· *access management includes oracle opensso sts and oracle ... oracle identity management 11g...
TRANSCRIPT
<Insert Picture Here>
Update Product Management
Christian Patrascu, Principal Product Manager, Oracle Corp.
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions.
2
relied upon in making purchasing decisions.The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
Agenda
• Overview Oracle I&AM • Oracle I&AM – Roadmap
3
• Oracle I&AM – Roadmap
Oracle Security Inside Out
Identity Management
Database
• Identity-as-a-Service• User Provisioning & Role Management• Identity and Access Governance• Access Management • Directory Services
• Encryption and Masking• Privileged User Controls
4
Database Security
Infrastructure Security
• Privileged User Controls• Multi-Factor Authorization• Activity Monitoring and Audit• Secure Configuration
• Microelectronics• Operating Systems• Virtualization and Hypervisors• Storage and Networking
20112005
Oracle’s I&AM Business Momentum
• License Revenue• No. of Products• No. of Customers
3< 250
> 1500% growth18
> 7,000
5
• No. of Customers• Developers & PM• SI Partners• Analyst Evaluation
< 250< 60< 5
Niche Player
> 7,000> 650> 120
Suite Leader
Partners / Suppliers orlocal authorities
Web Service Security
External Users(Economy, Citizens)
Internal Users
Access Control
Id. Synchronization
Data
Fraud D. & Strong Auth.
Entitlement Management
Information Rights Management
Oracle End to End Security with 11G
6
Directory Service
Id. Synchronization
Provisioning & Role Mgt.
Partners / Suppliers orlocal authorities
FederationAudit, Compliance & SOD
Information Rights Management Partners / Suppliers orlocal authorities
Web Service Security
External Users(Economy, Citizens)
Internal Users
Access Control
Data
Oracle End to End Security with 11G
Fraud D. & Strong Auth.
Oracle Web Service Manager
Oracle Access Manager Oracle DB
Vault & Audit
Oracle Adv. Security
Oracle Enterprise Single Sign On
Oracle AdaptiveAccess Manager
Information RightsManager
Id. Synchronization
Entitlement ManagementOracle
Enitlements Server
7
Partners / Suppliers orlocal authorities
Directory Service
……Provisioning & Role Mgt.
Enterprise User Security
Oracle DB Firewall
Oracle Identity Analytics
Oracle Identity Manager
Oracle DirectoryServer EE
Oracle Internet Directory
Oracle VirtualDirectory
Audit, Compliance & SOD
Id. Synchronization
Federation
Oracle Identity Federation
Oracle Identity Management 11GComprehensive and Best-of-Breed
Access Management *Identity Administration Directory Services
Access ManagerAdaptive Access ManagerEnterprise Single Sign-On
Entitlements ServerIdentity Federation
Information Rights ManagementWeb Services Manager
Identity Manager Directory Server EEInternet DirectoryVirtual Directory
8
Oracle Platform Security Services
Web Services Manager
Identity Analytics
Management Pack For Identity Management
Operational Manageability
Identity & Access Governance
*Access Management includes Oracle OpenSSO STS and Oracle OpenSSO Fedlet
Security Governor
Oracle Identity Management 11gKey Design Themes
Integrated Suite
Service-Oriented Security
9
Suite
Hot-Pluggability& Open
Standards
Security
Unified Administration
Identity Administration
Oracle Identity Management 11gComplete and Integrated Suite
Directory Services
10
Access Mgmt
Administration
• Unified and Modern Web 2.0 based Admin Interface
• Unified Installation and Configuration
• Common Auditing and Logging
• Shared Services for:• Password Management
• Identity Administration
• Single Sign-On
• Entitlements Management
Services
Agenda
• Overview Oracle I&AM • Oracle I&AM – Roadmap
11
• Oracle I&AM – Roadmap
I&AM Roadmap
Q2 2011 H2 CY 2011 CY 2012
11G R1 PS1 11G R1 PS2 12G (11G R2)
- Ext. Framew.: Write own AuthN plugins- Impersonation
- openSSO proxy- Websphere Support - Multiple Id. Store
- 10G Feature Parity- Automated Upgrade scripts from 10.1.4.3
12Copyright @ 2011, Oracle. All rights reserved
- Impersonation - Pure Java ASDK- OSTS Integration- BUGs / ERs
- Multiple Id. Store- BUGs / ERs
scripts from 10.1.4.3- Identity Services Framework with SSI
- Common Identity Framework- libOVD- Provlets- Upgrade 9.1.x
- Websphere Support - Multi LDAP Support- BUGs / ERs
- SIM Feature Parity - Identity Services Framework with SSI- Cloud Features
OAMOAM
OIMOIM
IAM as a Cloud
• Use Cases / Customer Segments– Needs IAM Service without considering in-house deployment– Externalize certain functions of IAM– Service Providers that want to offer IAM as a business service
• Functions / Key Business Requirements– Self Service and Delegated Admin for Clients
Client 2
Oracle IAM
1313
– Federated Auth and Provisioning, SSO, Strong Auth– Compliance, Analytics
• Key Technical Requirements– Multi-tenant architecture across IAM stack– MSP to Tenant integration architecture (fedlet/provlet/etc)– “Identity as a Service”
Client 1
MSP
IAM
Apps
IAM as a Cloud
• Use Cases / Customer Segments– Needs IAM Service without considering in-house deployment– Externalize certain functions of IAM– Service Providers that want to offer IAM as a business service
• Examples:
- Telenor (in-house, Identity Admin)
Client 2
Oracle IAM
1414
- Telenor (in-house, Identity Admin)- BT (external offering, Access Management)
Client 1
MSP
IAM
Apps
Phase I:
ID Verification Service
Customer App
Identity as a ServiceBT Managed Fraud Reduction Services
15
End user
Discrete BT Services
Phase II A:
ID Verification Service
Customer App
Identity as a ServiceBT Managed Fraud Reduction Services
16
Fraud Prevention
BT Managed Fraud Reduction Services
End user
Phase II B:
ID Verification Service
Customer App
OSB
Identity as a ServiceBT Managed Fraud Reduction Services
17
Fraud Prevention
BT Managed Fraud Reduction Services
End user
Phase III:
Identity as a ServiceBT Managed Fraud Reduction Services
18
Parameter of Real Time “Risk-score calculation”:
Origin of transaction e.g. registration from black- listed country or entity
Multiple registrations from same device
Location e.g. user transacting from a new device
Previous behaviour:
Identity as a ServiceBT Managed Fraud Reduction Services
19
Previous behaviour:
• Impossible travel: 5 Minutes ago Frankfurt; now Mun ich
• Unusual activity e.g. user normally makes small pay ments to a consistent set of payees but not is about to transfer entire balan ce to a just-created payee
• Cross-channel fraud. E.g. contact details changed v ia call centre immediately before unusual web transaction
Identity Services Framework with SSI
12g10gR3
OAMOAM
AuthN
AuthZ
Audit
Delegated Admin
Self Service
Workflow
OIMOIM
Provisioning
Reconciliation
Connectors
OAMOAM
AuthN
AuthZ
Audit
Fusion ApplicationsOther Applications
11g
20
SSI
WS or API
OIMOIM
Provisioning
Reconciliation
Connectors
Delegated Admin
Self Service
Workflow
Workflow Connectors Audit
Delegated Admin
Workflow
Identity Admin
Role Admin
Self Service…
BPELBPEL
Oracle IdM Suite 12GSummary
Strategic Focus areas:� Enterprise-class multi-tenancy architecture, to sup port Cloud
� Realize the vision of the Identity Services Framewo rk
� Shared identity context across distributed system l ayers
21
Tactical Focus areas:� Common Identity Connector Framework (PS1)
� Coexistence Scenarios for AM & IdAdmin (PS2)
� Cloud – Part 1 (Provlets) (PS2)
� OW / SIM / openSSO Feature Parity & Migrations
� Complete functional & architectural integration of enhanced identity stack
Analyst &
Market Recognition
2009&
2110
22
23