Oracle Integrates Security In Fusion 11g Middleware

Oracle has incorporated Sun Microsystems Identity Server into its identity management product line, producing what it calls the first "service-oriented security architecture," now known as Oracle Identity Management 11g.

The security suite is intended to give application developers a set of services that provide for the administration of user identity, password management, strong authentication and authorization, workflow, and auditing. The suite shares a set of common components so that developers have less complexity to deal with as they configure security for different applications, said Oracle's Rohit Gupta, VP of product management for identity products, in an interview.

"We are launching Identity Management 11g as a complete, integrated, end to end" set of security services written in Java that lend themselves to a services architecture, including use in a cloud computing environment, he said. The 11g suite gives multiple applications "a single point of control" for either on-premises or off-premises applications.

Identity management 11g is now integrated into the Oracle Fusion Middleware 11g, replacing a previously scattered set of Oracle products. The suite includes what Gupta called "a radically redesigned user interface with a more intuitive, drag and drop, desktop look and feel" for administering the suite.

The suite includes Oracle Identity Manager 11g for user identity administration and provisioning. Identity Manager includes Universal Delegated Administration, allowing users to self-service their identity management through fine-grained role-based models and approval methods based on business process execution language (BPEL) workflows.

It also includes Oracle Access Manager 11g, providing single sign-on for use of multiple Web applications and allowing in-memory session management based on Oracle's Coherence product. The session management gives a security manager an instant view of user activities based on security policies and the ability to intervene into a session to curtail unwanted activity. Security zones may be assigned to applications so that a single sign-on results in a user accessing only those applications appropriate to his security clearance. Oracle has had an access management product for five years, with the 11g version its latest iteration.

The suite includes Oracle Adaptive Access Manager, which provides fraud prevention through an ability to deliver one-time passwords through short message service (SMS), e-mail, instant messaging, or interactive voice response. Receipt of the one-time password allows a user session to proceed. It watches for evidence of fraudulent behavior, such as a high-level user logging in from San Francisco, then a short while later logging in again from New York, a sign that a user's identity has been compromised. Adaptive Access Manager "looks around at the user's context" rather than simply trusting a login, said Gupta. Oracle has had an adaptive access manager product for three years.

The Oracle Identity Analytics piece of the 11g suite runs on a rich identity warehouse, containing full information on users and the firm's compliance and governance policies. It combines business intelligence with security, looking at many pieces of identity information to gain a Cert360, or a 360-degree, view around the organization on how closely it was following security compliance policies as a whole. It gives a reading on the organization's security health, Gupta said. Oracle OpenSSO Fedlet and OpenSSO STS 11g implement's Sun's method of rapidly authorizing partners previously established as trusted participants in some shared process. It also implements Sun's Secure Token Service for identity propagation.

Oracle Enterprise Manager Grid Control Management Pack for Identity Management 11g provides advanced monitoring and diagnostics on all the 11g security components.

All of the products are either available or will be available "within a few days" of the July 21 announcement, Gupta said. Pricing is posted online, he added.