Download presentation
Presentation is loading. Please wait.
Published byRebecca Davidson Modified over 9 years ago
1
Kerry Osborne Senior Oracle Guy
2
Caveats The opinions expressed are mine … I’m an old guy I am biased towards Oracle technology I have not drunk too much of the Kool-Aid
3
Why Identity Management? My Totally Unscientific Survey ~40 companies ~90% public ~40% over $1B ~95% are interested in Identity Management
4
Why Identity Management? Users are frustrated SOX is Scary Need to Reduce Costs It’s Complicated
5
Why Oracle Identity Management? Oracle Identity Management OID Oracle Database
6
Oracle Internet Directory (OID) v3 compliant LDAP server Built on Oracle Database Scalable Performant Highly Available
7
Speaking of eggs Is it better to have all your eggs in one basket, or not?
8
Squirrel and Fort Knox
9
Squirrel’s Approach He puts nuts in lots of places. They are totally insecure. Therefore, he needs lots of holes. He has lots of nuts. Therefore, he doesn’t care if he loses some. Fort Knox Approach Put all the gold bullion in one place and lock it down. Can’t afford to loose any. Not enough man power to guard many locations.
10
Back to the Future Traditional Database Systems Usually authenticated by the database Yielded lots of silos Usually not directly associated with a person
11
Two Common Security Models Every user has his own database account Full access to base tables must be granted Access to ad-hoc tools must be limited Can make use of advanced Oracle features OR Users log on to a proxy account Better approach generally (see caveat 1.0) Not necessary for user to know the actual account Easier to convert to centralized authentication
12
Case Study #1 Document Management / Workflow Application Problem: Build a document management system capable of handling millions of documents from paper to searchable XML database. The application should support multiple groupings of users with multiple responsibilities. Provide a very flexible routing/approval infrastructure.
13
Case Study #1 Architecture: Oracle Database using Oracle Text Java application to access the final database Oracle Forms Oracle Workflow
14
Case Study #1 Solution: Use proxy security model where by all users log on to a common database account. Use OID for authentication Create a table of users Synchronize application users table with OID via triggers No need for password field in users table Create view of users table for Workflow
15
Case Study #1 App_users Username Email Workflow_users Username Email Database Trigger Workflow_users_view Forms App Authentication Workflow OID/SSO
16
Case Study #2 Consolidation of Security Models / Authentication Problem: Numerous custom Oracle based applications all with their own security components makes compliance with government regulations difficult. Architecture: Numerous applications all accessing Oracle. Each application uses individual database account security model. The applications use database roles for security. The client uses Oracle’s Internal Controls Management product. The client plans to implement Oracle Financials.
17
Case Study #2 Solution: Convert custom applications to “Bolt On” applications in Oracle Financials. Provides a common security model Provides auditing capability Provides a common user interface Provides out of the box integration with OID/SSO
18
Case Study #2 Fin Apps Apps GL AP XX1 XX2 … Responsibilites AP Clerk AP Super User XX1 Clerk XX1 Super User … XX1 Users Roles Menus XX2 Users Roles Menus Users GL_User1 AP_User1 XX1_User1 XX1_User2 … OID/SSO
19
Case Study #3 Active Directory Sync /.Net Application Problem: The users wish to have centralized authentication This will provide users with access to the application, whether they are defined in AD, OID or the application. Architecture:.Net application The application uses the Proxy Security Model with an internal table of application users.
20
Case Study #3 Solution: Use OID as the central repository Synchronize OID with AD and the Internal Users Table AD sync accomplished with DIP on timed basis Database users table sync is bi-directional To OID via database triggers From OID with timed job using function based view (ldap search)
21
Case Study #3 Sync App_users Ldap$users via trigger timed event IIS AD OID/SSO Oracle SSO Plug In.net application Oracle Database
22
Questions? www.enkitec.com Kerry.Osborne@enkitec.com
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.