3.5 Provisioning services Provisioning services are used within a federated environment for both a priori and run-time provisioning solutions, as described in 2.6, "Federated identity provisioning" on page 70. Provisioning services interact with both local identity management systems (such as Tivoli Identity Manager) and local data stores (access via identity services). Provisioning services are leveraged to federate local identity management systems across federation business partners and to provide federated management of identity data, including transactional and profile attributes; see 2.2.5, "Identity attributes" on page 45. There are few widely accepted standards for provisioning. The most important effort to date is probably the work done by the Provisioning Service Technical Committee (PSTC) at OASIS. The PSTC has defined a set of use cases that reflect the operational requirements of a provisioning system. WS-Provisioning is compatible with those use cases. WS-Provisioning describes the APIs and schemas necessary to facilitate interoperability between provisioning systems and to allow software vendors to provide provisioning facilities in a consistent way. The specification addresses many of the problems faced by provisioning vendors in their use of existing protocols, commonly based on directory concepts, and confronts the challenges involved in provisioning Web services described using WSDL and XML Schema. The specification defines a model for the primary entities and operations common to provisioning systems including the provisioning and de-provisioning of resources, retrieval of target data and target schema information, and provides a mechanism to describe and control the life cycle of provisioned state. Chapter 3. Tivoli Federated Identity Manager architecture 129