HOL9449 Access Management: Secure web, mobile and cloud access

Transcription

1

2 HOL9449 Access Management: Secure web, mobile and cloud access Kanishk Mahajan Principal Product Manager, Oracle September, 2014 Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Internal/Restricted/Highly Restricted

3 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle. Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Internal/Restricted/Highly Restricted 3

4 Unified Access Management Key Solution Requirements Seamless Multi-Channel Access Integrated Risk, Fraud & Strong Authentication Access Any Application, From Any Device, Any Where Standards Based Modular Architecture Scalable for today s Internet Needs Increase Agility with External Security Policies

5 Oracle Access Management Unified Approach to Complete Authentication, Authorization and Audit Authentication Authorization Mobile and API Federation Intelligent Risk Based Authentication Integrated Strong Authentication Real Time External Security Policies RESTful Interfaces API Management Standards Based Social Platform Common Policy Model Standards Bases Approach Scalable High Availability and DR Authentication Plugin Framework Cloud Apps Desktop Apps Enterprise Apps Oracle Apps Mobile Apps

6 RISK HIGH Access Management Intelligent Context-aware, Content-aware and Risk-aware If the risk is very high: Deny access and alert the security team MED- HIGH If the risk is high: KBA or OTP MED- LOW If the risk is medium: Local account/ SAML Federated accounts LOW If the risk is low: Social Identity ALLOW RESPONSE DENY Better user experience, enhanced security, improved compliance

7 Access Management 11gR2 Adoption 1000 OAM 11g R2 Active Customers /31/20135/20/20137/9/20138/28/ /17/ /6/20131/25/20143/16/2014

8 Cloud Ready Access Access Portal SSO Portal to SaaS, Partner and OAM protected resources Web-based interface that adapts to the device Catalog available for users to add, configure, modify and remove applications Configurable View All, Favorites, Recent and Search RESTful interfaces enable integration and customization

9 Cloud Ready Access Access Portal Access Proxy Form Fill SSO through different technologies Applications with login forms Form-Fill Applications that are federation enabled Corporate web resources protected by OAM SSO via OAM session identifiers Identity Federation OAM Resources

10 Cloud Ready Access Identity Federation Fully Converged IdP and SP Protocol Support SAML 2.0, SAML 1.1, OpenID 2.0 IdP/SP initiated SSO, Logout (SAML 2.0) Native Integration with Access Manager Seamless integration, Shared ID Store (Multiple ID Store Support) Leverage OAM Authentication Schemes Session Attribute Support

11 Enabling Cloud API Economy OAuth 2.0 Full OAuth 2.0 Support Integrated into Access Management Server and client, 2 & 3 legged, profile service Natively leverage Access Management services (Auth, SSO, Fraud)

12 Enabling Cloud API Economy OAuth 2.0 Built-in integration with Oracle Access Management Leverage any authentication schemes Fraud Detection & Strong Authentication Single Sign On Shares a common Oracle Access Management configuration, deployment and infrastructure Internet Engineering Task Force (IETF) OAuth 2.0 compliant

13 Securing External Mobile Applications Accelerate deployment of Legacy Applications (Oracle API Gateway) Protect user data with API security for Internet facing mobile applications Enable consistent user experience across platforms with mobile access management Secure mobile app development by externalizing security requirements

14 Securing External Mobile Applications 3. User registers Apps over APNS. Apps request OAuth tokens to access ACME Financials REST services Client requests Stock and Mortgage info from ACME Financials 1. User Apple downloads Push Notification ACME StockApp Server C C from CT App AT Store T 2. User downloads ACME MortgageApp from App Store C AT T T C AT T Mobile & Social Service Client Registration Service Push Notification Service Fraud Detection Service MobileSSO Service C CT T C AT T IDM OAuth Service M&S Service OAuth Extensions C CT T ACME Financials Service C AT T ACME Financials ACME Financials examines the Access Token and sends account info to Mobile Apps Device Store Server Side Device Store enables MobileSSO between participating Apps

15 Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Internal/Restricted/Highly Restricted 15

16