Professional Documents
Culture Documents
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracles products remain at the sole discretion of Oracle.
Agenda
Introduction Current state on Campus How can IDM help Oracles IDM Solution Product strategy and roadmap Commitment to our customers
5 Questions:
to ask your Chief Security Officer
How do you control access to your sensitive apps?
Usernames and passwords, HW Tokens.
Identity Thieves
Rogue Employees
Privileged Users
Identity Thieves
Rogue Employees
Privileged Users
Complex
Repeated point-to-point integrations Mostly manual operations
Non-compliant
Difficult to enforce consistent set of policies Difficult to measure compliance with those policies
User un-friendly
Solutions not user-centric but technology-centric Processes not end-user friendly
Institution
Univ of Wisc Madison
State
WI TX DC NY OH CA FL NY OK CA UT NY FL AL FL NY
Incident
Accident Hacking Stolen Accident Hacking Stolen Stolen Stolen Hacking Stolen Stolen Accident Hacking Hacking Hacking Accident
Number
39,535 39,535 38,000 30,000 70,000 7,000 2,100,000 88,000 70,000 72,000 2,200,000 108,000 330,000 37,000 97,200 100,000
5/7/2009
CA
Hacking
160,000
81 13 107
78
Stolen
Accident
943,277 5,985,297
Hacking
5,230,278
Lost Stolen
440,178
Identity Threats
Identity Theft
Consumers hesitate to embrace on-line self service Stolen identity and credit cards used to pay for on-line purchases
Implement strong authentication and risk based authorization for critical apps and web services Enforce minimal access rights based on roles, attributes, and requests Leverage federation technologies for cross-domain SSO
? X
Standards-Based Architecture
Access Management
Identity Management 2.0
Strong authentication Risk based authorization Fine grained entitlements Web Services security
Directory Services
Identity virtualization
Core Platform
Identity lifecycle Organization lifecycle Provisioning & Reconciliation Password management Authentication Authorization Single sign-on Federation LDAP storage LDAP synchronization OS authentication
Manageability
Service level Configuration Performance Automation
Directory Services
Identity Manager
Access Manager
Identity Federation Enterprise Single Sign-On
Internet Directory
Authentication Service for OS
Manageability
Enterprise Manager IdM Pack
AD
Contractor Oracle Identity Federation
Authorization Legacy Applications Fraud Monitoring Risk Profiling Federation & Trust Access Audit Partner Applications & Web Services
Web Service
WebGates Applications
End User
Delegated Admin AccessGates Authentication & Authorization Decisions User Data Policy Data Identity & Group Lifecycle Management Configuration Data Policy Manager Policy Decision Engine
LDAP Store
Self-Service
Self-service and self-registration
Delegated administration
Password reset HRMS LDAP For internal and external users Oracle Identity Manager
AD
Contractor
Provisioning
ERP E-Mail Device Mainframe DB Oracle Identity Manager
Partner Admin
User Provisioning
Workflow Rogue Account Detection Customer Approver Internal User
Mainframe
DB Attester
CRM
LDAP
Account Management
Fraud analytics
Transaction monitoring Device & location tracking Behavior profiling
AD
LDAP
App A
HRMS
CRM Schema Aggregation Schema Transformation Schema Mapping Data Synchronization Internal LDAP Aggregated Schema Meta Directory External LDAP Applications
Database Vault
OIM provisions standard DB user + DB Vault privileges DB Vault is used to protect DBA access to sensitive IdM data
Business Applications
Leader in
Magic Quadrants
Magic Quadrant Disclaimer: The Magic Quadrant is copyrighted by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Standards Support
Contribute and lead
SSTC (SAML Working Group) - Co-Chair Liberty Alliance - President, Board Member WSS, WS-SX (Web Services Security), JCP - Author SPML - Author XACML Voting member
Implement
Accelerate product development Simplify product integration & minimize TCO
Innovate
Enable Identity Governance Framework: CARML, AAPML Standards for end-to-end security
Looking Ahead
Oracle will broaden security product portfolio
Security is not just another line of business for Oracle Security is strategic to Oracles entire product portfolio Emerging areas: entitlement management, fraud, privacy, governance, risk management etc.
Project Fusion
Single security model across Enterprise Applications Suite Enforced uniformly at all parts of technology infrastructure Across entire life-cycle from development to maintenance
Complete solution
Integrated suite of best-of-breed components Each component individually deployable
Application centric
Integrated with business applications Integrated to application life cycle
Hot-pluggable
Standards-based Works across leading platforms
search.oracle.com
Identity management
or oracle.com