oow13: developing secure mobile applications (con8902)
DESCRIPTION
As more organizations develop mobile applications that access ever increasing levels of sensitive data, it is critical that standard security policies can be applied, whether coding native, hybrid or mobile browser-based applications. This session will teach you how to code your mobile applications to gain access to Oracle's Mobile Access Management services including device registration, authentication, authorization, step-up authentication and single sign-on.TRANSCRIPT
CON8902 - Developing Secure Mobile ApplicationsMark Wilcox
Senior Product Manager
September 2013
2Copyright © 2011, Oracle and/or its affiliates. All right
This document is for informational purposes. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle. This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle. This document and information contained herein may not be disclosed, copied, reproduced or distributed to anyone outside Oracle without prior written consent of Oracle. This document is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates.
3
Oracle Fusion MiddlewareBusiness Innovation Platform for the Enterprise and Cloud
Complete and Integrated
Best-in-class
Open standards
On-premise and Cloud Foundation for Oracle
Fusion Applications and Oracle Cloud
User Engagement
Identity Management
Business Process
Management
Content Management
Business Intelligence
Service Integration Data Integration
Development Tools
Cloud Application Foundation
Enterprise Management
Web Social Mobile
4
Program Agenda
Define the problem and solution
Partner Demo and Presentation
Oracle Shows The Developer Demo
5Copyright © 2012, Oracle and/or its affiliates. All right
The Mobile and Social Access Promise
Anytime Anywhere Access
New Tools for Business
Personal and Business Devices
Mobile, Social and Cloud AccessMobile and Social Access is
changing the landscape
6Copyright © 2012, Oracle and/or its affiliates. All right
The Mobile and Social Access ProblemsSecurity
Proliferation of Devices
Cannot leverage existing security
Limited device control
A compliance challengeHow to centrally manage the security
and be complaint?
7Copyright © 2012, Oracle and/or its affiliates. All right
The Mobile and Social Access ProblemsUser Experience
Native Applications
No Native Single Sign-on
Password Help Desk Calls
Inconsistent Login ExperienceHow to improve user experience and
productivity?
8
Cloud AccessMobile Security SocialSign-On
Standards Support
Oracle Access Management Mobile & Social Overview
9
Mobile Security
Native AppNative App
Web AppWeb App Mobile and Social
Mobile and Social
REST REST
Oracle SDK
Oracle SDK
Security AppSecurity App
Access ManagementAccess Management
Directory User Profile ServicesDirectory User Profile Services
OAAM ServiceOAAM Service
OAM ServiceOAM Service
Device RegistrationDevice Registration
Lost & Stolen DevicesLost & Stolen Devices
GPS/WIFI Location AwarenessGPS/WIFI Location Awareness
Device Fingerprinting & TrackingDevice Fingerprinting & Tracking
Risk-based KBA & OTPRisk-based KBA & OTP
Transactional risk analysisTransactional risk analysis
10Copyright © 2012, Oracle and/or its affiliates. All right
Client SDKsNative Libraries for iOS and JAVA
Store/Access Keys, Tokens, Handles and other secure data
Access Mobile Device Information (OS, Carrier, Geolocation, IP/MAC)
Support KBA, OTP via Email and SMS
Manage Single Sign-on
Quickly build security into your mobile applications
11Copyright © 2011, Oracle and/or its affiliates. All right 11
Mobile & Social Access Management Deployment Architecture
Corporate DMZ Corporate Network
HTTP/REST/SOAP/OAuth Clients
Oracle Adaptive Access Manager
Mobile and Social
OAM Agent
SOAP/REST and Legacy Web Services
Remote Token Request
LDAP
Secondary Authentication
Oracle Access Manager
Directory Services
Oracle Enterprise Gateway
Web Services Manager Service Bus
Context Aware Authorizationand Data Redaction
OES PDP
OES PDP
12Copyright © 2011, Oracle and/or its affiliates. All right
Partner Presentation
Vivek Lodhi
ERS Specialist Manager , Deloitte & Touche LLP
13Copyright © 2011, Oracle and/or its affiliates. All right
Oracle Developer Demo
DEMO
14Copyright © 2012, Oracle and/or its affiliates. All right
• Mobile security is more than device management• Use a Mobile-focused security product to simplify the
development of secure mobile applications• Oracle provides an end to end mobile security
solution that leverages existing investments in access management
Summary
15Copyright © 2012, Oracle and/or its affiliates. All right
• Partners• Contact Partner Training Services to learn how they can help
you learn Oracle Access Management Secure Mobile Development
• Customers• Contact your Oracle Account Representative to learn more
Next Steps
16
17