click to edit master title style hr-xml interoperation with oasis spml v2 an integration use case...
TRANSCRIPT
Click to edit Master title style
HR-XML Interoperation with OASIS SPML
V2
An Integration Use Case
Matt Tobiasen (HR-XML) Gary Cole (OASIS)
Agenda Integration Concept
What is this integration? How did it come about?
Introduction to SPML V2 OASIS PSTC SPML V2
Sample Use Case Applicant Tracking & Background Checking Use Case Flow & Sample Schema
Protocol Exchange Overview Sample SPML Message Exchange
What’s Next? Questions?
Integration Concept What is this integration?
HR-XML defines target schema(s) Complex integration involving Identity Use an existing exchange protocol…
HR System Applicant Tracking
XSDXSD XSD
ID IDXSD XSD
XSDSPML
Integration Concept How did it come about?
HR-XML needed secure Identity Provisioning
Open standards existed @ OASIS Your guys started talking to our guys Immediately everyone saw a good fit… All good engineers like re-use – right?
Introduction to SPML V2
OASIS PSTC OASIS technical committee focused on developing open
standards for Service & Identity Provisioning
Founded in 2001 Contributors:
• BEA - Mycroft• BMC Software - Open Network Technologies• CA (+Netegrity) - Oracle (PeopleSoft)• Critical Path - HP (+TrueLogica)• Entrust - Thor• IBM - Sun (+Waveset)
Deliverable - Service Provisioning Markup Language• V1 - OASIS Open Standard November 3rd 2003 • V2 – Planned complete April 2005
Introduction to SPML V2
SPML V2 Open standard for defining and exchanging
provisioning requests in XML using Web Services technologies
XML RPC interface for Identity Provisioning Interface model and management abstraction
for an Identity Life-cycle Important part of end-to-end standards based
security strategy
Introduction to SPML V2
SPML Service Point
(ATS)HR
UDDI
WSDL
TargetTarget
Target
Value added Service…
SPML/SOAPSPML/SOAPWS-Sec Secured
XSD
HR
Introduction to SPML V2
Service Point
Requestor
WSDL
TargetTarget
Target
XSD
In-Spec
Out of Spec
Request Response
Capabilities
Lis
t of
Tar
gets
Core O
perations
Ref to XSD
Batches
Bulk Operations
Sync/Async Model
Transport Security Model
Trust Model (inc. establishment)
AuthN & AuthZ Model
Sample Use Case Applicant Tracking Systems (ATS) &
Background Checking Systems (BCS) Selected due to timing and application A simple integration requirement
Managed life-cycle Add / Modify / Suspend / Delete Password management
ATS BCS
Recruiter
SecureManagedExchange
Sample Use Case
Use Case Outline1. ATS has pre-defined “context” with BCS2. ATS defines “Recruiter”3. ATS creates “Recruiter” account within BCS
with access to basic background checks on applicants
4. ATS updates “Recruiter” making her a “SeniorRecruiter” with access to enhanced background checks on applicants
5. ATS does password reset for “SeniorRecruiter”
6. ATS suspends “SeniorRecruiter”
Protocol Exchange
ATS BCS
Pre Existing Trust Relationship
Add Request (Data)
Add Response (ID)
Modify Request (ID, Data)
Modify Response (Data)
Change Password (password)
Password Changed
Suspend (ID)
Suspended
Overview
Protocol Exchange – add <?xml version="1.0" encoding="utf-8"?>- <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> - <soap:Body> <addRequest xmlns="urn:oasis:names:tc:SPML:2:0“ targetId="HR-XML"> - <data> - <UserAccountsTypeUserAccount xmlns="http://ns.hr-xml.org/2004-08-02“ xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" type="new" validFrom="2005-03-29" validTo="2006-03-29" > - <ClientId idOwner="XYCClient1" xmlns="http://ns.hr-xml.org/2004-08-02"> <IdValue name="clientNumber">12345678900</IdValue> </ClientId> - <UserId idOwner="Sterling" xmlns="http://ns.hr-xml.org/2004-08-02"> <IdValue>aliceuser</IdValue> </UserId> - <PersonName xmlns="http://ns.hr-xml.org/2004-08-02"> <FormattedName>Alice Smith</FormattedName> </PersonName> (continued on next page. . .)
Protocol Exchange – add (cont’d) (continued from previous page . . .)
+ <ContactMethod xmlns="http://ns.hr-xml.org/2004-08-02"> + <PersonDescriptors xmlns="http://ns.hr-xml.org/2004-08-02"> + <PostalAddress type="streetAddress" xmlns="http://ns.hr-xml.org/2004-08-02"> - <Group idOwner="Sterling" xmlns="http://ns.hr-xml.org/2004-08-02"> <IdValue name="webDirectGroup">Managers</IdValue> </Group> - <Role idOwner="Sterling" xmlns="http://ns.hr-xml.org/2004-08-02"> <IdValue name="webDirectRole">Recruiter</IdValue> </Role> </UserAccountsTypeUserAccount> </data> </addRequest> </soap:Body> </soap:Envelope>
<?xml version="1.0" encoding="utf-8"?>- <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> - <soap:Body> <addResponse status="success" xmlns="urn:oasis:names:tc:SPML:2:0" > - <pso> <psoId ID="UserId=aliceuser,idOwner=Sterling" targetId="HR-XML"/> </pso> </addResponse> </soap:Body> </soap:Envelope>
Protocol Exchange – modify <?xml version="1.0" encoding="utf-8"?>- <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> - <soap:Body> <modifyRequest xmlns="urn:oasis:names:tc:SPML:2:0" > <psoId ID="UserId=aliceuser,idOwner=Sterling" targetId="HR-XML"/>
<modification modificationMode="replace"> <component>/UserAccountsTypeUserAccount/Role</component> - <data> - <Role idOwner="Sterling" xmlns="http://ns.hr-xml.org/2004-08-02"> <IdValue name="webDirectRole">SeniorRecruiter</IdValue> </Role> </data> </modification> </modifyRequest> </soap:Body> </soap:Envelope>
<?xml version="1.0" encoding="utf-8"?>- <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> - <soap:Body> <modifyResponse status="success" xmlns="urn:oasis:names:tc:SPML:2:0" /> </soap:Body> </soap:Envelope>
Protocol Exchange – setPassword <?xml version="1.0" encoding="utf-8"?>- <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> - <soap:Body> - <setPasswordRequest xmlns="urn:oasis:names:tc:SPML:2:0:password" > <psoId ID="UserId=aliceuser,idOwner=Sterling" targetId="HR-XML" xmlns="urn:oasis:names:tc:SPML:2:0"/> <password xmlns="urn:oasis:names:tc:SPML:2:0:password">foobar</password> </setPasswordRequest> </soap:Body> </soap:Envelope> <?xml version="1.0" encoding="utf-8"?>
- <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> - <soap:Body> <setPasswordResponse status="success" xmlns="urn:oasis:names:tc:SPML:2:0:password" /> </soap:Body> </soap:Envelope>
Protocol Exchange – suspend
Sample SPML Message Exchange <?xml version="1.0" encoding="utf-8"?>- <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> - <soap:Body> - <suspendRequest xmlns="urn:oasis:names:tc:SPML:2:0:suspend" > <psoId ID="UserId=aliceuser,idOwner=Sterling" targetId="HR-XML" xmlns="urn:oasis:names:tc:SPML:2:0"/> </suspendRequest> </soap:Body> </soap:Envelope>
<?xml version="1.0" encoding="utf-8"?>- <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> - <soap:Body> <suspendResponse status="success" xmlns="urn:oasis:names:tc:SPML:2:0:suspend" /> </soap:Body> </soap:Envelope>
What Next?
An on-going TC Process… Continue to build out use cases Continued exchange Bi-weekly working group meetings
Deliverables SPML “HR-XML Profile” document
Samples & normative “rules” to make this interoperable
Delivered as OASIS specification