Identity Management: Overview
Identity management is a collection of processes and strategies that a company uses to
manage the complete security life cycle of resources for its internal and external users,
organizations, and entities, both within and beyond a firewall. An identity management
solution can provide a mechanism for implementing the user management aspects of a
corporate policy. It can also be a means to audit users and their access privileges.
Identity management ensures the integrity of large application grids by enabling new levels of
security and completeness to address the protection of enterprise resources and the
management of the processes acting on those resources.
Importance
Every company has identity management processes. However, as a company grows, so does
the number of users and organizations it has, as well as resources associated with these
users and organizations. In addition, it becomes increasingly difficult to maintain a secure
network environment. Therefore, an identity management solution is necessary for a company
to:
• Manage its user and organizational base, and handle the creation, modification, and
deletion of resource-related accounts for these users and organizations
• Regulate the access rights that users and organizations have with their accounts (for
audit, regulatory, and compliance purposes). This occurs through attestation, which is
the process of authorizing established internal controls, processes, and policies for data
related to users, organizations, and transactions.
• Enforce security policies for these accounts
• Provide auditing, logging, monitoring, tuning, configuration, reporting, analytic, fraud
detection.
• Pass correspondence between accounts across internal and external domains
Architecture of Oracle identity Manager
The Oracle Identity Manager architecture consists of three tiers
Tier 1: Client: The Oracle Identity Manager application GUI component
reside in this tier. Users log in by using the Oracle Identity Manager
client.The Oracle Identity Manager client interacts with the Oracle Identity
Manager server, providing it with the user's login credentials.
Tier 2: Application Server: The second tier implements the business
logic, which resides in the Java Data Objects that are managed by the supported
J2EE application server (JBoss application server, BEA WebLogic, and IBM
WebSphere). The Java Data Objects implement the business logic of the Oracle
Identity Manager application, however, they are not exposed to any methods from
the outside world. Therefore, to access the business functionality of Oracle
Identity Manager, you can use the API layer within the J2EE infrastructure,
which provides the lookup and communication mechanism.
Tier 3: Database: The third tier consists of the database. This
is the layer that is responsible for managing the storage of data within Oracle
Identity Manager.
Oracle Identity Management Products
Oracle Identity Manager: Oracle Identity Manager is a highly flexible and scalable
enterprise identity management system that controls user accounts and access
privileges in enterprise IT resources centrally. It provides the functionality of
provisioning, identity and role administration, approval and request management, policy based
entitlement management, technology integration, and audit and compliance
automation.
Oracle Access Manager:Oracle Access Manager provides centralized, policy-driven
services for authentication and SSO. Oracle Access Manager integrates with various
authentication mechanisms, third-party Web servers and application servers, and
standards-based federated SSO solutions to ensure maximum flexibility and a well integrated,
comprehensive web access control solution. Oracle Access Manager
complements its own coarse-grained authorization capabilities by integrating with Oracle
Entitlements Server to provide fine-grained authorization to applications, portals,
databases, and Web services.
Oracle Adaptive Access Manager:Oracle Adaptive Access Manager is a Web-based
solution that provides resource protection by enabling an enterprise to perform fraud
detection software-based, multi factor authentication; and unique authentication
strengthening in real time through the Web and SMS devices such as cell phones.
Oracle Adaptive Access Manager supports complex, heterogeneous enterprise
environments.
Adaptive Risk Manager provides online risk analysis in real time, and
proactive actions to prevent fraud at critical log-in and transaction checkpoints.
Oracle Entitlements Server:Oracle Entitlements Server is a fine-grained authorization
engine that externalizes, unifies, and simplifies the management of complex entitlement
policies. Oracle Entitlements Server secures access to application resources and
software components (such as URLs, Enterprise JavaBeans, and JavaServer Pages) as
well as arbitrary business objects (such as customer accounts or patient records in a
database).
Oracle Entitlements Server provides a centralized administration point for managing
complex, standards-based entitlement policies across enterprise applications. This
results in a more-secure enterprise environment, improved ease of administration,
consistent policy enforcement, and improved compliance.
Oracle Identity Federation:Oracle Identity Federation is a self-contained and flexible
multiprotocol federation server that is deployable with existing identity management
systems. It enables browser-based, cross-domain SSO by using industry standards
(Security Assertion Markup Language [SAML], Liberty ID-FF, WS-Federation, and so
on). Version 11g of Oracle Identity Federation introduces support for Microsoft Windows
CardSpace (for example, an Oracle Identity Federation identity provider can challenge a
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Oracle Identity Management Products: Overview
Chapter 14 - Page 8
user for login through the CardSpace protocol and then return a SAML assertion based
on the CardSpace authentication and claims).
Oracle Identity Analytics:Oracle Identity Analytics (formerly Sun Role Manager) is
now the strategic product going forward for Role Administration and Role Governance. It
provides enterprises with the ability to engineer and manage roles and automate critical
identity-based controls. After roles are defined, certified, and assigned, the software
continues to deliver value throughout the user access life cycle.
Oracle Internet Directory:Oracle Internet Directory is an LDAP v3 directory service
that leverages the scalability, high availability, and security features of Oracle Database.
It serves as the central user repository for Oracle Access Manager and other Oracle
applications. Oracle Internet Directory provides Oracle Fusion Middleware components,
Oracle Fusion applications, and in-house enterprise applications with an LDAP-based
mechanism for storing and accessing identity data such as user credentials (for
authentication), access privileges (for authorization), and profile information
Oracle Virtual Directory:Oracle Virtual Directory presents a single logical directory thatexposes real-time data from multiple heterogeneous data sources without directorysynchronization. That is, it provides real-time identity aggregation and transformationwithout data copying or data synchronization. Oracle Virtual Directory hides the
complexity of underlying data infrastructures by providing industry-standard LDAP and
XML views of existing enterprise identity information, without moving data from its native
location.
No comments:
Post a Comment