing confidentiality

of personal data and transactions.

Additionally, this solution must be

scalable to supports tens of millions of

customers.

• Business-oriented identity and access

management, also known as B2B

(business to business), is focused on

cross-organisational transactions. It

depends upon legal frameworks, which

allow transactions to securely occur

between independent entities. It supplies

a secure Web services infrastructure to

address the issues associated with

User Provisioning with SPMLGavenraj Sodhi

Information Security Technical Report. Vol. 9, No. 1 87

cross-company authorization and

provides implementations of applicable

standards, including: Universal

Description, Discovery and Integration

(UDDI), Security Assertion Mark-up

Language (SAML), Service Provisioning

Mark-up Language (SPML) and Public

Key Infrastructure (PKI).

3. What is Provisioning andhow it is becoming thecenterstage in identitymanagement?The automation of business-oriented

workflow of systems, resources, services,

and devices to employees, partners,

contractors, suppliers, and temporary

workers is defined as Provisioning.

Provisioning of user objects, monitoring of

all activities, reporting of all transactions,

and de-provisioning of user objects is a

fundamental concept of user lifecycle

management and how your business

operates day to day.

Employees, contractors, temporary

workers, partners, and suppliers are all

granted access to a wide range of corporate

assets, from office building access to

accessing of computer systems, files,

directories, databases, mail systems, and

financial systems. In addition, they may be

assigned laptops, calling cards and

corporate credit cards. Provisioning is no

longer limited to IT practices.

Organisations need to manage the digital

identity across entire organisations,

provisioning all IT systems, Web services,

devices and entrance badges and securing

access to files, directories and databases

while monitoring of all these activities with

an end-to-end audit. Where Provisioning

differentiates from standard manual

business practices is that when employees,

contractors, temporary workers, partners,

Identity Management

88 Information Security Technical Report. Vol. 9, No. 1

Typical Enterprise Provisioning Architecture

and suppliers are terminated, access rights

to all systems, devices, files, etc are all

terminated. In effect, this helps reduce the

probability of any former employee,

contractor, and other affiliates from

illegally using corporate assets.

The idea of provisioning evolved in the

late 1990’s, from the economic troubles

that slowly evolved and as corporate

America needed to become more lean and

efficient. Provisioning started out, as is

often the case, as being just a manual

process within one’s organisation when a

new company joined an organisation,

moved from one position to another, left or

was terminated from their position. The

manager of the employee would generally

fill out an employee form or request,

providing the form to Human Resources,

and kicking off a number of tasks (all

manual and heavily paper driven) of

purchasing a computer for that employee,

to allocating accounts for that user, and/or

the assignment of physical security devices

to them. Essentially these provisioning

activities took days or even weeks to

complete, inefficiency at its best.

Provisioning encapsulates the art of

applying workflow and business

automation, derived from how businesses

operate deep from their business logic and

how they operate at the individual business

unit level and at grand scales, how they

operate with their partners and suppliers.

Thanks to the Internet, business

relationships have become worldwide

virtually, conceptually conceived via the

generation of the computer. Business is no

long within one’s enterprise but now the

relationships are being mapped out to cross-

domain of federated models and exiting the

closed corporate boundaries. Within this

comes new challenges and even greater

importance of open standards.



Example of a Provisioning Process: Provisioning Work Flow for a New User joining the company for his First Day at Work.

A feed process or some sort of identity

processing system will notify the

provisioning system of identity changes,

which may then trigger provisioning actions

to take place against managed resources.

The triggering will encounter identity

updates from an identity repository such as

an X.500 LDAP directory.

The graphic on page 89 shows a new

user, Joe Newguy, being added to an

organisation as a VP of Finance role, also

his title in this case, and is receiving a

number of subset roles, which will enable

translation to business logic based on these

roles. With these subset roles, work flow is

generated and processed and approval

requests are sent out.

The Provisioning system will translate

this business requests and translate them to

business and IT activities for resources and

services, for example, the contractor will

need a Laptop with a number of office

tools, an email account, access to the

financial system, a telephone extension with

a speakerphone, and business cards. Once

approvals are received, updates are made to

respective systems where Joe Newguy will

be performing his job function.

In the process of obtaining these

approvals, certain manual activities may

need to take place including buying the

Laptop, install the software on the laptop,

setup the user accounts and database access.

In parallel, the telephone must be installed

and setup on the provisioned desk, and the

business cards need to ordered. A robust

notification and escalation mechanism

needs to be in place for the provisioning

activities to address certain workflow

activities including buying the Laptop and

ordering business cards.

The provisioned user, Joe Newguy, must

be maintained, over his lifecycle as an

employee with the company, so on the day

that Joe leaves, the system would be able to

get him ‘out of the system’ immediately.

3.1. Provisioning – parties involved

Many groups have interests in the

provisioning and de-provisioning of users in

one’s organisation. Different groups have

different needs that need to be met with a

Provisioning solution.

Groups that would be directly involved

with a Provisioning Solution:

• Line of Business Managers – how

comprehensive and modular is the

solution? Does it address all of my

critical needs? How easy is it to use? Can

I integrate within my existing

infrastructure?

• Senior Executives – what is the

timeline for deployment,

implementation? Can it keep up with the

business as it changes? Is it going to

make the company operate more

efficiently and effectively, while providing

new business opportunities and allowing

us to save money?

• Network Administrators – is the

Provisioning solution reliable, scalable

and secure? Is the system easily

configurable and manageable? Does it

track changes, keep audit logs, and

provide the ability to build reports? Is

there support for developing custom

connectors to our existing systems? Does

it support open standards to ‘plug-n-

play?’

3.2. Provisioning and security

Provisioning and Security Management fit

hand in hand. Communication between the

provisioning server(s) and the managed

endpoints (target systems) must be secure

and encrypted but also the fundamental

business process for which workflow is

dynamically being generated to support the

security policies and business practices of

the organisation, for which the provisioning

of users if being conducted for.

The user information can be used to

create a profile of a person/role that

Identity Management


indicates exactly what resources should be

allocated to that person/role. Changes to

the profile can automatically trigger

provisioning or de-provisioning activities.

This means that when an employee moves

to another business unit, for example, all of

the necessary workflow items would start

and proceed to the reassignment of

provisioned items, of course based on

approvals received and external systems like

those from HR.

Security to the organisation is improved

when you can automate the process of

managing access to managed endpoints.

You can also essentially roll-back the

provisioning process, clearing all access

rights for any terminated employees via a

single process while maintaining a complete

audit of all changes.

3.2.1. Auditing

The provisioning system’s auditing system

should help ensure that all events and

activities associated with identities or

resources be tracked. Auditors can see when

an identity was created, by whom, where

the identity went, what it accessed, what it

touched, what it morphed into, when it was

suspended, by whom and when it was

terminated. It tracks all provisioning

activity across the entire enterprise and

extended enterprise, monitoring, collecting

and filtering events, providing centralized

management of organisation specific audit

policies, triggering alarms and alerts.

3.3. Employee provisioning oremployee lifecycle managementdrivers

3.3.1. Cost containment/productivity

enablement

The need to react to business priorities has

never been greater. A focus on operational

procedures drives requirements around

efficiency while the continued evolution of

on-demand computing – the next level in

automated systems management – drives an

urgency factor unseen to this point.

Organisations (particularly IT departments)

are also being asked to ‘do more with less.’

At a time when the number of identities

involved in daily transactions is exploding,

the requirements from auditors have

multiplied. The rate of mergers and

acquisitions may have slowed, but it has not

stopped – leaving IT departments with

larger user populations, more consolidation

and decreasing budgets.

Productivity loss – due to the need to

sign on to multiple applications – represents

a considerable cost overhead to many

organisations. Lost credentials and account

lockouts due to sign-on errors further

increase these costs. Manual user

provisioning and administration are

inefficient, and expensive.

3.3.2. Regulatory environment

The amount of personal and financial

information existing in distributed

databases, coupled with the demand for

open access, has increased demand for

protection and highlighted the need for

regulations against unauthorized access to

information and comprehensive auditing of

information accessed by any type of identity.

Regulations focus on data in two ways:

personal privacy and financial validity.

Governments and industry regulatory bodies

worldwide are responding with regulations

and directives for the privacy and confiden-

tiality of health care records – the Health

Insurance Portability and Accountability Act

(HIPAA), as well as financial data – the

Graham-Leach-Bliley Act (GLBA) and the

EU Data protection Directive (95/46/EC) and

with new controls on accounting practices

(Sarbanes-Oxley Act).

3.3.3. Standards as protection of

technology investment

IT departments leverage standards to

protect their investment in new technology.



Standards come with the promise that

current products will continue to

interoperate with products from other

vendors as technologies evolve and that

these technologies can be deployed securely.

Today, organisations need to adopt

strategies for technology and standards

adoption to position themselves for

participation in the new web economy.

4. Provisioning standardssupport and what is SPML?As the co-founder and current secretary of

SPML, I recognized in 2000 that Employee

Provisioning solutions needed to

interchange with other solutions,

repositories, applications, services,

including interoperability at some level with

other provisioning and meta-directory

solutions. SPML started as a group of

technology companies that eventually

evolved from three competing specifications

which transitioned as one agreed upon

specification and technical committee into

OASIS and finally as a version 1.0 standard,

with the mediation and dedication of the

Burton Group, specifically the amount of

time and effort contributed by Mr. Phil

Schacter and the continued motivation

provided by Mr. Jamie Lewis and Mr. Gerry

Gebel.

I realized through the years of operating

and implementing business process

management systems, creating connectors

Identity Management


SPML v1.0

Administrative Directory

Security & Network OS

Groupware Applications /

HR / ERP

Databases & Directories

Web Interfaces

Devices

Web Browser

AdministrativeDirectory

Web Server

SPML Bus

• Identities

• Credentials

Provisioning Server

Connectors/Agents

SPML BUS

Universal Feeds

HR / ERP / SCM

Self Admin

Delegated Admin

Password Reset

End-to-End Reporting

and connectors for systems, services, and

devices, finally came to the understanding

that each unique systems has their own

concept of workflow and SPML would not

be an easy process to standardize. It would

deem to be difficult and political. Most

important to vendors involved was that we

knew that organisations have one or more

identity-based provisioning, employee

lifecycle management tools, meta-directory

systems, or applications and devices that

are based on identity information within

their internal or external enterprise.

Technologies may have been acquired via

mergers and acquisitions, even over years

certain technologies become legacy to a

degree.

Service Provisioning Mark-up Language,

SPML, is a provisioning standard developed

and ratified within OASIS, Organisation for

the Advancement of Structured Information

Standards, and is intended to provide

standards methods for provisioning and de-

provisioning, querying, modifying,

suspending, and restoring user accounts

across heterogeneous systems, devices, and

non-computing resources (e.g. Credit Cards,

Laptop computers, phones) which require a

manual activity to be kicked off via the

systems workflow but notifications are to be

automated to respective approvers. This

common administration can significantly

reduce IT workloads, helps ensure



Sample Business Scenario - Externalization of Provisioning Activities using SPML1

i Note: I am only addressing SPML and how it interacts

with calling web services based on correct provisioning.

Concepts of SAML, Liberty Alliance, and other

standards may be derivatives of the concepts that are

discussed in the Business Case model.

compliance with security policies, and

provide employees with immediate access to

critical resources. Changes in human

resource systems can be propagated

automatically to IT applications without

human intervention.

Based on an XML-based framework,

SPML allows a provisioning system’s

capabilities to be extended to any enterprise

system or Web service adopting the

necessary compliant interface. SPML would

allow for businesses deploying and using

web services, via a common language, to

more securely manage the identity of a user

including the dynamic allocation of their

associated resources/web services, across

trusted boundaries.

4.1 SPML v1.0

Version 1.0 of SPML, was ratified within

OASIS in November of 2003. SPML v1.0

provides the first step in the development of

a standardized interface for exchanging

provisioning requests. To enable true secure

access control to resource allocation, system

and web service allocation, SPML is

designed as a standard to be the protocol to

allow the automation of access control for

system and user accesses to these systems,

devices, and web services.

In a sample business scenario, I wanted

to represent how SPML may operate when

provisioning users and web services around

a business activity would work. I am going

to address Business-to-Business (B2B)

interactions and the lifecycle management

of the provisioning actions conducted on

these interactions built on top of existing

and emerging standards technologies.

This paper presents a business scenario

showing how standards in a web services-

oriented environment are used to solve

problems in a business situation. Service

Provisioning Markup Language, or SPML,

is a standard that addresses the required

semantics for Provisioning Service Points to

exchange requests relating to the managed

Provisioning Service Targets. SPML requests

will facilitate the creation, modification,

activation, suspension, enablement and

deletion of data on managed Provisioning

Service Targets.

Publication of a service is really any

action by the service provider that makes

the WSDL document available to a

potential service requester. E-mailing the

WSDL (or a URL pointer to the WSDL) to

a developer is publishing. So, in advertising

the WSDL in a UDDI registry for many

developers or executing services to find.ii So

when a person or entity that wants to

consume a service, that person or entity

must meet some qualification to be assigned

a status or a role. The trusted parties in a

B2B environment may have a pre-established

mechanism in place to map a person or

entities’ qualification to a role.

The provisioning or subscribing function of

the web services will be assigned to the

Service Provisioning Mark-up Language

(SPML) to specify. SPML may dictate the

provisioning (Add/Create, Delete, Modify,

Query) of Provisioning Service Points (PSP)

and Provisioning Service Targets (PST)

based on a formal submittal from the

Requesting Authority (RA). In some cases

the PST may be a RA requesting access to a

service on another PSP, a true cross-

federation model.

4.1.1. Complex business relationship

analyzed using concepts of provisioning

and SPML

1. Supplier 2 visits a Supplier Network

System and signs up to sell vehicle parts.

2. Response comes back as the

Distributor of the Supplier Network

Identity Management


ii The UDDI project is a cross-industry initiative to

create an open framework for describing, discovering,

and integrating web services across the Internet. For

more information on UDDI, see http://www.uddi.org

http://www.uddi.org

System would be happy to have Supplier

2 join pending it meets certain require-

ments, as stated in the web service query.

a. Distributor (PSP) requests specified

business profile information, from

Supplier 2, to fulfill the request to be able

to sell as part of the Network.

3. Supplier 2 (acting as an RA) responds

to Distributor (PSP) with the completed

requirements to list its services, via the

Supplier Network System.

a. Suppliers requesting to list and

supply parts are credentialed by the

Distributor of the Supplier Network

System. The distributor has the authority

to accept/decline and allocate credentials

and mediate for services.

4. Upon meeting all requirements as

specified by Distributor (PSP), Supplier 2

(RA) is assigned a Provisioning Service

User Identifier (PSU-ID) as a

Provisioning Service User (PSU) of the


5. The Dealer A (an RA) wants to

order parts for a vehicle it sells via the

Supplier Network System. The Dealer A’s

procurement manager sets up user profiles

for each of his company’s buyers,

establishing purchase areas and purchase

limits for each user.

6. Once each buyer’s profile, from the

dealership (RA), has been set up, he or

she can access the Supplier Network

System of parts suppliers.

7. The buyer, from that dealership (RA),

can then search through the list of items

and their prices that the supplier has

available.

8. The Dealer A and Dealer B dealerships

(RA) each may or may not have access to

the same set of suppliers on the Supplier

Network System. This may be based on

the query written in the request to the


9. When an order is processed, the

Supplier Network System kicks off a

business process, validating the purchase

against the company policies defined by

the procurement manager, submitting

appropriate orders to the individual

suppliers, updating order status and

finally, reporting the status back to the

dealer (RA).

4.1.2. Analysis of the scenario

• Correct account setup (provisioning)

for each person at each layer

• Suppliers can only choose from

options assigned by their Distributors

assigned by their credentials.

• Hierarchy of delegation

4.2. SPML v2.0

During January 2004, the PSTC met to

discuss requirements for version 2.0 of

SPML, really still an early work in progress.

I did want to bring out some key points and

allow you, the reader, to see where the

group is going and hopefully generate some

ideas that you may bring to the PSTC if you

are interested in participating within the

PSTC working group in OASIS.

As a standard protocol was defined SPML

version 1.0, defining standard XML-schemas

was recommended to be part of version 2.0.

Furthermore, complex data modelling,

standard verbs and operation extensions,

and the idea of standardizing standard

requests were other requests. Even further,

the use and support of WSDL definitions,

handling of complex data objects and

enhanced/custom verbs, supporting opaque

identifiers, and backwards compatibility to

version 1.0 were necessity. A new draft for

vote is due to come out in the next several

weeks that will set the direction for SPML

version 2.0 and unification with agreement is

key for success.

5. Conclusion and what can I do?Get involved. Identity and Access

Management, of which provisioning is a key



technology, is here to stay and the market

grows substantially annually while

technology evolves. The PSTC is not only a

standards body made up of software

vendors but of customers, customers, and

customers. More customers need to get

more involved, state their needs and

problems, and in turn; SPML will enable

deployments and integrations to be made

much easier for them thus reducing overall

costs for the customers and providing for a

quicker realisable ROI.

Provisioning and Identity Management

are key technologies for enhancing

operations and increasing the efficiency

level but more importantly it is important

technologies for managing one’s identity

securely where ever it may travel. Standards

are key and necessary for solutions to

interoperate with existing solutions, new

solutions, mergers/acquisitions where one

or many organizations may already have

Identity or Provisioning-based solutions and

need to integrate them.

Vendors need to get engaged on a world-

wide basis because building a standard

interface to Identity Management systems is

a competitive advantage for each of them. It

is as important to encourage a larger

audience of users, that they may purchase

SPML standards-compliant solutions,

because they ‘can’ interoperate using

technologies like SPML, that have

standardized interfaces to those Identity

Management systems.

In this paper, a business scenario,

specifically a Supply-Chain model,

illustrated how evolving standards like

SPML may be applied to solve a real

business problem. SPML is only one

component of the pyramid that will allow

this scenario to come to completion

seamlessly. Many standards that need to

build this scenario are still in development,

one of these being Web Services. Web

Services have not presented itself as a real

B2B corporate solution but developing real-

life scenarios to show how the functions

may occur can help commercialize the

effort. Standard working groups like the

Provisioning Service Technical Committee

(PSTC) have vendors working together to

achieve the business scenario described and

to make it a reality.

For more information about SPML and

how to join the PSTC, please visit:

http://www.oasis-open.org/committees/

tc_home.php ?wg_abbrev=provision

6. References[1] HTTP: http://www.w3.org/Protocols/

[2] SOAP: http://www.w3.org/TR/SOAP/

[3] WSDL: http://www.w3.org/TR/wsdl

[4] Organisation for the Advancement of Structured

Information Standards, SAML Standard Set. See

http://www.oasis-open.org/

[5] Liberty Alliance, www.projectliberty.org


Information Standards, SPML 1.0 Standard Set and SPML

2.0 minutes. See http://www.oasis-open.org/

[7] Gottschalk, Karl; Graham, Steve; Kreger, Heather; and

Snell, James. ‘Introduction to Web Services Architecture.’

http://www.research.ibm.com/journal/sj/412/gottschalk.

html. Emerging Technologies. IBM Software Group.

November 2001


Information Standards, UDDI, http://www.oasis-

open.org/


Information Standards, PKI, http://www.oasis-open.org/

Identity Management


http://www.oasis-open.org/committees/tc_home.php%20?wg_abbrev=provision

http://www.oasis-open.org/committees/tc_home.php%20?wg_abbrev=provision

http://www.w3.org/Protocols/

http://www.w3.org/TR/SOAP/

http://www.w3.org/TR/wsdl


http://www.projectliberty.org


http://www.research.ibm.com/journal/sj/412/gottschalk.html

http://www.research.ibm.com/journal/sj/412/gottschalk.html


