kerry osborne senior oracle guy
DESCRIPTION
Kerry Osborne Senior Oracle Guy. Caveats. The opinions expressed are mine … I’m an old guy I am biased towards Oracle technology I have not drunk too much of the Kool-Aid. Why Identity Management?. My Totally Unscientific Survey ~40 companies ~90% public ~40% over $1B - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Kerry Osborne Senior Oracle Guy](https://reader036.vdocuments.us/reader036/viewer/2022062305/56815931550346895dc66805/html5/thumbnails/1.jpg)
Kerry OsborneSenior Oracle Guy
![Page 2: Kerry Osborne Senior Oracle Guy](https://reader036.vdocuments.us/reader036/viewer/2022062305/56815931550346895dc66805/html5/thumbnails/2.jpg)
Caveats The opinions expressed are mine …
I’m an old guy
I am biased towards Oracle technology
I have not drunk too much of the Kool-Aid
![Page 3: Kerry Osborne Senior Oracle Guy](https://reader036.vdocuments.us/reader036/viewer/2022062305/56815931550346895dc66805/html5/thumbnails/3.jpg)
Why Identity Management?
My Totally Unscientific Survey
~40 companies ~90% public ~40% over $1B
~95% are interested in Identity Management
![Page 4: Kerry Osborne Senior Oracle Guy](https://reader036.vdocuments.us/reader036/viewer/2022062305/56815931550346895dc66805/html5/thumbnails/4.jpg)
Why Identity Management?
Users are frustratedSOX is ScaryNeed to Reduce CostsIt’s Complicated
![Page 5: Kerry Osborne Senior Oracle Guy](https://reader036.vdocuments.us/reader036/viewer/2022062305/56815931550346895dc66805/html5/thumbnails/5.jpg)
Why Oracle Identity Management?
Oracle Identity
Management
OID
OracleDatabase
![Page 6: Kerry Osborne Senior Oracle Guy](https://reader036.vdocuments.us/reader036/viewer/2022062305/56815931550346895dc66805/html5/thumbnails/6.jpg)
Oracle Internet Directory (OID)
v3 compliant LDAP server
Built on Oracle Database Scalable Performant Highly Available
![Page 7: Kerry Osborne Senior Oracle Guy](https://reader036.vdocuments.us/reader036/viewer/2022062305/56815931550346895dc66805/html5/thumbnails/7.jpg)
Speaking of eggs Is it better to have all your eggs in one
basket, or not?
![Page 8: Kerry Osborne Senior Oracle Guy](https://reader036.vdocuments.us/reader036/viewer/2022062305/56815931550346895dc66805/html5/thumbnails/8.jpg)
Squirrel and Fort Knox
![Page 9: Kerry Osborne Senior Oracle Guy](https://reader036.vdocuments.us/reader036/viewer/2022062305/56815931550346895dc66805/html5/thumbnails/9.jpg)
Squirrel and Fort Knox
Squirrel’s Approach He puts nuts in lots of places. They are totally insecure. Therefore, he needs lots of holes. He has lots of nuts. Therefore, he doesn’t care if he loses some.
Fort Knox Approach Put all the gold bullion in one place and lock it down. Can’t afford to loose any. Not enough man power to guard many locations.
![Page 10: Kerry Osborne Senior Oracle Guy](https://reader036.vdocuments.us/reader036/viewer/2022062305/56815931550346895dc66805/html5/thumbnails/10.jpg)
Back to the FutureTraditional Database Systems
Usually authenticated by the database
Yielded lots of silos
Usually not directly associated with a person
![Page 11: Kerry Osborne Senior Oracle Guy](https://reader036.vdocuments.us/reader036/viewer/2022062305/56815931550346895dc66805/html5/thumbnails/11.jpg)
Two Common Security Models
Every user has his own database account Full access to base tables must be granted Access to ad-hoc tools must be limited Can make use of advanced Oracle features OR
Users log on to a proxy account Better approach generally (see caveat 1.0) Not necessary for user to know the actual account Easier to convert to centralized authentication
![Page 12: Kerry Osborne Senior Oracle Guy](https://reader036.vdocuments.us/reader036/viewer/2022062305/56815931550346895dc66805/html5/thumbnails/12.jpg)
Case Study #1
Document Management / Workflow Application
Problem: Build a document management system capable of handling
millions of documents from paper to searchable XML database.
The application should support multiple groupings of users with multiple responsibilities.
Provide a very flexible routing/approval infrastructure.
![Page 13: Kerry Osborne Senior Oracle Guy](https://reader036.vdocuments.us/reader036/viewer/2022062305/56815931550346895dc66805/html5/thumbnails/13.jpg)
Case Study #1
Architecture:
Oracle Database using Oracle Text Java application to access the final database Oracle Forms Oracle Workflow
![Page 14: Kerry Osborne Senior Oracle Guy](https://reader036.vdocuments.us/reader036/viewer/2022062305/56815931550346895dc66805/html5/thumbnails/14.jpg)
Case Study #1Solution:
Use proxy security model where by all users log on to a common database account. Use OID for authentication Create a table of users Synchronize application users table with OID via triggers No need for password field in users table Create view of users table for Workflow
![Page 15: Kerry Osborne Senior Oracle Guy](https://reader036.vdocuments.us/reader036/viewer/2022062305/56815931550346895dc66805/html5/thumbnails/15.jpg)
Case Study #1
App_users
UsernameEmail
Workflow_users
UsernameEmail
Database Trigger
Workflow_users_view
FormsApp Authentication Workflow
OID/SSO
![Page 16: Kerry Osborne Senior Oracle Guy](https://reader036.vdocuments.us/reader036/viewer/2022062305/56815931550346895dc66805/html5/thumbnails/16.jpg)
Case Study #2Consolidation of Security Models /
Authentication
Problem: Numerous custom Oracle based applications all with their own
security components makes compliance with government regulations difficult.
Architecture: Numerous applications all accessing Oracle. Each application uses individual database account security
model. The applications use database roles for security. The client uses Oracle’s Internal Controls Management product. The client plans to implement Oracle Financials.
![Page 17: Kerry Osborne Senior Oracle Guy](https://reader036.vdocuments.us/reader036/viewer/2022062305/56815931550346895dc66805/html5/thumbnails/17.jpg)
Case Study #2Solution:
Convert custom applications to “Bolt On” applications in Oracle Financials. Provides a common security model Provides auditing capability Provides a common user interface Provides out of the box integration with OID/SSO
![Page 18: Kerry Osborne Senior Oracle Guy](https://reader036.vdocuments.us/reader036/viewer/2022062305/56815931550346895dc66805/html5/thumbnails/18.jpg)
Case Study #2
Fin Apps
AppsGLAPXX1XX2…
ResponsibilitesAP ClerkAP Super UserXX1 ClerkXX1 Super User…
XX1
UsersRolesMenusXX2
UsersRolesMenus
UsersGL_User1AP_User1XX1_User1XX1_User2…
OID/SSO
![Page 19: Kerry Osborne Senior Oracle Guy](https://reader036.vdocuments.us/reader036/viewer/2022062305/56815931550346895dc66805/html5/thumbnails/19.jpg)
Case Study #3Active Directory Sync / .Net Application
Problem: The users wish to have centralized authentication
This will provide users with access to the application, whether they are defined in AD, OID or the application.
Architecture: .Net application
The application uses the Proxy Security Model with an internal table of application users.
![Page 20: Kerry Osborne Senior Oracle Guy](https://reader036.vdocuments.us/reader036/viewer/2022062305/56815931550346895dc66805/html5/thumbnails/20.jpg)
Case Study #3Solution:
Use OID as the central repository Synchronize OID with AD and the Internal Users
Table AD sync accomplished with DIP on timed basis Database users table sync is bi-directional
To OID via database triggers From OID with timed job using function based view (ldap
search)
![Page 21: Kerry Osborne Senior Oracle Guy](https://reader036.vdocuments.us/reader036/viewer/2022062305/56815931550346895dc66805/html5/thumbnails/21.jpg)
Case Study #3
Sync
App_users
Ldap$users
via trigger
timed event
IIS
AD
OID/SSO
Oracle SSOPlug In
.net application
Oracle Database