Sudha Iyer Principal Product Manager Oracle Corporation.

Slides:

Advertisements

Similar presentations

The following is intended to outline our general product direction

Advertisements

© 2006 IBM Corporation Tivoli Identity Manager Express Tivoli Access Manager for Enterprise Single Sign-On (Product Demonstrations) Tivoli Live! – 15 June.

Implementing Tableau Server in an Enterprise Environment

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

GT 4 Security Goals & Plans Sam Meder

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Privileged Identity Management Enterprise Password Vault

Grid Security. Typical Grid Scenario Users Resources.

Understanding Active Directory

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Identity and Access Management

Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.

Making Identity and Access Management Real – The Early Days Brian Lauge Pedersen Senior Technology Specialist.

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

Active Directory and Windows Security Integration with Oracle Database Alex Keh Principal Product Manager, Windows and.NET Oracle.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Understanding Active Directory

#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.

Public Key Infrastructure from the Most Trusted Name in e-Security.

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Cognizance Identity and Access Management Identity Management ● Authentication ● Authorization ● Administration The next generation security solution

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Oracle Application Server 10g (9.0.4) Recommended Topologies Pavana Jain.

Raymond K. Ng Technical Lead - JAAS Platform Security Oracle Corporation.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

Managing Active Directory Domain Services Objects

XPand your capabilities with Citrix ® MetaFrame XP ™ for Windows ®, Feature Release 2.

Security Planning and Administrative Delegation Lesson 6.

Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation.

SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.

SURENDER SARA 10GAS Building Corporate KPI’s

Using AS 10g with EBS What are the Benefits of Integrating AS 10g with Oracle Applications?

Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.

Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:

Identity Solution in Baltic Theory and Practice Viktors Kozlovs Infrastructure Consultant Microsoft Latvia.

® Gradient Technologies, Inc. Inter-Cell Interworking Access Control Across the Boundary Open Group Members Meeting Sand Diego, CA USA April 1998 Brian.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

One Platform, One Solution: eToken TMS 5.1 Customer Presentation November 2009.

Identity and Access Management Siddharth Karnik. Identity Management -> Oracle Identity Management is a product set that allows enterprises to manage.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

Information Technology Current Work in System Architecture January 2004 Tom Board Director, NUIT Information Systems Architecture.

Get Your Community To Collaborate On The Same Portal Page Jim Powell Product Manager Oracle Corporation Session id: OracleAS Portal Rich Lee Product.

- NCSU project goals and requirements - Adoption Drivers - Current challenges and pain points - Identacor at NCSU - Identacor Features - NCSU Key Benefits.

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1 Automate your way to.

Module 9 User Profiles and Social Networking. Module Overview Configuring User Profiles Implementing SharePoint 2010 Social Networking Features.

Federico Guerrini IDA TSP, EMEA Incubation Team From Identity Synchronization to Identity Management.

Web Services Security Patterns Alex Mackman CM Group Ltd

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

15 Copyright © 2004, Oracle. All rights reserved. Adding JAAS Security to the Client.

David Saslav Principal Product Manager Database and Application Server Technologies Oracle Corporation.

Asif Jinnah Field Desktop Services Enabling a Flexible Workforce, an insider’s view.

CERN IT Department CH-1211 Genève 23 Switzerland t Single Sign On, Identity and Access management at CERN Alex Lossent Emmanuel Ormancey,

Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

9 Copyright © 2004, Oracle. All rights reserved. Getting Started with Oracle Migration Workbench.

Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.

Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.

Secure Connected Infrastructure

Uppili Srinivasan Oracle Identity Management and Security

2016 Citrix presentation.

Power BI Security Best Practices

Public Key Infrastructure from the Most Trusted Name in e-Security

SharePoint Online Hybrid – Configure Outbound Search

Active Directory and Windows Security Integration with Oracle Database

OracleAS Identity Management

Presentation transcript:

Sudha Iyer Principal Product Manager Oracle Corporation

Identity Management for Database Applications 40128

Reminder – please complete the OracleWorld online session survey Thank you.

Agenda  Business Drivers for Security  Identity and Security – related?  Key Benefits of Identity Management  Strategies for deployed applications  Oracle Database 10 g  Questions

Business Drivers for Security Why security?

Business Environment …  Increased threat to business continuity – Internal threats – External threats  Government Regulations (US and Foreign) – Security Policy – Security Products  Manageability and High Availability with Security

Measuring ROI in Security  Opportunity Cost – What does lost business, delayed payments and customer retention mean to your business?  Lower Administrative Costs – Patch Management – User Provisioning – Eliminate Password Management woes

Security & Identity Management Where do they meet?

Critical aspects of Security  Privacy – Consumers vs. Businesses – Staying anonymous is expensive  Authentication – Critical to establish trust  Integrity – Non repudiation  Audit

Identity and Security  Identity – Username, Certificate DN, Global UID  Authenticate – Password (what you know) – Stronger alternatives (smart card, Certificate, TGT)  Trust – Secure the channel – Evaluate Access Control – Assist in non repudiation

Identity Management in Oracle 10 g Oracle Internet Directory Directory Synchronization Provisioning Integration Delegated Administration AS 10 g Single Sign-On Oracle Certificate Authority LDAP standard repository for identity information Integration with other directories (e.g. ADS, iPlanet) Automatic provisioning of users in the Oracle environment Self service administration tools for managing identity information across the enterprise Single sign-on to web applications Issue and manage X.509v3 compliant certificates to secure and network connections

Oracle Security Architecture Oracle Internet Directory OracleAS Certificate Authority Directory Integration & Provisioning OracleAS Single Sign-on Delegated Administration Services OracleAS 10 g JAAS, WS Security Java2 Permissions.. Oracle E-Business Suite Responsibilities, Roles …. Oracle 10g Enterprise users, VPD, Encryption Label Security Oracle Collaboration Suite Secure Mail, Interpersonal Rights … Access Management Directory Services Provisioning Services External Security Services Oracle Identity Management Oracle 10 g Platform Security Bindings OracleAS Portal & Wireless Roles, Privilege Groups … Application Component Security OracleAS 10g JAAS, WS Security Java2 Permissions.. Oracle 10g Enterprise users, VPD, Encryption Label Security OracleAS 10 g JAAS, WS Security Java2 Permissions.. Oracle 10 g Database Enterprise users, VPD, Encryption, Label Security Enterprise Security Infrastructure

Benefits of Identity Management Valuable with over capacity in technology

Where is the pain?  User Administration – Scalability  too many accounts for additions, deletions, role changes across 100s of databases  Solution: Directory Integration for Centralized User/Privilege Management  Ease of Use and Flexibility – too many passwords to remember/administer  Solution : Single Sign-On with digital certificates, and Single Password

Oracle Identity Management…  Improve ROI on administration – One network identity for a user – Eliminates maintaining users across databases  Enable self service for user management – Lost Passwords retrieved by end users  Security with Usability – SSL and Kerberos with ease of administration

OID Oracle Databases Apps may rely on -Database Roles alone -Enterprise Roles in the directory -Single Sign On Users and Enterprise users are unified in OID Applications can enforce VPD policies And Label security Audit records, for directory users Jane Surgeon Apps_User Nurse Users, Label Security policies, User Privileges managed in OID Apps_User Database Security for Directory Users

Ongoing User Administration Define a group In OID List Group Access Add User to Group

Directory Users for Legacy Apps Strategies to get more for less

Where to begin?  Understand application user model  Understand access control model  Understand security policies  Decide on new user model  Strategy – Centralize users first – Centralize roles second

Application User Model - 1  Every application user is a database user  Application uses database’s authentication and authorization capability  Every user has an “exclusive” schema  Where are the application objects?

Best Practice - 1  Usually, App objects are in an app schema – Move the database users to the directory – Map the user to a shared schema  Consider using Enterprise Roles – If app relies entirely on database roles

Application User Model - 2  Application user is a database user but, – Some objects are shared and others are owned by each user  Application relies on database roles for access control enforcement

Best Practice - 2  Move the database users to the directory – Each user has an exclusive schema  Consider using Virtual Private Database – Eliminate exclusive schemas; use shared schema

User Management for Model for 1 & 2 Jane OID Client Server App, Jane logs into the database -One Database Connection established Apps may rely on -Database Roles -Enterprise Roles Database users are transformed into Enterprise users (i)mapped to shared schema, or (ii)Have exclusive schema Database looks up user credentials and gets all enterprise roles assigned Oracle DB APP_SCHEMA Guest_Schema

Application User Model - 3  Every application user is a database user  Application has its access control module – Application may use a pre-seeded “App User” – Home grown audit module – Direct access to database objects restricted by PUP* * Product user profile

Best Practice - 3  Cost effective to map users to shared schema  Consider replacing home grown admin module using enterprise roles/database global roles

User Management - 3 OID Oracle DB APP_SCHEMA Database users are transformed into Enterprise users, mapped to shared schema (APP_SCHEMA). Apps_User proxies directory users. Jane Apps_User Jill Apps_User

Application User Model - 4  Application has robust user management module  Application uses application context to track users  How can these users leverage an Enterprise Directory?

Best Practice - 4  Integrate with AS Single Sign-On – Provisioning of users handled automatically by HR – Password management policies of Oracle Internet Directory enforced – Eases integration with other applications in the enterprise  Second stage – delegate access control to DB/OID

Oracle 10 g

Kerberized Enterprise Users  Directory users – Use Kerberos credentials to authenticate to the Oracle Database  Benefits – End-to-end security with desktop sign-on – Virtually no administrative cost – Centralized administration in heterogeneous environment

Integrated Enterprise User Security  Identity Management infrastructure – Unified user model (one password)  Simplified configuration – Provide alternate secure channel for Database Directory communication  Benefits – Easy, low cost administration of users – Identity flows end-to-end aiding accountability – Database security for web application users – Rapid prototype

Security and Identity Management for GRID  Central provisioning of users for database services  Apply database security features for GRID users  Central administration of security policies for GRID users

Security with Usability … a scenario Oracle Internet Directory New employee Provisioned in AD Microsoft ADS Patient Care Patient Profile Surgeon KDC MIT v5 / MSKDC Unix Windows Krb TGT AD Connector

Oracle Label Security, OID Integration  Centrally administer – Oracle Label Security policies – sensitivity labels – user label authorizations  Benefit – Label authorizations enforced for directory users – Enforce uniform policies centrally  Aids GRID computing – Eases administration

Summary Increase Returns on Investment  Lower administrative costs  Simplify user experience – Password resets, single password  Strong authentication alternatives – SSL, Kerberos  Assist Audit Compliance  Integrate with Database Security – Oracle Label Security, Virtual Private Database

A Q & Q U E S T I O N S A N S W E R S

Next Steps….  Recommended sessions – Securing J2EE Applications with Oracle Identity Management – Planning your Identity Management Deployment (40207) – Oracle and Thor: Identity Management Provisioning (40017)  Recommended demos and/or hands-on labs – Security and Identity Management Demo Pods – Oracle Security Command Center - Booth 1736  See Your Business in Our Software – Visit the DEMOgrounds for a customized architectural review, see a customized demo with Solutions Factory, or receive a personalized proposal.

Reminder – please complete the OracleWorld online session survey Thank you.