What is Identity Management

1
Identity and Resource ManagementSolution on
Access and Identity
2
COREid Access Identity Managing All Aspects of
Identity Access
3
COREid Access Overview
Web Server
Enterprise Resources
Web Server
Users (Employees, Partners, Customers, Suppliers,
etc)
LDAP-based Directory Server
DMZ
Firewall
Firewall
4
COREid Identity
Firewall
Firewall
DMZ
Secure Protocol over SSL (NIP)
LDAP over SSL
HTTP(s)
LDAP
Users (Employees, Partners, Customers, Suppliers,
etc)
Web Server
COREid Identity Server
Identity Workflow
Delegated Administration
User Management
Group Management
Organization Management
5
COREid Identity Identity Workflow
Step 4 Application owner approves request
Callout to an external application
Flexible multi-step workflow engine Custom
develop workflows for each process in each
organization.
LDAP
6
COREid Access and Identity

• Benefits
• Centralized and Consistent security across
  heterogeneous environments
• Reduced administration cost
• Improved end user experience
• Better compliance
• Features
• Common policy management
• Multi-level, multi-factor auth mgmt
• Self-service and password mgmt
• Delegated administration
• Workflow engine
• Web Services interfaces

Authentication
Authorization
Identity Admin
7
DemonstrationIdentity Management Access
8
COREid Federation

• Benefits
• Secure integration with partners
• Reduce administration cost
• Deliver improved end user experience
• Features
• Seamless SSO and Identity Sharing
• Multi-protocol gateway SAML, Liberty,
  WS-Federation
• Service Provider or Identity Provider
• Flexible deployment configurations
• Standalone for use with pre-existing web-access
  management solution
• Protocol SDK for custom applications

9
Xellerate Identity Provisioning

• Benefits
• Reduced administration cost
• Critical for regulatory compliance
• Improved security through centralized
  administration
• Features
• Identity life-cycle management for the
  heterogeneous enterprise
• Complete workflow for approvals
• Connectors for OSes, DBs, Directories,
  Groupware, Apps, etc.
• Direct connectivity to HR
• Compliance reporting

10
Oracle Web Services ManagerSOA Security, Java
Container Security

• Benefits
• Development and deployment time security policy
  enforcement
• Cross-platform monitoring and service level
  enforcement
• Compliance Reporting
• Features
• Rich library of pre-built policies
• Centralized policy management with local
  enforcement
• JAAS, JACC, WS-Sec

11
Oracle Virtual Directory Provides
12
Oracle Virtual Directory

• Oracle Virtual Directory
• Real-time consolidation
• Technology abstraction
• Complexity reduction

Customers
Partners
Protects Directory Investments ? Single Identity
View
13
Product Architecture
Service Listener Protocols
WEB GATEWAY
WEB SERVICE
WEB GATEWAY
LDAP
Data Transformation,Mapping, Routing,Security,
Audit
VDE DIRECTORY ENGINE
JOIN VIEW
Custom Adapter
Local Store
Data Adapters
NT
LDAP
DB
14
Virtual Directory Provisioning
Admin
NT Directory
COREid Identity
LDAP
Targets
User
COREid Access
15
Virtual Directory

• Benefits
• Rapid application deployment
• Tighter controls on identity data
• Realtime identity informationaccess
• Features
• Modern Java Web Services technology
• Virtualization, Proxy, Join Routing
  capabilities
• Superior extensibility
• Scalable multi-site administration
• Direct data access

16
DemonstrationVirtual Directory
17
Oracle Differentiators

• Best-in-class solution across suite
• Identity Provisioning Scalability, most flexible
  adaptor technology
• Virtual Directory High-performance direct data
  access, manageability, extensibility
• Extranet Identity Mgmt One product for access
  control and delegated user administration
• Federation Standalone or integrated, with
  support for bulk provisioning, broad protocol
  support
• Web-Services Integrated with SOA platform, one
  solution for security management
• Directory Multi-process, multi-instance
  architecture to scale-up and scale-out
• That work with your Applications Infrastructure
• Certified to work with the broadest set of
  business apps, middleware and databases
• Flexibility modular/suite deployment
• Standards-based and hot-pluggable

18
Heterogeneous Support
Application/Web Servers
Portals
Groupware
Applications
Directories
Operating Systems
ACF-2 TSS
RACF
19
Analyst Feedback

• Over the past nine months Oracle has
  demonstrated a serious commitment to providing a
  strong technical solution for the identity and
  access management needs of both Oracle customers
  and the general market,
• Phil Schacter, Burton Group
• Oracles offering of IAM products now pushes
  ahead of other IAM competitors such as BMC,
  Computer Associates International, Hewlett-
  Packard, IBM, Microsoft, Novell and Sun
  Microsystems.
• Roberta Witty, Gartner
• With its acquisition of PeopleSoft, Oracle
  demonstrated it can move decisively to bring
  acquired companies under its corporate umbrella
  with minimum disruption. Theres no reason to
  believe that these new deals will not have
  similar outcomes for Oracle and its new
  customers.
• Aberdeen Group

20
Embarking on an Identity or Security
Project?Some tips and knowledge points
21
10 Identity Management Project Considerations

• Set Realistic Targets
• Choose the Right Technology
• Focus on Business Value
• Support Your Customer The Application Owner
• Understand The Scale of Investment
• Address Data Quality Up Front
• Monitor and Protect the Health of Your IAM
  Solution
• Create Skills Based Work Teams
• Consolidate Ownership of IAM
• Provide Strong Project Management and
  Architecture
• Resources

22
The Identity Lifecycle is a Business
ProcessFocus on Process, Not Infrastructure
Provisioning processes exist today, but are
largely manual or implemented in code that is
spread throughout the organisation

• Process definitions should be owned by the
  business
• Process owners and users should have visibility
  into their processes
• Process execution should be controlled by I.T.
• Although the identity lifecycle is one logical
  process, the underlying reality may be several
  physical processes
• Provisioning, de-provisioning, identity
  synchronisation, etc.

23
A