1 / 29

OracleAS Identity Management Solving Real World Problems

Learn how Oracle Identity Management can tackle the administrative and usability challenges of managing users, access, and privileges in a scalable and secure manner for web applications.

ashawn
Télécharger la présentation

OracleAS Identity Management Solving Real World Problems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OracleAS Identity Management Solving Real World Problems

  2. Web applications are great ... • Inexpensive development • Rapid deployment • Access from anywhere BUT ….

  3. …but they can be an administrative and usability nightmare!

  4. Business Problem • Many more users of your business system • Anyone with PC has potential access • Not all users are employees or students • partners, suppliers … and hackers • Managing users is more complicated • Authorized users need to access multiple applications • Proliferation of accounts, passwords, privileges • Critical business applications and data are online • Real risk is greater, awareness of risk is also greater • Legal mandates for protection of certain data

  5. IT operational challenges • New employee or student enrollment • Create identity and credentials for the user • Create accounts for all applications he/she needs • Define authorizations • User’s organizational role changes (or user terminated) • Automate privilege changes in applications • Revoke accounts and authorizations for all applications he/she had access to • Disable user’s identity and credentials

  6. IT operational challenges, contd. • Manage user authentication securely • Enforce password complexity • Detect and prevent password attacks • Implement efficient procedures for password resets • Deploy a new application • Integrate the application with corporate Portal • Delegate administration • Leverage an existing authentication service • Automate account provisioning for the application • Maintain synch among existing directories such as AD

  7. IT operational challenges, contd. • Support complex deployment scenarios • Deploy many applications and servers securely, with least privilege • Decentralized IT administration • High availability • Support load balancers, firewalls, HW accelerators

  8. Oracle’s Solution • Security platform enabled by Oracle Identity Management • Platform components with high assurance

  9. What is Identity Management? “Identity management is the process by which the completesecurity lifecycle for users and other entities is managed and controlled for an organization or community of organizations.”

  10. Identity Management Infrastructure • An enterprise directory - Oracle Internet Directory (OID) • Directory of users, groups, applications, roles & policies • Meta-directory platform and connectors - Directory Synchronization Service (DSS) • Access management services • Single Sign-on (SSO) • Centralized authorization repository (OID) • Provisioning platform - Prov. Integration Service (PIS) • Provisioning policy and account management tools • Provisioning integration platform • Provisioning event propagation, workflow automation • Provisioning connectors

  11. Identity Management Infrastructure • Delegated Administration Services (DAS) • End user self-service tools • Enterprise user, group and role management tools • Application administration delegation tools • Public Key Infrastructure Services • Oracle Certificate Authority (OCA) • Certificate / key archives • Online certificate status • Auditing and security monitoring services • Enterprise audit policy management tools • Central audit log archive and mining tools

  12. Identity Management Benefits • Saves Money • Centralized user management reduces admin cost • Easier to automate and less error prone • Improves Security • By preventing fragmented security • Enhances user experience • Single password and Single Sign-on • Personalization • Delegated Administration and Self-service

  13. Oracle Identity Management in Oracle Security Architecture E-Biz Responsibility Oracle 10g RDBMS JAAS Roles, Component access Controls, Java2 Permissions,… OracleAS 10g Enterprise Roles VPD Label Security, .. Oracle E-Business Suite Oracle Collaboration Suite File privileges, Secure Mail, Interpersonal Rights granting Delegated Administration Services Provisioning Service OracleAS SSO 3rd Party Authentication Service Oracle Certificate Authority Oracle Internet Directory Directory Integration Services 3rd Party Directory Service OracleAS (9i or 10g) 4

  14. Oracle Identity Management – Value Proposition • An enterprise infrastructure that leverages Oracle’s “unbreakable” technology • reliability, scalability, security, performance • Enables deployment of all Oracle products out of the box • AS, DB, OCS, eBiz • A single point of integration for customer’s existing identity management solutions • Transparent 3rd party integration for OIM enabled products • An open, standards-based infrastructure to accommodate variety of partner solutions and customer deployments • Accommodate a wide variety of deployments and partner solutions.

  15. Specific Problems and Solutions

  16. New Student Enrollment • Create user in OID - creates user in Enterprise • Oracle products recognize identity • Third party (e.g., AD) provisioning via PIS • Improved provisioning support through OIM • Single user in OID • Student System-based provisioning though PIS • Windows (and other third party) integration via DSS • Automated certificate provisioning with OCA

  17. User’s organizational role changes • Change role and/or remove user from OID • Directly via DAS or indirectly via PIS • Immediately changes user in OIM-aware applications • Other applications can be synchronized via DSS, PIS • Dynamic group support in OID

  18. Manage User Authentication Securely • Single Sign On • OracleAS SSO for web single sign on • Enterprise User Security for client-server SSO to database • Multilevel authentication in OracleAS SSO 10g • Windows Native Authentication • Proxy authentication for multi-tier database access • Advanced password management policies in OID • Password history, Password hints and reset upon expiry • IP address based lockout policies • Centralizes password management for OIM-based applications

  19. Manage User Authentication Securely, cont. • External authentication plug-ins for 3rd party LDAP • DAS management of account lockout status • DAS Self Service password hint and password reset • Standalone database continues to support customizable password management

  20. Deploy New Application • OID/SSO provide authentication and authorization services which are shared across enterprise • Many hooks to leverage OID/SSO • mod_osso • JAZN • Partner application toolkit • Enterprise users (for database applications) • PIS provides automated account provisioning • DSS, PIS supports synch with existing directories

  21. Deploy New Application, cont. • Direct JAAS integration with 3rd party directory via Loginmodule API • DAS supports delegated administrative model • Can delegate admin authority to components of overall directory tree • Can delegate admin authority down to the attribute level • New install/admin model in OracleAS ensures least privilege for instance administration

  22. Windows Integration • Windows Directory Connector for Oracle Internet Directory • Pre-packaged solution for Windows directories • Built on Oracle Directory Integration Platform • Windows Native Authentication • “Automatic logon” to AS based on Windows logon • Improves Windows user experience • Windows Authentication and Password Plug-ins • “Referral” of authentication to Windows O/S; password synchronization not required • Update of Windows passwords from Oracle administration tools

  23. User Provisioning from Windows Oracle Portal Oracle9iAS Single Sign-On Windows Environment 4 - User provisioned in Oracle environment OracleE-Business SuiteRelease 11i 3- User synchronized with OID 1 - “Add user” 2 - User created in ADS Microsoft ADS DelegatedAdministrationConsole Oracle Internet Directory

  24. Improved Admin Privilege Model • Least privilege for install/admin • Separation of install and runtime admin privileges • Privilege to administer one 9iAS instance doesn’t imply privilege to administer every instance • Allows multiple 9iAS instances to share an infrastructure securely • Greatly improves security for real world deployments

  25. Case Study: Golden Gate University’s Legacy Environment • Operating systems: Solaris, Windows, MPE/ix, Netware, Mac OS, Digital Unix • Hardware platforms: SUN (Sparc), Dell (Intel), HP 3000, Macintosh, DEC Alpha • Databases: Oracle, SQL Server, Access, FoxPro, HP Image • Development: Coldfusion, HTML, Javascript, UniBasic • No common code, data, OS, management process, customer experience

  26. GGU’s new Web Architecture

  27. Summary • Key Business Problem • Address security threats • Manage users efficiently, intelligently • Key Solution Features • Complete security for real world deployments • Pervasive • High Assurance • Common across Oracle Components • Supports wide range of deployment options • Identity Management Suite • Integrated solution for Oracle products • Enterprise scalability, reliability, performance

  28. Summary, cont. • Key Oracle Differentiators • Reputation for reliability, scalability, availabity, assurance • Oracle offers nearly all the enterprise pieces • App Server, database, apps, collab suite • Security and Identity Management is pervasive, integrated

More Related