Presentation is loading. Please wait.

Presentation is loading. Please wait.

Architecting a Complete Solution for the Cloud Economy Delivering Standards-Based Access Control Marc Chanliau Oracle Identity Management Bernard Diwakar.

Published byCody Taylor Modified over 9 years ago

Similar presentations

Presentation on theme: "Architecting a Complete Solution for the Cloud Economy Delivering Standards-Based Access Control Marc Chanliau Oracle Identity Management Bernard Diwakar."— Presentation transcript:

1

2 Architecting a Complete Solution for the Cloud Economy Delivering Standards-Based Access Control Marc Chanliau Oracle Identity Management Bernard Diwakar Intuit October 02, 2014 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

3 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 3

4 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Program Agenda Introduction Oracle Access Management and the Cloud Access Management Services for the Cloud Intuit Presentation 1 2 3 4 4

5 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Program Agenda Introduction Oracle Access Management and the Cloud Access Management services for the Cloud Intuit Presentation 1 2 3 5 4

6 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Combined On-Premise and Cloud Deployments Access Management in the New Digital Economy Seamless Multi-Channel Access Access Any Application, From Any Device, Anywhere Scalable for Today’s Internet and Cloud Needs Standards-Based, Modular Architecture Integrated, Risk-aware, Strong Auth, and Fraud Prevention AppAdvantage: Increased Agility with Enterprise Apps 6

7 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Access Management 7 Complete functionality Standards-based and modular Content-aware, context-aware, risk-aware Scalable, deployable across multiple data centers Automated upgrades, patching, and migration Support for hybrid environments (on- premise, Cloud) Introduction Web Authentication, SSO Adaptive Access and Fraud Prevention Identity Federation Secure Token Service Mobile Security and Social Identity Cloud SSO Enterprise SSO External, Fine-Grained Authorization Web Services Security API Security

8 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |8 Oracle Access Management Logical Deployment View Mobile Devices Mobile and Social SDK Mobile Devices Mobile and Social SDK HTTP/S - REST OAuth JMS - SOAP AM WebGates WS and API Gateway Load Balancer Oracle Directory Services Third-Party Directory Services Enterprise Applications Web Services – Web APIs On Premise or in the Cloud Enterprise Applications Web Services – Web APIs On Premise or in the Cloud Application Data Oracle Metadata Public Zone (Internet) Web Tier (DMZ) Application Tier (Intranet) Data Tier Oracle Access Management Suite Plus Laptop / Desktop Enterprise SSO Laptop / Desktop Enterprise SSO Web Services Web Services Security Client Web Services Web Services Security Client

9 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Program Agenda Introduction Oracle Access Management and the Cloud Access Management Services for the Cloud Intuit Presentation 1 2 3 9 4

10 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Cloud Identity Management 10 Deployment Options Private Cloud Managed Cloud Public Cloud Customer owns, customer operates Extends Access Management and Identity Governance to Cloud applications Customer owns, Oracle operates Avoid on-premise infrastructure costs by outsourcing management to experienced team Oracle owns, Oracle operates Subscription-based, elastic Access Management for Cloud environments

11 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Access Management in the Cloud Primary web authentication, web SSO, coarse- grained authorization (optionally, Mobile and Social service if mobile clients are involved) Lightweight Cloud SSO proxy Identity Federation: Support for SAML, OAuth, OpenID Web services and API security: First line of defense on-premise and / or in the Cloud SOA Security: First-mile and last-mile security on- premise and / or in the Cloud 11 Services Involved

12 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Access management is on premise or in the Cloud Applications are deployed in a public or private Cloud Clients (requesting parties) use laptop or mobile device browsers only Access management is on premise, some enterprise web applications are on premise, others are in a private Cloud SSO must be provided among applications deployed on premise Federation must be provided between applications deployed on premise and in the Cloud Clients (requesting parties) use laptop or mobile device browsers or native apps 12 Cloud Access Management Use-Case Scenarios

13 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Clients (requesting parties) use Oracle web services or applications deployed in the Cloud Requests are first intercepted in the DMZ and passed on to the Intranet resources for processing Responses returned to requesting parties must obfuscate selected private information Clients (requesting parties) located on- premise or in the Cloud send web services or web API requests to SaaS applications deployed in a public Cloud 13 Cloud Access Management Use-Case Scenarios (cont’d)

14 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Program Agenda Introduction Oracle Access Management and the Cloud Access Management Services for the Cloud Intuit Presentation 1 2 3 14 4

15 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Need for Access Portal Services Simplify the user experience to access corporate web and Cloud resources Adapt to different PC and mobile form factors Enable integration with existing corporate portals Provide wizard-driven tools to accommodate integration with SaaS, partner, and Cloud applications 15 Customer Challenges User Portal SSO to SaaS SSO to Corporate Web Apps Integrate and Customize SSO to Partner Apps

16 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Access Portal Hosted single sign-on (SSO) proxy service – Secure way for users to access enterprise applications from any device supporting a browser – Support intranet and extranet applications, on-premise or hosted in the Cloud, using Oracle's form-fill SSO technology 16 A Mobile and Cloud Solution for the Enterprise

17 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Access Management Federation Services Federation Types – SAML-based federation (authentication, attribute sharing) – OpenID-based federation (delegated authentication) – OAuth-based federation (delegated authorization) – Social-identity-based federation (redirected authentication) – Form-fill-based federation (SSO proxy) 17 On-Premise and Cloud Deployments

18 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Access Management Identity Federation Services 18 SAML-Based Federated Authentication and Attribute Sharing Domain A Identity Provider (IdP) Domain B Service Provider (SP) Identities Trust Oracle Access Management platform provides primary web authentication Oracle Access Management Identity Federation generates (IdP) and/or consumes (SP) SAML assertions

19 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Access Management Identity Federation Fedlet Compact, lightweight, easy-to-deploy SAML 2.0 Service Provider implementation fully integrated with Access Management Identity Federation Fedlet is used in multi-tenant SaaS deployments where each SaaS customer acts as an Identity Provider – Each of the tenant applications authenticates remote users coming from its own Identity Provider – In such an environment each of the Fedlet instances is configured to always communicate with the same Identity Provider 19 On-Premise and Cloud Deployment Models

20 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Cloud Security Agent A WebLogic-Server-embedded Java agent designed to support perimeter authentication for browser-based interactions with services hosted in Oracle Cloud – Out-of-the-box SAML-based authentication solution (service provider), extensible to support Access Manager WebGate authentication and OAuth delegated authorization – Complements Web Services Manager which handles security requirements for all REST and SOAP requests in the same WLS container – REST-based communications between agent and Access Manager services – Leverages on-premise Access Management to protect Cloud applications – Leverages Cloud Access Management to protect on-premise applications 20 Sneak Preview (To be released in 2015)

21 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Access Management Identity Federation (OAuth) Extend Access Management services to provide token issuance, token validation, token revocation and user flows in accordance with the OAuth 2.0 standard Enhance Access Management federation use-case scenarios starting with Oracle’s own Cloud deployments – Eliminate the use of end-user passwords in service-to-service interactions – Centralize trust policies and associations in a large deployment The Oracle Access Management OAuth service is extensively used by Oracle Access Management Mobile and Social 21 On-Premise, Cloud, Mobile Deployments

22 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Web Services Manager Web services security enabler for – Oracle Fusion Applications SaaS offering – Oracle Java Cloud Service – Oracle Application Development Framework (ADF) – Oracle Service Bus (OSB) PaaS offering Enable secure communication between Fusion Applications, Java Cloud Service, Integration Service (SOA), and external, standards-based systems Simplified key store management for Cloud-centric usage 22 First-Mile and Last-Mile Security

23 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | API Gateway Secure access to web services and web APIs deployed on premise or in the Cloud Extend Access Management to RESTful APIs – Context-aware authentication – Content-aware authorization – Security tokens – Data redaction – Audit Extend access to web services and APIs from mobile devices (tablets or smartphones) Simplified deployment in Cloud environments 23 First Line of Defense Integrate with multiple environments to provide a complete, end-to-end solution – Oracle Access Management – Third-Party environments Data format transformations – XML to JSON and vice-versa Protocol bridging – REST, SOAP, JMS

24 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | API Gateway Can be deployed on premise and access web services or APIs hosted in the Cloud (top view) Can be deployed in the Cloud on Oracle or third-party Cloud services (bottom view) Functionality supported –Infrastructure as a Service (IaaS) –Platform as a Service (PaaS) – Cloud governance –Software as a Service (SaaS) 24 Support for Cloud Deployments API Gateway (on-premise deployment) Oracle Cloud Microsoft Azure Force.com Amazon Web Services Google Apps Oracle Cloud Amazon Web Services Microsoft Azure API Gateway Cloud Deployment

25 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Program Agenda Introduction Oracle Access Management and the Cloud Access Management Services for the Cloud Intuit Presentation 1 2 3 25 4

26 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Intuit 26 Identity Management as a Managed Service Upgrade from Access Manager 10g to Access Management platform 11gR2 for intranet and SaaS applications Deployment of Access Manager and Access Management Identity Federation service with active- active configuration in two data centers managed by OMCS LDAP and Credential Collectors reside in Intuit’s own data centers Six months upgrade supporting 150+ applications

27 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Questions 27

28 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |28 Complimentary eBook Register Now www.mhprofessional.com/mobsec

29 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |29 Join the Community Twitter twitter.com/OracleIDM Facebook facebook.com/OracleIDM Oracle Blogs Blogs.oracle.com/OracleIDM Oracle IdM Website oracle.com/Identity

30 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |30

Download ppt "Architecting a Complete Solution for the Cloud Economy Delivering Standards-Based Access Control Marc Chanliau Oracle Identity Management Bernard Diwakar."

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
Oracle IDM at First National Bank

Oracle IDM at First National Bank
Internet of Things Security Architecture

Internet of Things Security Architecture
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal 1 1 2 2 4 4 3,6 5 5 7 7 8 8 9 9 1010 1010 DNS Hello User Sample (Gateway)

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
Beyond Brute Force Strategies for Securely leveraging Mobile Devices Rajesh Pakkath, Sr. Principal Product Manger, Oracle Bob Beach, CIO, Chevron October,

Beyond Brute Force Strategies for Securely leveraging Mobile Devices Rajesh Pakkath, Sr. Principal Product Manger, Oracle Bob Beach, CIO, Chevron October,
Beyond Brute Force Strategies for Securely leveraging Mobile Devices Rajesh Pakkath, Sr. Product Manager, Oracle Bob Beach, CIO, Chevron October, 2014.

Beyond Brute Force Strategies for Securely leveraging Mobile Devices Rajesh Pakkath, Sr. Product Manager, Oracle Bob Beach, CIO, Chevron October, 2014.
Implementing and Administering AD FS

Implementing and Administering AD FS
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.

Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
Confidential FullArmor Corp. 2015 Platform for SaaS and mobile apps to remotely access, migrate, and sync Active Directory resources with the cloud ADanywhere.

Confidential FullArmor Corp Platform for SaaS and mobile apps to remotely access, migrate, and sync Active Directory resources with the cloud ADanywhere.
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction.

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction.
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 2 Hidden Gems of APEX David Gale Software Engineer Oracle Application Express November,

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 2 Hidden Gems of APEX David Gale Software Engineer Oracle Application Express November,
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Policy Automation with Oracle Service Cloud Overview and Roadmap CON8909 Davin Fifield,

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Policy Automation with Oracle Service Cloud Overview and Roadmap CON8909 Davin Fifield,
The Safe Harbor The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated.

The Safe Harbor The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated.
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Getting Started with Oracle Compute Cloud

Getting Started with Oracle Compute Cloud
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. JD Edwards Summit PaaS from an Applications Perspective Charles McGuinness Director,

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. JD Edwards Summit PaaS from an Applications Perspective Charles McGuinness Director,
Oracle Confidential – Internal/Restricted/Highly RestrictedCopyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Identity Management.

Oracle Confidential – Internal/Restricted/Highly RestrictedCopyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Identity Management.

Similar presentations

Ads by Google