Introduction
Identity management is the process by which the complete security life cycle for end users and network entities is managed for an organization. A sound identity management strategy can reduce costs, speed up application deployments, and improve the user experience while enhancing application security.
Oracle Identity Management is an integrated, scalable and complete identity management infrastructure. Oracle Identity Management's functional areas include access and identity management, identity federation, user provisioning, LDAP directory services, virtual directory and web services management. A key feature of Oracle Identity Management is its open, standards-based implementation which supports heterogeneous enterprise environments. Other features include its robustness and scaleability, out-of-the-box deployment support for Oracle products and utility as a single point of integration to other enterprise identity management solutions.
Overview
Oracle Identity Management is an integrated identity management infrastructure for the enterprise environment and beyond. Oracle Identity Management includes the following functionalities:
- Access and Identity, which provides single sign-on, identity management and delegated administration.
- Federation, which provides multi-protocol cross domain single sign-on through standards such as SAML and Liberty.
- Provisioning, a framework for managing users, defining approval workflows, and automating user creation in Oracle and 3rd party applications.
- Directory, a scalable, robust LDAP V3-compliant directory service implemented on the Oracle Database. Included is a directory synchronization service, which facilitates synchronization between Oracle Internet Directory and other directories and user repositories.
- Virtual Directory, which facilitates real-time integration of multiple directories and user repositories through a single LDAP service.
- Web Services Manager, which provides web services security and management for heterogeneous web services.
Oracle Identity Management provides a complete application security infrastructure for the enterprise. Access and Identity
Access and identity are the means for administering users and their privileges and controlling their access to enterprise resources. Oracle Identity Management delivers access control and identity management through Oracle COREid Access and Identity, Oracle Application Server Single Sign-On and Oracle Delegated Administration Services. These components work together to provide centralized, fine-grained access management for heterogeneous application environments, as well as out-of-the-box integration with Oracle products such as Oracle Portal, Oracle Collaboration Suite, and Oracle E-Business Suite. In many organizations, user profile management is the shared responsibility of centralized administrators, delegated administrators, and the users themselves. COREid Access and Identity supports all of these usage models. In addition, COREid's Data Anywhere layer enables customers to build composite identity profiles consisting of attributes from both RDBMS and LDAP user stores for use in both access control and identity administration. COREid Access and Identity also provides flexible and detailed reporting about who has access and to which corporate applications, which is critical for Sarbanes-Oxley, HIPAA and Gramm-Leach-Bliley compliance. Oracle access and identity improve application security, ease regulatory compliance concerns, and improve the end user experience. Key features and benefits of Access and Identity are:
- A centralized service providing single sign-on to heterogeneous web application environments
- Policy-based authorization to provide centralized access control to web resources
-
Delegated administration of users, groups and organizations, with a unified approval workflow capability
Federation
As more companies move their business processes to the web, many organizations have a greater need to extend the boundaries of their enterprise to include partner applications. Federating identity data allows each company to operate independently and cooperate for business purposes. Oracle COREid Federation is an identity federation server that provides cross domain single sign-on and helps large corporations securely link their business partners into the corporate portal or extranet while also increasing their compliance with privacy and security regulations. COREid Federation enables customers to manage multiple partners and choose from industry standard federated identity solutions all from within one self-contained software product that companies can easily distribute to their partners. Key features and benefits of Oracle COREid Federation are:
- A single, stand-alone server which integrates with a variety of access management services and identity stores
- Support for SAML 1.x, 2.0 and Liberty federation protocols for maximum interoperability with other federated services
- Can be deployed in a simple peer-to-peer configuration to support internal integrations, or in a hub-and-spoke configuration to support communities of users
Provisioning
Oracle Xellerate Identity Provisioning is a powerful and flexible enterprise identity management system that automatically manages users’ access privileges within enterprise IT resources. Its flexible architecture easily handles the most uncompromising business requirements—without requiring changes to existing infrastructure, policies or procedures. Oracle Xellerate Identity Provisioning manages user access privileges across all of a firm’s resources throughout the entire identity management lifecycle—from initial creation of access privileges to dynamically adapting to changes in business requirements. Companies that deploy Oracle Xellerate Identity Provisioning enjoy increased security, enhanced regulatory compliance, streamlined operations, improved business responsiveness and reduced IT costs. Key features and benefits of Oracle Xellerate Identity Provisioning are:
- Self-service Identity Management Drives User Productivity, Increases User Satisfaction and Optimizes IT Efficiency
- Delegated Administration Enhances Security and Reduces Costs
- Workflow & Policy Management Improves IT Efficiency, Enhances Security and Enables Compliance
- Password Management Reduces IT HelpDesk Costs, and Improves Service Levels
- Audit & Compliance Management Minimizes IT Risk and Reduces the Cost of Compliance
- Adapter Factory® Yields Fastest Time-to-Provisioning Lowest Total Cost of Ownership
Directory Services
Directory services are central to an identity management strategy. Oracle Internet Directory is an LDAPv3 directory that leverages the scaleability, high availability and security features of the Oracle Database. Oracle Internet Directory serves as the central user repository for Oracle Identity Management, simplifying user administration in the Oracle environment and providing a standards-based application directory for the heterogeneous enterprise. Additionally, Oracle Directory Synchronization allows Oracle Identity Management to seamlessly integrate with other directories and enterprise user repositories, allowing users to leverage identity information wherever it resides. Key features and benefits of Oracle Internet Directory are:
- Scalable to support terabytes of real-world directory information on a single server
- Features such as multi-process and multithreaded LDAP processes and database connection pooling, enabling support for tens of thousands of concurrent client requests while maintaining sub second response times
- High availability features such as multi master replication and support for Oracle Real Application Cluster implementations
- Security through a comprehensive and flexible directory access control model providing varying levels of security to custom fit enterprise and service provider needs
- Out-of-the-box synchronization solutions for third-party LDAP servers and HR applications
- Extensibility through a custom plug-in framework
Virtual Directory
Oracle Virtual Directory provides Internet and industry standard LDAP and XML views of existing enterprise identity information, without synchronizing or moving data from its native locations. Oracle Virtual Directory leverages the inherent capabilities of existing relational databases and directory servers to provide advanced scaleability, reliability and performance to the end user. The result is accelerated application deployment and reduced costs by eliminating the need to constantly adapt applications to a changing identity landscape as user populations are added, changed, or removed. Key features and benefits of Oracle Virtual Directory include:
- Full LDAPv3 and DSML compliance in a Java-based implementation, allowing it to work with most applications and providing a high degree of compatibility with many directory products and tools.
- Automatic connection pooling, load balancing, and failover support to improve the overall performance, scaleability, and reliability of your identity and security services.
- Support for extensible join views which can join together different parts of the same user from multiple repositories. If a user exists primarily in an LDAP directory, but departmental information used for authorization is contained in a database, Oracle Virtual Directory can join this information together in real time and present it as a single entry to a requesting application, such as a portal.
- A flexible core engine which allows an administrator to define complex transformation rules that dynamically change data from its form in the original source repository to forms required by multiple different client applications.
Web Services Management
Oracle Web Services Manager is a comprehensive solution for adding policy-driven best practices to all your existing or new Web services and provides the key security and management capabilities necessary to deploy Service-Oriented Architectures across your line-of-business applications. Oracle Web Services Manager allows IT management to centrally define policies that govern Web services operations (such as access policy, logging policy, and load balancing), and then wrap these policies around Web services without requiring modification to those services. In addition, Oracle Web Services Manager collects monitoring statistics to ensure quality of service, uptime, and security threats and displays them in a Web dashboard. As a result, Oracle Web Services Manager brings better control and visibility over Web services. With Oracle Web Services Manager, compliance risk and time to market are greatly reduced. Key features and benefits of Oracle Web Services Manager are:
- Single sign-on, including authentication, authorization, and auditing for Web Services, supporting authorization based on information contained in any part of the XML message or body
- Centralized security policy management with localized enforcement, allowing organizations deploying web services to minimize duplication of effort by leveraging a centralized security infrastructure
- Unified monitoring of cross-organization web services applications, to aid in compliance with regulations such as Sarbanes-Oxley, Gramm-Leach-Bliley, and HIPAA.
Conclusion
A sound identity management infrastructure is essential to enterprise and Internet computing environments. Oracle Identity Management provides an identity management infrastructure that is complete, integrated, robust and based on industry standards.
|
Bookmark
