|
AT ORACLE: Oracle News
Best-in-Class Identity Management
Oracle redefines identity management for application centricity and SOA.
Oracle has entered the identity management suite space in a big way. Following the acquisition of Oblix in early 2005, Oracle rounded out its suite by adding best-in-class provisioning from Thor Technologies and a powerful virtual directory from OctetString. The result is Oracle Identity Management, a comprehensive and integrated product family.
"If you look at our portfolio of identity management products now," says Hasan Rizvi, Oracle's vice president of product development for Identity Management, "we have a broader suite than competing offerings from IBM, Sun, or CA." Driving the acquisitions is Oracle's desire to help its customers control complex identity management environments and improve compliance by delivering an end-to-end solution based on open standards.
Best-of-Breed Identity Management
The combination of trusted Oracle technology and strategic acquisitions means that Oracle Fusion Middleware customers can pick and choose from best-of-breed identity management products that cover the three "A's": authentication, authorization, and administration.
Authentication through Oracle directories has always been a strong suit for Oracle. The Oracle Internet Directory is a Lightweight Directory Access Protocol (LDAP) v3-compliant directory service that recently passed Common Criteria evaluations at Evaluations Assurance Level 4 (EAL4)—the highest level generally achieved by commercial software. The addition of Oracle Virtual Directory, obtained through the OctetString acquisition, enables multiple LDAP directories or relational databases—from Oracle and other vendors—to look like a single, large, and unified LDAP store.
Oracle products for identity authorization have already integrated powerful Oblix COREid Access and Identity capabilities for providing Web single sign-on, policy-based authentication, password administration, delegated user and group administration, and user self-service. Oracle COREid Federation is an identity federation server that easily extends single sign-on to include cross-domain interaction with business partners and customers. The systems also provide flexible and detailed reporting for regulatory compliance.
Oracle identity administration now includes Oracle Xellerate Identity Provisioning—obtained through the acquisition of Thor Technologies. The industry's leading enterprisewide, cross-platform user provisioning solution, it automates the administration of events in the identity management lifecycle—such as adding users to systems, modifying their privileges, and efficiently deleting users when business events such as departing employees occur.
The incorporation of the new acquisitions into Oracle Fusion Middleware will be swift. "OctetString technology has been out there in the field being deployed with Oracle, just like the Oblix and Thor technologies," says Clayton Donley, Oracle senior director of product development and former CEO of OctetString. "There won't be a big wait for the impact—we'll hit the ground running."
The Oracle Identity Management product family now includes Web access control; identity administration; user provisioning; federated identity management; directory services, including virtual directory technologies; and enterprisewide user provisioning. "With Oracle Identity Management, customers can fulfill all of their identity management requirements from a single vendor—one that offers leading products and capabilities," says Rizvi. "This means less time spent integrating disparate components, a single point of contact for support, a single license contract, and the backing of the world's largest enterprise software company."
Complexity and Compliance
In expanding its product suite, Oracle is capitalizing on an evolution in the way enterprises view identity management. "Identity management is no longer simply a security measure," notes Rizvi. "It is a way to enable compliance, save cost, improve customer service, and promote better trading with partners." This trend grows as more enterprises provide access to Web-based applications. "Our enterprise customers see great benefits from expanding their online partner networks and from providing customers and employees with easy-to-use self-service applications. But these benefits also mean that an ever-increasing number of people depend on an ever-growing set of Web applications in an environment that must be secure and must comply with regulations imposed by governments and industries," he says.
John Aisien knows the problem well. "The only way to gain control over the process is to introduce automation, and that is exactly what Oracle Xellerate Identity Provisioning does," says Aisien, Oracle's vice president of Identity Management and former vice president of marketing and business development at Thor Technologies. Aisien explains that with every routine business event, such as mergers, hiring, and partnering, people come and go and change their access privileges. "You've got to provision and deprovision them all impeccably," says Aisien. Oracle Xellerate Identity Provisioning allows organizations to manage user-access rights and privileges throughout the provisioning lifecycle and across diverse IT environments, including platforms, systems, applications, and physical assets. "Oracle Fusion Middleware customers will benefit from this union because they get a market-leading identity lifecycle provisioning solution that allows them to reduce cost, increase security, gain control over compliance processes, and," adds Aisien, "make their CIO look like a rock star."
Open Standards Middleware
Recent acquisitions are geared toward giving Oracle Identity Management the broadest connectivity within heterogeneous environments. "Single sign-on and identity management are by their nature a heterogeneous venture," says Rizvi. Acquired technology gives Oracle greater connectivity. "Oblix connects with WebSphere, WebLogic, SAP, and many others. And Thor has a rich set of connectivity into different applications," he adds. "Meanwhile, OctetString provides connectivity and adapters into various different LDAP directories as well as different databases. So an application can access a single virtual directory on top of an Oracle directory and, say, a Microsoft directory."
Oracle Virtual Directory (formerly OctetString Virtual Directory Engine) enables multidirectory consolidation, password integration across directories, and directory proxy capabilities. As an Oracle Fusion Middleware component, it will deliver "hot-pluggable" capabilities for Oracle applications to connect them to multiple sources of user identities. This will shorten the time it takes to integrate applications in heterogeneous environments by allowing integrators to forgo the long process of synchronizing their various data sources—something that commonly delays and extends identity management projects today. "Our technology interfaces with a lot of different vendors, including Oracle competitors," says Donley, formerly of OctetString. "Oracle Virtual Directory allows Oracle to seamlessly fit with others and allows other solutions to fit with us."
Application Centricity
Oracle is using its unique position as a technology and applications company to take identity management in a positive new direction. "We believe that identity management services should be available at application development time as well as at application deployment time," says Rizvi. "IT shouldn't require you to bolt on a separate identity management solution to address 'system complexity,' which is the old systems management view pushed by IBM, CA, and Sun."
In Oracle's vision, when you create a new employee in a human resources management system, you automatically create that employee in an identity management repository so that data is available for other applications to use. "We believe our entire suite of services should share infrastructure with the application, so when you do business process automation, identity management can participate in your broader business flows," Rizvi comments.
A Web Services Future
These cross-platform identity management services aren't limited to Web applications; they can also control access to service-oriented architecture (SOA) applications. An SOA connects disparate, loosely coupled applications as services within and across the enterprise. The result is a much more flexible, adaptable IT infrastructure. "All these identity management services will be available and consumed by our next-generation applications," says Rizvi. Indeed, Oracle is currently driving new standards and participating in developing others to make this vision a reality; they include the Liberty Alliance and JSR 155—Web Services Security Assertions. "Our goal is to provide all our identity management capabilities as shared services as part of our SOA platform," he adds.
Today, customers and partners can leverage Oracle Identity Management in its entirety or deploy individual components to meet their unique needs. Oracle Identity and Access Management Suite is a best-in-class product bundle that includes all of Oracle's identity management products except Oracle Web Services Manager. "Oracle has made it easier than ever for customers and partners to take advantage of the latest developments in identity management to mitigate security risk and facilitate auditable regulatory compliance," says Rizvi.
According to analyst Phil Schacter, vice president and service director of the Burton Group, the new suite is good for customers. "Over the past nine months, Oracle has demonstrated a serious commitment to providing a strong technical solution for the identity and access management needs of both Oracle customers and the general market," he says. "The new Identity and Access Management Suite assembles the component technologies into a package that is easier for customers to understand and invest in."
| 
Bookmark
