UNC-Chapel Hill developed their own open source provisioning solution using SPML (Service Provisioning Markup Language) after their previous vendor, Sun IDM, was acquired by Oracle. They created several SPML-based services including an Onyen service, UNC Guest ID service, and resource correlation service. These services are available under an LGPL license and handle provisioning tasks for their identity management system. UNC plans to continue expanding their provisioning capabilities and integrating additional services.

1. Celeste Copeland, UNC-Chapel Hill
June 10-15, 2012
Growing Community;
Growing Possibilities

2.  Several years ago, did an RFP for a
Provisioning solution
◦ Already have a home-grown Person Store
 UNC, like many others, bought Sun IDM
◦ Then Oracle came along…
 Left us with a few options
◦ Re-do RFP – seemed like a waste
◦ Go ahead and implement Sun IDM without knowing
the future of the product
◦ Wait and see what Oracle would choose to do
◦ Grow our own
◦ Grow our own AND try to make it Open Source
2012 Jasig Sakai Conference 2

3.  OASIS Standard, currently v2.0
 OASIS Provisioning Services TC
◦ Karsten Huneycutt
 XML-based
 Core: listTargets, add, lookup, modify, delete
 Others: batch, bulk, search, suspend, update
 Custom: better error codes, Challenge-
Response
2012 Jasig Sakai Conference 3

4.  Onyen service
 UNC Guest ID service
 Resource correlation service
 SPML router service
◦ Not actually a service, but a single join point around
the "create" method of all services that calls a set of
scripts to check eligibility for services
◦ Eligibility is determined by consulting with the resource
correlation service before routing any request to the
backend services
◦ After any successful add/delete/modify, the service will
update the correlation service with any necessary
changes
◦ This is an initial implementation for our phase one
project; may switch to Grouper for eligibility
2012 Jasig Sakai Conference 4

5. 2012 Jasig Sakai Conference 5

6. 2012 Jasig Sakai Conference 6

7.  Available under LGPL license
 http://code.google.com/p/spml-toolkit/
downloads/list
 SPML Router 1.0.0
 Resource Correlation Service 1.0.0
 UNC Prop Service 1.0.0
◦ Simple example service
◦ Shows how the focus on the service implementation side
is almost exclusively on the business logic rather than
the SPML plumbing
 SPML Toolkit 2.0.0
◦ Java library that contains everything needed to write an
SPML service or client
2012 Jasig Sakai Conference 7

8.  De-provisioning of Onyens, Guest IDs, etc.
 More services: Exchange, Live@EDU/MS 365
 Workflow
 Grouper
2012 Jasig Sakai Conference 8

9.  Contact: idman@listserv.unc.edu
 Contact: celeste_copeland@unc.edu
2012 Jasig Sakai Conference 9