Oracle Press Release

Oracle Unveils Strategy for Service-Oriented Security

Achieves Key Milestones with Oracle(R) Identity Management for Delivering Flexible Architecture Designed to Improve Security and Business Agility

April 10, 2008

News Facts

Today at the RSA Conference 2008, Oracle will outline its vision for Service-Oriented Security.
By decoupling hard-coded security features from enterprise applications to create reusable, standards-based security services and protocols which any application can consume, Service-Oriented Security enables organizations to simplify and centralize several critical security processes including authentication, authorization, user administration, role management, identity virtualization and governance, and entitlement management, as well as audit and control.
Oracle's Service-Oriented Security encompasses four IT processes - development, deployment, administration and governance. To date, the company has delivered key milestones associated with each of these components including:
Development: Identity Governance Framework - a multi-vendor standard proposal, spearheaded by Oracle, that provides a service-oriented, privacy-aware architecture for developers to access identity data while adhering to usage policies. Oracle, in conjunction with the Liberty Alliance, has delivered the first open source component of the proposed standard.
Deployment: General availability of Oracle(r) Role Manager - software, based on a service-enabled architecture that allows organizations to centrally model, define and manage a repository for business roles and relationships, which can then be used to drive role-based access control, provisioning and approvals across business applications.
Administration: Beta release of Oracle Fine Grained Authorization - software designed to externalize hard-coded authorization policies from heterogeneous enterprise applications. The controlled beta preview complements Oracle's comprehensive Identity and Access Management software that helps enable customers to administer the access rights of users as they interact with business applications today.
Governance: General availability of Oracle Application Access Controls Governor 8.0 - latest release of control monitoring software that leverages an externalized Service-Oriented approach to provide segregation of duties analysis and enforcement for heterogeneous enterprise application environments.
Historically, organizations "bolted" security solutions on to their enterprise applications, a strategy that often hindered business agility. With Service-Oriented Security, organizations can now centralize security solutions in a more flexible security architecture.
Click here for additional information regarding Oracle's Strategy for Service-Oriented Security.

Supporting Quotes

"With today's announcement, Oracle is paving the road for Service-Oriented Security," said Thomas Kurian, senior vice president, Oracle Server Technologies. "For too long companies have struggled with implementing, managing and maintaining separate security models for each individual application in their IT environment. Service-Oriented Security aims to abstract these fragmented and hard-coded policies by providing a standards-based, architectural model to centralize the management of these silos."

Supporting Resources

Related News Releases

Oracle Expert Blogs

Related Resources

About Oracle Identity Management

Serving as the security backbone for Oracle Fusion Middleware, Oracle Identity Management helps customers and partners decrease security threats across diverse IT environments while helping address governance, risk and compliance needs. Oracle Identity Management was the fastest growing suite of Identity Management products in 2006, based on total software revenues worldwide. Oracle Identity Management's support of industry standards such as WS*, XACML, SAML and SPML helps enable customers and partners to more easily integrate applications with the framework. The family of best-in-class software includes Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Enterprise Single Sign-On Suite, Oracle Identity Federation, Oracle Role Manager, Oracle Virtual Directory, Oracle Internet Directory, Oracle Management Pack for Identity Management and Oracle Web Services Manager; all of which can be used in its entirety or as individual components. To learn more, visit

About Oracle

Oracle (NASDAQ: ORCL) is the world's largest enterprise software company. For more information about Oracle, please visit our Web site at


Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

Contact Info

Rebecca Hahn

Letty Ledbetter