Summary

Security service provisioning addresses business problems related to account mapping, password synchronization, account provisioning, and so forth. These are operational tasks that incur high running costs and processing time. When designing secure service provisioning, architects need to consider the following design factors: centralized or decentralized architecture, integration strategy with existing infrastructure, and the associated security risk mitigation strategies.

Security service provisioning can lower the total cost of account provisioning. It can reduce the complexity of account mapping by providing a standard interface and XML schema using SPML. The standard interfaces allow easy interoperability between identity management systems. These business benefits are quantifiablethere are measurable cost savings in adopting service provisioning technologies.

The Service Provisioning Markup Language (SPML) is a standards-based interface between the client (requesting authority), resources (provisioning service target), and provisioning service point. A number of security vendor products in the market now support SPML. There is a growing interest in relating Web services provisioning to SPML.

The Password Synchronizer pattern is an example of security design patterns that use SPML to synchronize user passwords across heterogeneous platforms. It illustrates how Java Message Service can provide reliable messaging for password synchronization.