1 <Insert Picture Here> Apresentação de solução da Oracle para autorização de usuários em aplicativos/sistemas Identity and Access Management Alexandre Freire Principal Sales Solution Security Specialist Identity and Access Management GRC Technology Oracle Latin America Strategic Accounts
2 <Insert Picture Here> Oracle Entitlements Server Introdução
3 Oracle Identity and Access Management Commitment to Leadership & Innovation Innovate Lead Id. Assurance Partner Alliance Oracle Access Management Suite Acquisition of BEA OES Acquisition of Bharosa OAAM Acquisition of Bridgestream ORM Identity Governance Framework Market Leader in Forrester s IAM Wave Oracle IdM Eco-system Oracle esso Leader in Gartner s UP & WAM Magic Quadrant Oracle Identity and Access Management Suite Identity Audit and Compliance offering Build Acquisition of OctetString OVD Acquisition of Thor OIM Acquisition of Oblix OAM, OIF & OWSM Acquisition of Phaos Federation and WS technologies Oracle Internet Directory
4 Leader in Magic Quadrants Oracle assumes the No. 1 position - Earl Perkins, Perry Carpenter, Aug (Research G ) User Provisioning, H Web Access Management, H Magic Quadrant Disclaimer: The Magic Quadrant is copyrighted by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
5 Comentários do Gartnet sobre Entitlements Oracle WAM Market - Strengths Trends for 2008 Oracle Market now segmentation sells OAM as (access part of management integrated suites of vs. access management commodity WAM components, vs. consumer including extranets): Oracle Identity The strategic Federation, Oracle direction Entitlements for WAM tools Server is diverging and Oracle as the Adaptive market Access matures. Manager, Larger, enterprise-focused providing improved vendors authorization (IBM, CA, functionality Sun, Novell, beyond Web Oracle, applications, Evidian and as Siemens) well as fraud are detection developing capabilities. access The wide range management of access suites, management which include functions WAM, platform in the suite access puts Oracle control, on fine-grained an excellent entitlement footing with management, broad suite offerings identity from IBM federation and CA. and, often, Web services security tools, combined with unified administration and audit facilities. Smaller vendors (for example, Cafesoft and P2 Security) are focused on low-cost, low-complexity SMB offerings. A few vendors (including EMC/RSA Security and Entrust) are focused specifically on the consumer extranet. Source:
6 Market Leader According To Oracle has established itself as Leader. - The Forrester Wave: Identity And Access Management, Q Oracle reached the top of our evaluation through a combination of the breadth, depth, interoperability, and packaging of its IAM features alongside the strategy and current state of market execution on its application-centric identity vision. - The Forrester Wave: Identity And Access Management, Q1 2008
7 Oracle s Identity Management Suite Identity Admin. Role Manager Identity Manager Access Management Identity Management 2.0 Adaptive Access Manager Entitlements Server Web Services Manager Core Platform Access Manager Identity Federation Enterprise Single Sign-On Directory Services Virtual Directory Internet Directory Authentication Service for OS Audit & Compliance Identity Management Suite Manageability Enterprise Manager IdM Pack
8 <Insert Picture Here> Oracle Entitlements Server Arquitetura Funcional
9 Oracle Entitlement Server O que é? É um Sistema de Controle de Privilégios que possibilta uma definição centralizada de privilégios de complexas aplicações e a execução runtime dos controles destes privilégios. Permite externalizar o controle de privilégios Separa as decisões de segurança, da lógica de negócio das aplicações; Centraliza a gestão das políticas de acesso para vários ambientes de aplicações.
10 Oracle Entitlement Server O que é? Modelo de Políticas suporta a hierarquica natural dos objetos de negócio, roles e direitos de acesso. Protege tanto os componetes de software (ex. URLs, EJBs, etc.) quanto os objetos de negócio (ex. Contas, registros de pacientes, etc.). Prove uma implantação flexível e de fácil integração com os sistemas de segurança e identidades existentes.
11 Entitlements Server Gerenciamento de direitos Presentation Tier Business Logic Tier Data Access Tier Databases Policy Decision Point Entitlements Management Policy Decision Point Policy Decision Point Policy Decision Point Repositório de políticas centralizado Aproveita e potencializa os investimentos existentes em segurança e Identity Management Enforcement da Política de Segurança da corporação Tira a responsabilidade da criação e manutenção das políticias da mão dos desenvolvedores Controle quem pode fazer, ou ver algo, quando e como.
12 Oracle Entitlements Server Architecture Policy Decision Point (PDP) (Standalone) Browser Policy Administration Point (PAP) Admin Server SSM ATN ATZ RM AD CM Admin Server Policies XACML 2.0 Policy Policy Decision Point (PDP/PEP) (Embedded) App Server Entitlements Server SSM ATN ATZ RM AD CM Client Plan Old Java Object (POJO).Net Client Generic SOAP Client Policy Information Point (PIP) Entitlements Entitlements LDAP Relational DB Service Data Objects Attribute Retriever API Embedded Entitlements SSM ATN ATZ RM AD CM User or application directories or database that contain information that is required to make an access decision. Entitlements Server Such information includes user, group, and resource attributes. Oracle Confidential For Internal Use Only
13 OES Administration Server (PAP) Web Browser OES Admin Server (J2EE) Admin UI Application Entitlements API SSM Mgmt Tools Management API ATN ATZ RM AD CM Policy Loader/Exporter Policy Store Policy Files Policy Distributor Admin Scripts To SSMs Runs on WebLogic, Tomcat, WebSphere Web-based Admin Console Policy Reporting Management Tools Management API via Java and Web Services Transactional policy distribution to SSMs Oracle Confidential For Internal Use Only
14 Security Service Module (PDP) Security Service Module Framework API Authentication Authorization Role Mapping Auditing Cred Mapping Identity Directories Entitlements Entitlements Secure Audit Logs External Application Integrate with LDAP, RDBMS, Custom Identity Stores Leverage multiple stores simultaneously Assert identity from SSO or custom tokens Establishes JAAS Subject Provide Grant/Deny decisions based upon policies Integrate external entitlement attribute data from LDAP, RDBMS, SDO Dynamically map users to Roles based upon policy Log messages generated by framework events Write to everything from log4j to secured filesystems Describe custom handlers for various events Translate credentials into custom formats Helps propagate identity across disparate systems Oracle Confidential For Internal Use Only
15 SSM Configurations Standalone Server (PDP) Entitlements Server SSM ATN ATZ RM AD CM J2EE/JVM (PDP/PEP) Embedded Entitlements SSM ATN ATZ RM AD CM Java API.Net API SOAP API XACML 2.0 Oracle DB (with VPD) SharePoint WebLogic Server, Tomcat, Websphere Plain Old Java Object (POJO) Oracle Service Bus Documentum Client/Content Server* SSMs are kept synchronized with central policy store Handle push from Admin Server Retrieve policy upon startup SSMs maintain local persistent caches of relevant policy SSMs maintain local caches of attribute and policy decisions Oracle Confidential For Internal Use Only
16 OES Access Policy OES Access policy is used to grant or deny privileges to resources in the application to specific users, groups, or roles Authorization Request Authorization Response Grant (view, /app/sales/revenuereport, /role/manager) if region = East ; Effect Grant Deny Delegate Action Read Write View Resources Subjects Constraint Boolean Attributes Eval Functions Maps to Application Objects Based on Identity Store(s) Read from External Data Oracle Confidential For Internal Use Only
17 OES Role Policy OES role policy is used to dynamically determine role membership Authorization Request Authorization Response Grant (/role/executive, /app/sales/, /sgrp/manager) if level > 5; Effect Grant Deny Delegate Roles Based on Resources Maps to Subjects Constraint Boolean Attributes Eval Functions Application Based on Read from Objects Identity Store(s) External Data Oracle Confidential For Internal Use Only
18 Entitlements Management Gerenciamento centralizado Gerenciamento dos Entitlements User Roles Application Resources Authorization Policies Role Membership Policies Create Separation of Duties Rules Distribute Entitlements to SSMs Administração das Identidades User Identity Directories User Attributes Auditoria Run Policy Reports Oracle Confidential For Internal Use Only
19 Entitlements Lifecycle Enforcement das Policies sem alterar as aplicações Operations and Compliance Staff Business Owner Developer Developer Oracle Entitlements Server Security Administrator
20 <Insert Picture Here> Oracle Entitlements Server Arquitetura Técnica
21 OAM-OAAM-OES Arquitetura OAM Admin OVD Oracle Access Server Access Manager Partners Web Server 1 (Web Gate) Oracle Internet Directory Load-balancer OAAM Server (OASA) Application Server 1 (SSM) Vendors Web Server 2 (Web Gate) Oracle XE Database Policy Store OAAM Sever (OARM) OES Admin Application Server 2 (SSM) Entitlement Server
22 OES Arquitetura Plataformas (PAP) Table 1 Core Components Component Platforms Operating Systems Admin Console Browser MS IE 6.0, 7.0 Windows 2000 SP4, 2003 R2, XP SP2 E-UI Browser MS IE 6.0, 7.0 Firefox 2.0.x Windows 2000 SP4, 2003 R2, XP SP2 Admin Server Platform WebLogic Server MP2 WebLogic Server 10.0 MP1 WebLogic Server 10gR3 (10.3) 2 WebSphere Application Server Tomcat Sun Solaris 8, 9, 10 (32-bit) Windows 2000 SP4, 2003 R2, XP SP2, Red Hat Adv. Server 3.0, 4.0 Suse Linux & 10.0 AIX OES Policy Store Oracle , , , Sybase , 15 MS-SQL 2000 & 2005 PointBase 5.1 DB2 Universal DB Enterprise Server 9.1 User Directory Oracle Identity Directory Microsoft Active Directory 2000 & Microsoft ADAM SunONE Directory Server v5.2 Novell edirectory v Open LDAP v Oracle , , , 11g Sybase , 15 DB2 Enterprise Server Edition 9.1 MS-SQL 2000 & 2005
23 OES Arquitetura Plataformas (SSM) Table 2 Security Modules Category Platform Version(s) Windows 1 Solaris RHAS 2 Suse 3 9.2, 10.0 AIX , 9, , 4.0 Web Services / RMI MS.NET 1.1 & WL Workshop 9.0, 10.0 Studio 3.0 Yes Yes Yes Yes No Oracle WebLogic Products WebLogic Server , 8.1.6, 9.2.2, 10.0 MP1, WebLogic Portal 8.1.5, 8.1.6, 9.2.2, , 10.2 WebLogic Integration Yes Yes Yes Yes No Other Oracle Products ODSI (formerly ALDSP) 2.5, 3.0, OSB (formerly ALSB) 2.6, OBPM (formerly ALBPM) 6.0 Yes Yes Yes Yes No IBM WebSphere WebSphere 6.1 Yes Yes Yes Yes Yes Java Sun JVM 1.4.2, 5.0, 6.0 JRockit 1.4.2, 5.0, 6.0 IBM JDK 1.4.2, Yes Yes Yes Yes No Web Servers Apache Yes Yes Yes Yes No MS IIS Other Applications Oracle Database 10g Documentum Content Server v5 Microsoft Office SharePoint Server 2007 Yes Yes Yes No Yes N/A No Yes N/A No Yes N/A No Yes N/A
24 High Availability - Runtime Security Module/PDP continues to provide security services even if external components it relies on (such as authentication database, for example) become unavailable. Failover for authentication sources Failover for entitlement sources (attribute retrievers) Failover for Credential Mapper sources For data replication between data sources we recommend to use vendor specific approach or use solutions like Oracle RAC Runtime independence of SM/PDP from Admin Server Application Environment Security Framework Security Service Module Authentication Providers Auditing Providers Role Providers Authorization Providers Credential Providers Source specific replication Primary Authentication Source Back-up Authentication Source Primary Entitlements Source Source specific replication Back-up Entitlements Source Oracle Confidential For Internal Use Only
25 High Availability Management Time New York Tokyo London Application Environment Application Environment Application Environment SSM SSM SSM Primary Admin Server Secondary Admin Server Primary OES DB RDBMS specific replication Secondary OES DB OES Administrator OES Administrator OES Administrator Oracle Confidential For Internal Use Only
26 High Availability Management Time New York Tokyo London Application Environment Application Environment Application Environment SSM SSM SSM Primary Admin Server Secondary Admin Server Primary ALES DB Secondary ALES DB ALES Administrator ALES Administrator ALES Administrator Oracle Confidential For Internal Use Only
27 D E M O N S T R A T I O N Oracle Entitlements Server Live demonstration on a Vmware environment
Siebel Security Guide Siebel Innovation Pack 2013 Version 8.1/8.2 September 2013 Copyright 2005, 2013 Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided
Oracle Access Management Complete, Integrated, Scalable Access Management Solution O R A C L E W H I T E P A P E R M A Y 2 0 1 5 Disclaimer The following is intended to outline our general product direction.
THE OFFICE OF ENTERPRISE TECHNOLOGY STRATEGIES Statewide Technical Architecture Implementation Guidelines: Red Hat Enterprise Linux Implementation Guidelines: Red Hat Enterprise Linux Revised Date: Version:
ANNUAL REPORT 2013 FINANCIAL RESULTS FOR FISCAL YEAR 2013 $1.33 billion in total revenue, an increase of 17% over fiscal 2012 $150 million in net income, or $0.77 per diluted share $1.09 billion in deferred
System Requirements and Supported Platforms for Oracle Business Suite Enterprise Edition Version 10.1.3.3, 10.1.3.4, Rev. O February 2012 System Requirements and Supported Platforms for Oracle Business
Veritas Operations Manager Installation Guide 4.1 January 2013 Veritas Operations Manager Installation Guide The software described in this book is furnished under a license agreement and may be used only
IBM InfoSphere Guardium Managing the Entire Database Security and Compliance Lifecycle More Global 1000 organizations trust IBM to secure their critical enterprise data than any other technology provider.
SAP BusinessObjects Business Intelligence Suite Document Version: 4.0 Support Package 11 2015-02-19 Content 1 About this document....4 2 SAP BusinessObjects Business Intelligence Suite 4.0....5 2.1 Welcome
Symantec Encryption Management Server Administrator's Guide 3.3 The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.
Salient Managed Services Hosting and Support Salient Managed Services: Hosting and Support Salient s Managed Services provide clients with the highest level of reliability and peace of mind. We have qualified
RSA Authentication Manager 8.1 Planning Guide Revision 1 Contact Information Go to the RSA corporate website for regional Customer Support telephone and fax numbers: www.emc.com/domains/rsa/index.htm Trademarks
Server Virtualization Products And Information Security William J. Sparks Daniel G. James ICTN 6883 Semester Project 4/8/2008 Author Bio s Daniel G. James is a fulltime employee/fulltime graduate student
Oracle Whitepaper June 2013 An Oracle White Paper June 2013 Oracle Multitenant plug into the cloud with oracle database 12c Disclaimer The following is intended to outline our general product direction.
Magic Quadrant for E-Mail Active Archiving Gartner RAS Core Research Note G00157611, Carolyn DiCenzo, Kenneth Chin, 20 May 2008, RA2 05292009 E-mail active archiving products continue to add functionality
identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible IT transformation and evolving identities A number of technology trends, including cloud, mobility,
Plug Into The Cloud with Oracle Database 12c ORACLE WHITE PAPER DECEMBER 2014 Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only,
WHITE PAPER CRYSTAL REPORTS SERVER XI Functional Overview CONTENTS 1 Executive Summary 2 Functional Overview 13 Functional Architecture 14 User Interaction Tier 17 Web and Application Services 19 Management
Connecting IdM services to SURFconext Project : SURFworks Projectyear : 2013 Releasedate : 17-01-2014 Version : 1.0 Summary This research compares the currently available IdMaaS services and assesses the
IBM Connections White Paper September 2014 IBM Connections Cloud Security 2 IBM Connections Cloud Security Contents 3 Introduction 4 Security-rich Infrastructure 6 Policy Enforcement Points Provide Application
What s New in Oracle SOA Suite 12c O R A C L E W H I T E P A P E R J U L Y 2 0 1 4 Disclaimer The following is intended to outline our general product direction. It is intended for information purposes