Managing Identities

Specs could help ID-management apps better control user-access rights

George V. Hulme, Contributor

July 11, 2003

1 Min Read

Ask IT pros knee-deep in an identity-management rollout and they'll tell you building connectors so user access-rights information can be shared among all applications is one of the most daunting parts of the job. That chore may get easier if a new specification takes hold. The Organization for the Advancement of Structured Information Standards' Service Provisioning Markup Language version 1.0 was given its first public run last week. ID-management vendors, including BMC Software, Entrust, OpenNetwork, Sun Microsystems, and Thor Technologies, showcased SPML interoperability with their software.

Development of standards such as SPML is critical if identity-management apps are to live up to their promise of easier management of user-access rights, says Pete Lindstrom, director of research at Spire Security.

Also last week, Microsoft and IBM embraced federated, or decentralized, ID management by unveiling their WS-Federation spec, which the companies say will let customers exchange identity information with partners and suppliers.

About the Author(s)

George V. Hulme


An award winning writer and journalist, for more than 20 years George Hulme has written about business, technology, and IT security topics. He currently freelances for a wide range of publications, and is security blogger at

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights