As Published In September/October 2004

Oracle Application Server 10g Identity Management Infrastructure
By Michael Miley

Oracle Identity Management is an integrated, scalable identity management infrastructure supplied with Oracle Application Server 10g. Designed as the identity management foundation for the complete Oracle stack, it has six main components, outlined below:

Oracle Internet Directory

Oracle Internet Directory (OID), a scalable LDAP v3-compliant directory service, is a critical component of the Oracle Application Server identity management and security infrastructure. Tightly integrated with Oracle Database, it can support terabytes of directory information on a single server; thousands of concurrent client requests while maintaining subsecond response times; and a range of Oracle high-availability solutions and techniques, including Cold Failover Cluster (CFC) and Active Failover Cluster (AFC).

Oracle Directory Synchronization Service

Oracle Directory Synchronization Service permits synchronization between OID and other directories and user repositories, including flat files, relational database tables, NOS directories, and proprietary application user repositories. "Directory synchronization makes it possible to define and administer enterprise user identities centrally," says David Saslav, principal product manager for Identity Management, Internet Directory Integration Platform at Oracle. "It makes those user identities available to a variety of third-party and legacy applications and operating systems, and makes sure those repositories respect and reflect the attribute values."

Oracle Provisioning Integration Service

Oracle Provisioning Integration Service provides automatic provisioning services for Oracle products; components; applications; and, through standard interfaces, third-party applications. The service is leveraged by other Oracle components such as Oracle Portal to facilitate the user provisioning process. It also serves as a single point of integration between the Oracle environment and other enterprise provisioning solutions. New features with Oracle Application Server 10g include the ability to send notification of provisioning events bidirectionally between OID and other application directories as well as the ability to synchronize user accounts and other information from Oracle E-Business Suite to OID.

Oracle Delegated Administration Service

Oracle Delegated Administration Service (DAS) provides trusted proxy-based administration of directory information by application administrators and users. It is a set of predefined, Web-based units for performing directory operations on behalf of a user. DAS service units are leveraged by other Oracle administrative tools, providing a consistent interface for managing user information. Included with Oracle 10g is the Self-Service Console, a Web-based tool built on the Oracle DAS framework. The Self-Service Console allows end users and application administrators to search for and manage data in the OID and gives Oracle Application Server administrators a means of provisioning end users in the Oracle environment.

Oracle Application Server Single Sign-On

New features in Oracle Application Server 10g include multilevel authentication, Windows-native authentication, and support for several real-world environments with unique availability, scalability, and performance requirements.

Oracle Application Server Certificate Authority

Oracle Application Server Certificate Authority (OCA), a new component with Oracle Application Server 10g, generates and publishes X.509 v3 PKI certificates to support strong authentication methods and digital signatures, with a simple Web interface for requesting certificates and storing them in the credential wallet. "OCA supports the traditional certificate provisioning mechanism, where you have manual review and approval, as well as a more automated method that can issue new certificates when the user can properly authenticate to Oracle Application Server, using a valid single-sign-on user name and password," notes Paul Needham, Oracle director of Product Management, Database Security.