Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kerry Osborne Senior Oracle Guy. Caveats The opinions expressed are mine … I’m an old guy I am biased towards Oracle technology I have not drunk too much.

Published byRebecca Davidson Modified over 9 years ago

Similar presentations

Presentation on theme: "Kerry Osborne Senior Oracle Guy. Caveats The opinions expressed are mine … I’m an old guy I am biased towards Oracle technology I have not drunk too much."— Presentation transcript:

1 Kerry Osborne Senior Oracle Guy

2 Caveats The opinions expressed are mine … I’m an old guy I am biased towards Oracle technology I have not drunk too much of the Kool-Aid

3 Why Identity Management? My Totally Unscientific Survey ~40 companies ~90% public ~40% over $1B ~95% are interested in Identity Management

4 Why Identity Management? Users are frustrated SOX is Scary Need to Reduce Costs It’s Complicated

5 Why Oracle Identity Management? Oracle Identity Management OID Oracle Database

6 Oracle Internet Directory (OID) v3 compliant LDAP server Built on Oracle Database Scalable Performant Highly Available

7 Speaking of eggs Is it better to have all your eggs in one basket, or not?

8 Squirrel and Fort Knox

9 Squirrel’s Approach He puts nuts in lots of places. They are totally insecure. Therefore, he needs lots of holes. He has lots of nuts. Therefore, he doesn’t care if he loses some. Fort Knox Approach Put all the gold bullion in one place and lock it down. Can’t afford to loose any. Not enough man power to guard many locations.

10 Back to the Future Traditional Database Systems Usually authenticated by the database Yielded lots of silos Usually not directly associated with a person

11 Two Common Security Models Every user has his own database account Full access to base tables must be granted Access to ad-hoc tools must be limited Can make use of advanced Oracle features OR Users log on to a proxy account Better approach generally (see caveat 1.0) Not necessary for user to know the actual account Easier to convert to centralized authentication

12 Case Study #1 Document Management / Workflow Application Problem: Build a document management system capable of handling millions of documents from paper to searchable XML database. The application should support multiple groupings of users with multiple responsibilities. Provide a very flexible routing/approval infrastructure.

13 Case Study #1 Architecture: Oracle Database using Oracle Text Java application to access the final database Oracle Forms Oracle Workflow

14 Case Study #1 Solution: Use proxy security model where by all users log on to a common database account. Use OID for authentication Create a table of users Synchronize application users table with OID via triggers No need for password field in users table Create view of users table for Workflow

15 Case Study #1 App_users Username Email Workflow_users Username Email Database Trigger Workflow_users_view Forms App Authentication Workflow OID/SSO

16 Case Study #2 Consolidation of Security Models / Authentication Problem: Numerous custom Oracle based applications all with their own security components makes compliance with government regulations difficult. Architecture: Numerous applications all accessing Oracle. Each application uses individual database account security model. The applications use database roles for security. The client uses Oracle’s Internal Controls Management product. The client plans to implement Oracle Financials.

17 Case Study #2 Solution: Convert custom applications to “Bolt On” applications in Oracle Financials. Provides a common security model Provides auditing capability Provides a common user interface Provides out of the box integration with OID/SSO

18 Case Study #2 Fin Apps Apps GL AP XX1 XX2 … Responsibilites AP Clerk AP Super User XX1 Clerk XX1 Super User … XX1 Users Roles Menus XX2 Users Roles Menus Users GL_User1 AP_User1 XX1_User1 XX1_User2 … OID/SSO

19 Case Study #3 Active Directory Sync /.Net Application Problem: The users wish to have centralized authentication This will provide users with access to the application, whether they are defined in AD, OID or the application. Architecture:.Net application The application uses the Proxy Security Model with an internal table of application users.

20 Case Study #3 Solution: Use OID as the central repository Synchronize OID with AD and the Internal Users Table AD sync accomplished with DIP on timed basis Database users table sync is bi-directional To OID via database triggers From OID with timed job using function based view (ldap search)

21 Case Study #3 Sync App_users Ldap$users via trigger timed event IIS AD OID/SSO Oracle SSO Plug In.net application Oracle Database

22 Questions? www.enkitec.com Kerry.Osborne@enkitec.com

Download ppt "Kerry Osborne Senior Oracle Guy. Caveats The opinions expressed are mine … I’m an old guy I am biased towards Oracle technology I have not drunk too much."

Similar presentations

Inter WISP WLAN roaming

Inter WISP WLAN roaming
Natural Business Services for Construct Users Mark Barnard R&D Manager – Natural Business Services.

Natural Business Services for Construct Users Mark Barnard R&D Manager – Natural Business Services.
ASGC Site Update Yi-Ping Wu Jeng-Hsueh Wu. Two Significant Researches 1.Oracle Security issues and Studies for 3D 2.Streams Replications Study Report.

ASGC Site Update Yi-Ping Wu Jeng-Hsueh Wu. Two Significant Researches 1.Oracle Security issues and Studies for 3D 2.Streams Replications Study Report.
IBM Software Group ® Accessing Domino via Outlook iNotes Access for Microsoft Outlook - Notes Domino 5.5 – 6.0.1 Domino Access for MS Outlook - Notes Domino.

IBM Software Group ® Accessing Domino via Outlook iNotes Access for Microsoft Outlook - Notes Domino 5.5 – Domino Access for MS Outlook - Notes Domino.
11© 2011 Hitachi Data Systems. All rights reserved. HITACHI DATA DISCOVERY FOR MICROSOFT® SHAREPOINT ® SOLUTION SCALING YOUR SHAREPOINT ENVIRONMENT PRESENTER.

11© 2011 Hitachi Data Systems. All rights reserved. HITACHI DATA DISCOVERY FOR MICROSOFT® SHAREPOINT ® SOLUTION SCALING YOUR SHAREPOINT ENVIRONMENT PRESENTER.
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.

Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.
Identity & Access Management / Oracle Unified Directory

Identity & Access Management / Oracle Unified Directory
Picture Users Making Art Chat An interactive communication tool.

Picture Users Making Art Chat An interactive communication tool.
Live Meeting APIs Robert Devine Program Manager Microsoft Corporation.

Live Meeting APIs Robert Devine Program Manager Microsoft Corporation.
Understanding and Managing WebSphere V5

Understanding and Managing WebSphere V5
Dynamics AX Technical Overview Application Architecture Dynamics AX Technical Overview.

Dynamics AX Technical Overview Application Architecture Dynamics AX Technical Overview.
John Hartley Mark Bransby Utilizing Adobe's Publishing Solutions for Distributed Web Publishing.

John Hartley Mark Bransby Utilizing Adobe's Publishing Solutions for Distributed Web Publishing.
Identity and Access Management Dustin Puryear Sr. Consultant, Puryear IT, LLC

Identity and Access Management Dustin Puryear Sr. Consultant, Puryear IT, LLC
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
“This presentation is for informational purposes only and may not be incorporated into a contract or agreement.”

“This presentation is for informational purposes only and may not be incorporated into a contract or agreement.”
Rev Jul-o6 Oracle Identity Management Automate Provisioning to Oracle Applications and Beyond Kenny Gilbert Director of Technology Services.

Rev Jul-o6 Oracle Identity Management Automate Provisioning to Oracle Applications and Beyond Kenny Gilbert Director of Technology Services.
Technical Overview of Kuali Rice UC Davis, Information & Educational Technology January 2009.

Technical Overview of Kuali Rice UC Davis, Information & Educational Technology January 2009.
Kevin Hudson Oracle Corporation October 2001. Evolution of Oracle from Application to Infrastructure.

Kevin Hudson Oracle Corporation October Evolution of Oracle from Application to Infrastructure.

Similar presentations

Ads by Google