SlideShare ist ein Scribd-Unternehmen logo

Declarative security-oes

Als PPTX, PDF herunterladen
O
OracleIDM
Technologie
1 von 18
<Insert Picture Here> Introducing Oracle Entitlements Server 11g
This document is for informational purposes. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle. This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle. This document and information contained herein may not be disclosed, copied, reproduced or distributed to anyone outside Oracle without prior written consent of Oracle. This document is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates. 2
Agenda <Insert Picture Here> • Oracle Entitlements Server Overview • Oracle Entitlements Server 11g – What’s New? • Planning Your Deployment (SENA Systems) 3
Homegrown Applications Pose Significant Risk • Vast Majority of Apps are Homegrown • 50% of applications budgets on in-house software * • Homegrown Apps often host sensitive information • Homegrown Apps are more vulnerable to security breaches * For large companies in competitive, fast-moving industries such as telecommunications, financial services, high tech, pharmaceuticals, and media, those outlays can run into hundreds of millions of dollars. 4
State of Security Solutions Today Homegrown Apps, Cloud Applications Mobile Computing SOA, and Portals • Evolving security • Modern IT initiatives needs and compliance require enforcement of • Security policies are mandates require granular access fragmented constant application privileges • Often host sensitive retooling resulting in • Insufficient tooling and information that is higher costs and support for developing vulnerable to security diminished service apps that require fine- risks. levels. grained authorization 5
Declarative Security Examples Users Roles Privileges Resource Context  Equity Trades Mortgage Equity • NASDAQ trading 10am-4pm Fund • Restrict Trade Sizes to < $100K • By Geography  Municipal Equity • Daily trading limit of $5M • By Trade limit Fund Amy Harris Junior Traders • Unauthorized for trading  Equity Research Oil & Gas • Authorized for Review of Energy • By Vertical industry  Semiconductors Companies listed on NYSE • By Line of Business • Authorized for access to research reports Ellen Stewart Equity Analyst Mortgage Equity • Authorized for 24x7 Trading  Equity Trades Fund • Rebalancing of Small-Cap Funds  Rebalance Funds  Municipal Equity • Daily Trading Limit of $1B Fund Steve Jackson Fund Manager
Oracle Entitlements Server Fine-grained Authorization for Web Applications, Portals, Middleware & Databases
Oracle Entitlements Server Sample Fine-grained Authorization Policies • Example Policies • Junior Traders can submit nstock trades / day with a total value of $5M, during regular trading hours, if market volatility is low • Sensitive patient information should not be visible to clerical workers but allowed for Specialists as long as consent has been given or an emergency • Call Center Reps need approval from a Supervisor to transfer a support case to Engineering • Documents of a given type, sensitivity, and content is only available to employees of (x,y,z) with sufficient clearance, grade, and authentication level 8
Announcing Standards-based, Real-time External Authorization 9
Oracle Entitlements Server 11g Key Design Themes Real-time Rapid Application Comprehensive Authorization Integration Standards Support 10
Real-time Authorization with Oracle Entitlements Server 11g • Massively scalable External Authorization Management • Scales easily to large number of protected resources • Hundreds of millions of users • Thousands of roles • From small workgroups to mission-critical deployments • Authorization checks enforced with real-time latency 11
Oracle Entitlements Server 11g Key Design Themes Real-time Rapid Comprehensive Authorization Application Standards Support Integration 12
Fine-grained Authorization for SOA & Web Services isAuthorized(user = Bob Doe, userOrg = Acme Corp Request userRole = Marketing Manager customerId = 99999 HTTP GET/POST action =getCustomerDetail) Web Client REST XML Web SOAP Web REST/SOAP Service Service Client JMS <SOAP:Envelope> … <SOAP:Body> <getCustomerDetailResponse> <customerID>99999</customerID> <name> Sally Smith </name> Oracle Entitlements Server <phone> 555-1234567 </phone> <SSN>***********</SSN> <creditCardNo>@^*%&@$#%!</creditCardNo> <purchaseHistory> … </purchaseHistory> •Selective Data Redaction & Encryption of the Response </getCustomerDetailResponse> response payload </SOAP:Body> </SOAP:Envelope> •OES authorization decision returns an “Obligation” with information on what to redact and/or encrypt 13
Data Security withOracle Entitlements Server Security Module Security Module Oracle Entitlements Security Module Server (Admin Security Module Server) • Enforcement of data security for heterogeneous data sources - RDBMS, Object Relational, XML, Multi-Dimensional Cubes • Enforcement of security at Data, Business Logic and Presentation tiers • Integrates with Oracle and non-Oracle Databases, Hibernate, TopLink 14
Native & Custom Integrations Portals and Content Management Identity Management App Servers & Dev Frameworks XML Gateways Middleware Data Sources 15
Oracle Entitlements Server 11g Key Design Themes Real-time Rapid Application Comprehensive Authorization Integration Standards Support 16
Comprehensive Standards Support with Oracle Entitlements Server 11g • Supports modern authorization standards • Attribute based Access (ABAC, XACML, OpenAZ) • Role based Access (NIST RBAC, Enterprise RBAC) • Java security frameworks (JAAS) • Choice and flexibility ensures protection of existing investments • Supports different IT maturity levels for externalizing authorization • Commitment to innovation, contribution and implementation of open standards. 17
18| © 2011 Oracle Corporation – Proprietary and Confidential

Empfohlen

Scaling identity to internet proportions
Scaling identity to internet proportionsScaling identity to internet proportions
Scaling identity to internet proportions
OracleIDM
 
Gartner iam 2011-analytics-aj-orig-recordednp-final
Gartner iam 2011-analytics-aj-orig-recordednp-finalGartner iam 2011-analytics-aj-orig-recordednp-final
Gartner iam 2011-analytics-aj-orig-recordednp-final
OracleIDM
 
Ioug webcast entitlements in check
Ioug webcast entitlements in checkIoug webcast entitlements in check
Ioug webcast entitlements in check
OracleIDM
 
Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4
OracleIDM
 
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1
OracleIDM
 
Od webcast-cloud-fraud final
Od webcast-cloud-fraud finalOd webcast-cloud-fraud final
Od webcast-cloud-fraud final
OracleIDM
 
Healthcare it consolidated
Healthcare it consolidatedHealthcare it consolidated
Healthcare it consolidated
OracleIDM
 
Round table guide
Round table guideRound table guide
Round table guide
OracleIDM
 

Empfohlen

Scaling identity to internet proportions
Scaling identity to internet proportionsScaling identity to internet proportions
Scaling identity to internet proportions
OracleIDM
 
Gartner iam 2011-analytics-aj-orig-recordednp-final
Gartner iam 2011-analytics-aj-orig-recordednp-finalGartner iam 2011-analytics-aj-orig-recordednp-final
Gartner iam 2011-analytics-aj-orig-recordednp-final
OracleIDM
 
Ioug webcast entitlements in check
Ioug webcast entitlements in checkIoug webcast entitlements in check
Ioug webcast entitlements in check
OracleIDM
 
Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4
OracleIDM
 
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1
OracleIDM
 
Od webcast-cloud-fraud final
Od webcast-cloud-fraud finalOd webcast-cloud-fraud final
Od webcast-cloud-fraud final
OracleIDM
 
Healthcare it consolidated
Healthcare it consolidatedHealthcare it consolidated
Healthcare it consolidated
OracleIDM
 
Round table guide
Round table guideRound table guide
Round table guide
OracleIDM
 
Oracle_Cisco identity platform approach_webcast
Oracle_Cisco identity platform approach_webcastOracle_Cisco identity platform approach_webcast
Oracle_Cisco identity platform approach_webcast
OracleIDM
 
Platform approach-series-the oracleplatform-final
Platform approach-series-the oracleplatform-finalPlatform approach-series-the oracleplatform-final
Platform approach-series-the oracleplatform-final
OracleIDM
 
Oracle security-formula
Oracle security-formulaOracle security-formula
Oracle security-formula
OracleIDM
 
Manpower group idm-platform
Manpower group idm-platformManpower group idm-platform
Manpower group idm-platform
OracleIDM
 
Sun2 oracle avea's identity management platform transformation
Sun2 oracle avea's identity management platform transformationSun2 oracle avea's identity management platform transformation
Sun2 oracle avea's identity management platform transformation
OracleIDM
 
Biz case-keynote-final copy
Biz case-keynote-final copyBiz case-keynote-final copy
Biz case-keynote-final copy
OracleIDM
 
Df2012 securing information_assets_in_saa_s_clouds_3_0
Df2012 securing information_assets_in_saa_s_clouds_3_0Df2012 securing information_assets_in_saa_s_clouds_3_0
Df2012 securing information_assets_in_saa_s_clouds_3_0
debbanerjee
 
Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1
OracleIDM
 
Building a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementBuilding a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity Management
Nishant Kaushik
 
Overview of Identity and Access Management Product Line
Overview of Identity and Access Management Product LineOverview of Identity and Access Management Product Line
Overview of Identity and Access Management Product Line
Novell
 
Con8833 access at scale for hundreds of millions of users final
Con8833 access at scale for hundreds of millions of users finalCon8833 access at scale for hundreds of millions of users final
Con8833 access at scale for hundreds of millions of users final
OracleIDM
 
Securing access inabyod-world-final-ext
Securing access inabyod-world-final-extSecuring access inabyod-world-final-ext
Securing access inabyod-world-final-ext
OracleIDM
 
ITIL - IAM (Access Management)
ITIL - IAM (Access Management)ITIL - IAM (Access Management)
ITIL - IAM (Access Management)
Josep Bardallo
 
CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid Environment
CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid EnvironmentCIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid Environment
CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid Environment
CloudIDSummit
 
The Revolution in Licensing - Cloud-Based Licensing
The Revolution in Licensing - Cloud-Based LicensingThe Revolution in Licensing - Cloud-Based Licensing
The Revolution in Licensing - Cloud-Based Licensing
LicensingLive! - SafeNet
 
Con8808 enabling business growth in the new economy final
Con8808 enabling business growth in the new economy finalCon8808 enabling business growth in the new economy final
Con8808 enabling business growth in the new economy final
OracleIDM
 
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerRole Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Prolifics
 
Festa della madre della salvezza (mini book)
Festa della madre della salvezza (mini book)Festa della madre della salvezza (mini book)
Festa della madre della salvezza (mini book)
Gesù all'umanità gruppo di preghiera (Italia)
 
Dskp rbt tahun 6
Dskp rbt tahun 6Dskp rbt tahun 6
Dskp rbt tahun 6
Dayangku Nurul
 
China in African Agriculture - Henry Tugendhat
China in African Agriculture - Henry TugendhatChina in African Agriculture - Henry Tugendhat
China in African Agriculture - Henry Tugendhat
futureagricultures
 
Taysia
TaysiaTaysia
Taysia
lesleymccardle
 
Katie & demi audience american hustle
Katie & demi audience american hustleKatie & demi audience american hustle
Katie & demi audience american hustle
NShuttle
 

Weitere ähnliche Inhalte

Was ist angesagt?

Oracle_Cisco identity platform approach_webcast
Oracle_Cisco identity platform approach_webcastOracle_Cisco identity platform approach_webcast
Oracle_Cisco identity platform approach_webcast
OracleIDM
 
Platform approach-series-the oracleplatform-final
Platform approach-series-the oracleplatform-finalPlatform approach-series-the oracleplatform-final
Platform approach-series-the oracleplatform-final
OracleIDM
 
Oracle security-formula
Oracle security-formulaOracle security-formula
Oracle security-formula
OracleIDM
 
Manpower group idm-platform
Manpower group idm-platformManpower group idm-platform
Manpower group idm-platform
OracleIDM
 
Sun2 oracle avea's identity management platform transformation
Sun2 oracle avea's identity management platform transformationSun2 oracle avea's identity management platform transformation
Sun2 oracle avea's identity management platform transformation
OracleIDM
 
Biz case-keynote-final copy
Biz case-keynote-final copyBiz case-keynote-final copy
Biz case-keynote-final copy
OracleIDM
 
Df2012 securing information_assets_in_saa_s_clouds_3_0
Df2012 securing information_assets_in_saa_s_clouds_3_0Df2012 securing information_assets_in_saa_s_clouds_3_0
Df2012 securing information_assets_in_saa_s_clouds_3_0
debbanerjee
 
Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1
OracleIDM
 
Securing access inabyod-world-final-ext
Securing access inabyod-world-final-extSecuring access inabyod-world-final-ext
Securing access inabyod-world-final-ext
OracleIDM
 
CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid Environment
CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid EnvironmentCIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid Environment
CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid Environment
CloudIDSummit
 
The Revolution in Licensing - Cloud-Based Licensing
The Revolution in Licensing - Cloud-Based LicensingThe Revolution in Licensing - Cloud-Based Licensing
The Revolution in Licensing - Cloud-Based Licensing
LicensingLive! - SafeNet
 
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerRole Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Prolifics
 

Was ist angesagt? (17)

Oracle_Cisco identity platform approach_webcast
Oracle_Cisco identity platform approach_webcastOracle_Cisco identity platform approach_webcast
Oracle_Cisco identity platform approach_webcast
 
Platform approach-series-the oracleplatform-final
Platform approach-series-the oracleplatform-finalPlatform approach-series-the oracleplatform-final
Platform approach-series-the oracleplatform-final
 
Oracle security-formula
Oracle security-formulaOracle security-formula
Oracle security-formula
 
Manpower group idm-platform
Manpower group idm-platformManpower group idm-platform
Manpower group idm-platform
 
Sun2 oracle avea's identity management platform transformation
Sun2 oracle avea's identity management platform transformationSun2 oracle avea's identity management platform transformation
Sun2 oracle avea's identity management platform transformation
 
Biz case-keynote-final copy
Biz case-keynote-final copyBiz case-keynote-final copy
Biz case-keynote-final copy
 
Df2012 securing information_assets_in_saa_s_clouds_3_0
Df2012 securing information_assets_in_saa_s_clouds_3_0Df2012 securing information_assets_in_saa_s_clouds_3_0
Df2012 securing information_assets_in_saa_s_clouds_3_0
 
Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1
 
Building a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementBuilding a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity Management
 
Overview of Identity and Access Management Product Line
Overview of Identity and Access Management Product LineOverview of Identity and Access Management Product Line
Overview of Identity and Access Management Product Line
 
Con8833 access at scale for hundreds of millions of users final
Con8833 access at scale for hundreds of millions of users finalCon8833 access at scale for hundreds of millions of users final
Con8833 access at scale for hundreds of millions of users final
 
Securing access inabyod-world-final-ext
Securing access inabyod-world-final-extSecuring access inabyod-world-final-ext
Securing access inabyod-world-final-ext
 
ITIL - IAM (Access Management)
ITIL - IAM (Access Management)ITIL - IAM (Access Management)
ITIL - IAM (Access Management)
 
CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid Environment
CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid EnvironmentCIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid Environment
CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid Environment
 
The Revolution in Licensing - Cloud-Based Licensing
The Revolution in Licensing - Cloud-Based LicensingThe Revolution in Licensing - Cloud-Based Licensing
The Revolution in Licensing - Cloud-Based Licensing
 
Con8808 enabling business growth in the new economy final
Con8808 enabling business growth in the new economy finalCon8808 enabling business growth in the new economy final
Con8808 enabling business growth in the new economy final
 
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerRole Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
 

Andere mochten auch

Katie & demi audience american hustle
Katie & demi audience american hustleKatie & demi audience american hustle
Katie & demi audience american hustle
NShuttle
 
Summary for rough edit two idiots and a lady
Summary for rough edit two idiots and a ladySummary for rough edit two idiots and a lady
Summary for rough edit two idiots and a lady
FirstClassProductions
 
Acc 626 slidecast
Acc 626 slidecastAcc 626 slidecast
Acc 626 slidecast
j9lai
 

Andere mochten auch (20)

Festa della madre della salvezza (mini book)
Festa della madre della salvezza (mini book)Festa della madre della salvezza (mini book)
Festa della madre della salvezza (mini book)
 
Dskp rbt tahun 6
Dskp rbt tahun 6Dskp rbt tahun 6
Dskp rbt tahun 6
 
China in African Agriculture - Henry Tugendhat
China in African Agriculture - Henry TugendhatChina in African Agriculture - Henry Tugendhat
China in African Agriculture - Henry Tugendhat
 
Taysia
TaysiaTaysia
Taysia
 
Katie & demi audience american hustle
Katie & demi audience american hustleKatie & demi audience american hustle
Katie & demi audience american hustle
 
Puusniekka: Tupakointi ammatillisissa oppilaitoksissa – tuloksia Kouluterveys...
Puusniekka: Tupakointi ammatillisissa oppilaitoksissa – tuloksia Kouluterveys...Puusniekka: Tupakointi ammatillisissa oppilaitoksissa – tuloksia Kouluterveys...
Puusniekka: Tupakointi ammatillisissa oppilaitoksissa – tuloksia Kouluterveys...
 
Aparato digestivo
Aparato digestivoAparato digestivo
Aparato digestivo
 
S t o r y b o a r d
S t o r y b o a r dS t o r y b o a r d
S t o r y b o a r d
 
AWS for everyone - 「今」からはじめるAWS@JAWS-UG 東北
AWS for everyone - 「今」からはじめるAWS@JAWS-UG 東北AWS for everyone - 「今」からはじめるAWS@JAWS-UG 東北
AWS for everyone - 「今」からはじめるAWS@JAWS-UG 東北
 
Estrategias de venta en la internacionalización
Estrategias de venta en la internacionalizaciónEstrategias de venta en la internacionalización
Estrategias de venta en la internacionalización
 
Decisão de Celso de Mello de manter Moreira Franco
Decisão de Celso de Mello de manter Moreira FrancoDecisão de Celso de Mello de manter Moreira Franco
Decisão de Celso de Mello de manter Moreira Franco
 
Summary for rough edit two idiots and a lady
Summary for rough edit two idiots and a ladySummary for rough edit two idiots and a lady
Summary for rough edit two idiots and a lady
 
SafePeak - How to configure SQL Server agent in a safepeak deployment
SafePeak - How to configure SQL Server agent in a safepeak deploymentSafePeak - How to configure SQL Server agent in a safepeak deployment
SafePeak - How to configure SQL Server agent in a safepeak deployment
 
Acc 626 slidecast
Acc 626 slidecastAcc 626 slidecast
Acc 626 slidecast
 
Wellbeing 2011 Fact Sheet English
Wellbeing 2011 Fact Sheet EnglishWellbeing 2011 Fact Sheet English
Wellbeing 2011 Fact Sheet English
 
Top 5 australian rock bands
Top 5 australian rock bandsTop 5 australian rock bands
Top 5 australian rock bands
 
Manal p.
Manal p.Manal p.
Manal p.
 
Alternate Concepts, Quotes, ideologies, Ideas o…
Alternate Concepts, Quotes, ideologies, Ideas o…Alternate Concepts, Quotes, ideologies, Ideas o…
Alternate Concepts, Quotes, ideologies, Ideas o…
 
Project presentation1
Project presentation1Project presentation1
Project presentation1
 
Bewonersbedrijf na tekening
Bewonersbedrijf na tekeningBewonersbedrijf na tekening
Bewonersbedrijf na tekening
 

Ähnlich wie Declarative security-oes

Delivering the Promise of SOA - Enterprise Integration Made Easy
Delivering the Promise of SOA - Enterprise Integration Made EasyDelivering the Promise of SOA - Enterprise Integration Made Easy
Delivering the Promise of SOA - Enterprise Integration Made Easy
WSO2
 
Real User Experience Insight
Real User Experience InsightReal User Experience Insight
Real User Experience Insight
ruiruitang
 
Real User Experience Insight
Real User Experience InsightReal User Experience Insight
Real User Experience Insight
ruiruitang
 
Qtility software ltd
Qtility software ltdQtility software ltd
Qtility software ltd
clarkems
 
Entitlement and Compliance Management: Trends and 2012 Vision
Entitlement and Compliance Management: Trends and 2012 VisionEntitlement and Compliance Management: Trends and 2012 Vision
Entitlement and Compliance Management: Trends and 2012 Vision
Flexera
 
Composite Applications with SOA, BPEL and Java EE
Composite Applications with SOA, BPEL and Java EEComposite Applications with SOA, BPEL and Java EE
Composite Applications with SOA, BPEL and Java EE
Dmitri Shiryaev
 
Application Management and Support - Shared Services Featuring the Pay Per Ti...
Application Management and Support - Shared Services Featuring the Pay Per Ti...Application Management and Support - Shared Services Featuring the Pay Per Ti...
Application Management and Support - Shared Services Featuring the Pay Per Ti...
Jade Global
 
Blockchain & Security in Oracle by Emmanuel Abiodun
Blockchain & Security in Oracle by Emmanuel AbiodunBlockchain & Security in Oracle by Emmanuel Abiodun
Blockchain & Security in Oracle by Emmanuel Abiodun
Vishwas Manral
 
Alepo aaa transformation webinar with telesemana
Alepo aaa transformation webinar with telesemanaAlepo aaa transformation webinar with telesemana
Alepo aaa transformation webinar with telesemana
Rafael Junquera
 
Implementing Authorization
Implementing AuthorizationImplementing Authorization
Implementing Authorization
Torin Sandall
 
What's New in Novell Identity Manager 4.0
What's New in Novell Identity Manager 4.0What's New in Novell Identity Manager 4.0
What's New in Novell Identity Manager 4.0
Novell
 
Guy Nirpaz Next Gen App Servers
Guy Nirpaz Next Gen App ServersGuy Nirpaz Next Gen App Servers
Guy Nirpaz Next Gen App Servers
deimos
 

Ähnlich wie Declarative security-oes (20)

Delivering the Promise of SOA - Enterprise Integration Made Easy
Delivering the Promise of SOA - Enterprise Integration Made EasyDelivering the Promise of SOA - Enterprise Integration Made Easy
Delivering the Promise of SOA - Enterprise Integration Made Easy
 
Real User Experience Insight
Real User Experience InsightReal User Experience Insight
Real User Experience Insight
 
Real User Experience Insight
Real User Experience InsightReal User Experience Insight
Real User Experience Insight
 
Real User Experience Insight
Real User Experience InsightReal User Experience Insight
Real User Experience Insight
 
Qtility software ltd
Qtility software ltdQtility software ltd
Qtility software ltd
 
Entitlement and Compliance Management: Trends and 2012 Vision
Entitlement and Compliance Management: Trends and 2012 VisionEntitlement and Compliance Management: Trends and 2012 Vision
Entitlement and Compliance Management: Trends and 2012 Vision
 
The Evolution of Customer License Management
The Evolution of Customer License ManagementThe Evolution of Customer License Management
The Evolution of Customer License Management
 
Identiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffingIdentiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffing
 
License Management
License ManagementLicense Management
License Management
 
Composite Applications with SOA, BPEL and Java EE
Composite Applications with SOA, BPEL and Java EEComposite Applications with SOA, BPEL and Java EE
Composite Applications with SOA, BPEL and Java EE
 
Intro to Identity Management
Intro to Identity ManagementIntro to Identity Management
Intro to Identity Management
 
Cloud gumbo slideshare
Cloud gumbo slideshareCloud gumbo slideshare
Cloud gumbo slideshare
 
Application Management and Support - Shared Services Featuring the Pay Per Ti...
Application Management and Support - Shared Services Featuring the Pay Per Ti...Application Management and Support - Shared Services Featuring the Pay Per Ti...
Application Management and Support - Shared Services Featuring the Pay Per Ti...
 
Introduction to Identity Management
Introduction to Identity ManagementIntroduction to Identity Management
Introduction to Identity Management
 
Blockchain & Security in Oracle by Emmanuel Abiodun
Blockchain & Security in Oracle by Emmanuel AbiodunBlockchain & Security in Oracle by Emmanuel Abiodun
Blockchain & Security in Oracle by Emmanuel Abiodun
 
Alepo aaa transformation webinar with telesemana
Alepo aaa transformation webinar with telesemanaAlepo aaa transformation webinar with telesemana
Alepo aaa transformation webinar with telesemana
 
Implementing Authorization
Implementing AuthorizationImplementing Authorization
Implementing Authorization
 
What's New in Novell Identity Manager 4.0
What's New in Novell Identity Manager 4.0What's New in Novell Identity Manager 4.0
What's New in Novell Identity Manager 4.0
 
Gartner Catalyst Savvis Cloud API Case Study
Gartner Catalyst Savvis Cloud API Case StudyGartner Catalyst Savvis Cloud API Case Study
Gartner Catalyst Savvis Cloud API Case Study
 
Guy Nirpaz Next Gen App Servers
Guy Nirpaz Next Gen App ServersGuy Nirpaz Next Gen App Servers
Guy Nirpaz Next Gen App Servers
 

Mehr von OracleIDM

Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...
OracleIDM
 
Opening remarks-dave-profozichv2
Opening remarks-dave-profozichv2Opening remarks-dave-profozichv2
Opening remarks-dave-profozichv2
OracleIDM
 
Innovations dbsec-12c-pub
Innovations dbsec-12c-pubInnovations dbsec-12c-pub
Innovations dbsec-12c-pub
OracleIDM
 
Identityofthings amitjasuj av10
Identityofthings amitjasuj av10Identityofthings amitjasuj av10
Identityofthings amitjasuj av10
OracleIDM
 
Identityofthings amitjasuj av10
Identityofthings amitjasuj av10Identityofthings amitjasuj av10
Identityofthings amitjasuj av10
OracleIDM
 
Trends gartner iam-amit12-4-12-v1
Trends gartner iam-amit12-4-12-v1Trends gartner iam-amit12-4-12-v1
Trends gartner iam-amit12-4-12-v1
OracleIDM
 

Mehr von OracleIDM (20)

Con9573 managing the oim platform with oracle enterprise manager
Con9573 managing the oim platform with oracle enterprise manager Con9573 managing the oim platform with oracle enterprise manager
Con9573 managing the oim platform with oracle enterprise manager
 
Con9024 next generation optimized directory - oracle unified directory - final
Con9024 next generation optimized directory - oracle unified directory - finalCon9024 next generation optimized directory - oracle unified directory - final
Con9024 next generation optimized directory - oracle unified directory - final
 
Con8902 developing secure mobile applications-final
Con8902 developing secure mobile applications-finalCon8902 developing secure mobile applications-final
Con8902 developing secure mobile applications-final
 
Con8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalCon8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - final
 
Con8837 leverage authorization to monetize content and media subscriptions ...
Con8837 leverage authorization to monetize content and media subscriptions ...Con8837 leverage authorization to monetize content and media subscriptions ...
Con8837 leverage authorization to monetize content and media subscriptions ...
 
Con8836 leveraging the cloud to simplify your identity management implement...
Con8836 leveraging the cloud to simplify your identity management implement...Con8836 leveraging the cloud to simplify your identity management implement...
Con8836 leveraging the cloud to simplify your identity management implement...
 
Con8834 bring your own identity - final
Con8834 bring your own identity - finalCon8834 bring your own identity - final
Con8834 bring your own identity - final
 
Con8828 justifying and planning a successful identity management upgrade final
Con8828 justifying and planning a successful identity management upgrade finalCon8828 justifying and planning a successful identity management upgrade final
Con8828 justifying and planning a successful identity management upgrade final
 
Con8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalCon8823 access management for the internet of things-final
Con8823 access management for the internet of things-final
 
Con8819 context and risk aware access control any device any where - final
Con8819 context and risk aware access control any device any where - finalCon8819 context and risk aware access control any device any where - final
Con8819 context and risk aware access control any device any where - final
 
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...
 
Con8813 securing privileged accounts with an integrated idm solution - final
Con8813 securing privileged accounts with an integrated idm solution - finalCon8813 securing privileged accounts with an integrated idm solution - final
Con8813 securing privileged accounts with an integrated idm solution - final
 
Con8811 converged identity governance for speeding up business and reducing c...
Con8811 converged identity governance for speeding up business and reducing c...Con8811 converged identity governance for speeding up business and reducing c...
Con8811 converged identity governance for speeding up business and reducing c...
 
Con 8810 who should have access to what - final
Con 8810 who should have access to what - finalCon 8810 who should have access to what - final
Con 8810 who should have access to what - final
 
Opening remarks-dave-profozichv2
Opening remarks-dave-profozichv2Opening remarks-dave-profozichv2
Opening remarks-dave-profozichv2
 
Innovations dbsec-12c-pub
Innovations dbsec-12c-pubInnovations dbsec-12c-pub
Innovations dbsec-12c-pub
 
Identityofthings amitjasuj av10
Identityofthings amitjasuj av10Identityofthings amitjasuj av10
Identityofthings amitjasuj av10
 
Identityofthings amitjasuj av10
Identityofthings amitjasuj av10Identityofthings amitjasuj av10
Identityofthings amitjasuj av10
 
Trends gartner iam-amit12-4-12-v1
Trends gartner iam-amit12-4-12-v1Trends gartner iam-amit12-4-12-v1
Trends gartner iam-amit12-4-12-v1
 
Trends gartner iam-amit12-4-12
Trends gartner iam-amit12-4-12Trends gartner iam-amit12-4-12
Trends gartner iam-amit12-4-12
 

Kürzlich hochgeladen

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Kürzlich hochgeladen (20)

CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 

Declarative security-oes

  • 1. <Insert Picture Here> Introducing Oracle Entitlements Server 11g
  • 2. This document is for informational purposes. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle. This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle. This document and information contained herein may not be disclosed, copied, reproduced or distributed to anyone outside Oracle without prior written consent of Oracle. This document is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates. 2
  • 3. Agenda <Insert Picture Here> • Oracle Entitlements Server Overview • Oracle Entitlements Server 11g – What’s New? • Planning Your Deployment (SENA Systems) 3
  • 4. Homegrown Applications Pose Significant Risk • Vast Majority of Apps are Homegrown • 50% of applications budgets on in-house software * • Homegrown Apps often host sensitive information • Homegrown Apps are more vulnerable to security breaches * For large companies in competitive, fast-moving industries such as telecommunications, financial services, high tech, pharmaceuticals, and media, those outlays can run into hundreds of millions of dollars. 4
  • 5. State of Security Solutions Today Homegrown Apps, Cloud Applications Mobile Computing SOA, and Portals • Evolving security • Modern IT initiatives needs and compliance require enforcement of • Security policies are mandates require granular access fragmented constant application privileges • Often host sensitive retooling resulting in • Insufficient tooling and information that is higher costs and support for developing vulnerable to security diminished service apps that require fine- risks. levels. grained authorization 5
  • 6. Declarative Security Examples Users Roles Privileges Resource Context  Equity Trades Mortgage Equity • NASDAQ trading 10am-4pm Fund • Restrict Trade Sizes to < $100K • By Geography  Municipal Equity • Daily trading limit of $5M • By Trade limit Fund Amy Harris Junior Traders • Unauthorized for trading  Equity Research Oil & Gas • Authorized for Review of Energy • By Vertical industry  Semiconductors Companies listed on NYSE • By Line of Business • Authorized for access to research reports Ellen Stewart Equity Analyst Mortgage Equity • Authorized for 24x7 Trading  Equity Trades Fund • Rebalancing of Small-Cap Funds  Rebalance Funds  Municipal Equity • Daily Trading Limit of $1B Fund Steve Jackson Fund Manager
  • 8. Oracle Entitlements Server Sample Fine-grained Authorization Policies • Example Policies • Junior Traders can submit nstock trades / day with a total value of $5M, during regular trading hours, if market volatility is low • Sensitive patient information should not be visible to clerical workers but allowed for Specialists as long as consent has been given or an emergency • Call Center Reps need approval from a Supervisor to transfer a support case to Engineering • Documents of a given type, sensitivity, and content is only available to employees of (x,y,z) with sufficient clearance, grade, and authentication level 8
  • 9. Announcing Standards-based, Real-time External Authorization 9
  • 10. Oracle Entitlements Server 11g Key Design Themes Real-time Rapid Application Comprehensive Authorization Integration Standards Support 10
  • 11. Real-time Authorization with Oracle Entitlements Server 11g • Massively scalable External Authorization Management • Scales easily to large number of protected resources • Hundreds of millions of users • Thousands of roles • From small workgroups to mission-critical deployments • Authorization checks enforced with real-time latency 11
  • 12. Oracle Entitlements Server 11g Key Design Themes Real-time Rapid Comprehensive Authorization Application Standards Support Integration 12
  • 13. Fine-grained Authorization for SOA & Web Services isAuthorized(user = Bob Doe, userOrg = Acme Corp Request userRole = Marketing Manager customerId = 99999 HTTP GET/POST action =getCustomerDetail) Web Client REST XML Web SOAP Web REST/SOAP Service Service Client JMS <SOAP:Envelope> … <SOAP:Body> <getCustomerDetailResponse> <customerID>99999</customerID> <name> Sally Smith </name> Oracle Entitlements Server <phone> 555-1234567 </phone> <SSN>***********</SSN> <creditCardNo>@^*%&@$#%!</creditCardNo> <purchaseHistory> … </purchaseHistory> •Selective Data Redaction & Encryption of the Response </getCustomerDetailResponse> response payload </SOAP:Body> </SOAP:Envelope> •OES authorization decision returns an “Obligation” with information on what to redact and/or encrypt 13
  • 14. Data Security withOracle Entitlements Server Security Module Security Module Oracle Entitlements Security Module Server (Admin Security Module Server) • Enforcement of data security for heterogeneous data sources - RDBMS, Object Relational, XML, Multi-Dimensional Cubes • Enforcement of security at Data, Business Logic and Presentation tiers • Integrates with Oracle and non-Oracle Databases, Hibernate, TopLink 14
  • 15. Native & Custom Integrations Portals and Content Management Identity Management App Servers & Dev Frameworks XML Gateways Middleware Data Sources 15
  • 16. Oracle Entitlements Server 11g Key Design Themes Real-time Rapid Application Comprehensive Authorization Integration Standards Support 16
  • 17. Comprehensive Standards Support with Oracle Entitlements Server 11g • Supports modern authorization standards • Attribute based Access (ABAC, XACML, OpenAZ) • Role based Access (NIST RBAC, Enterprise RBAC) • Java security frameworks (JAAS) • Choice and flexibility ensures protection of existing investments • Supports different IT maturity levels for externalizing authorization • Commitment to innovation, contribution and implementation of open standards. 17
  • 18. 18| © 2011 Oracle Corporation – Proprietary and Confidential

Hinweis der Redaktion

  1. The problem is that some of the most mission critical applications are still home grown. This is especially true in industries where the line of business applications can provide a competitive advantage. Today 50% of application budgets are spent on Home grown apps.In Financial services – trading platforms and wealth management applications are a competitive advantage and are typically home grown In health care – the claims management and optimization systems These applications also hold the most critical information for a business – This would be consumer information, product data and market information. These applications are usually at the top of the audit list for most regulated companies. These apps are also the most vulnerable because the security is typically hard coded into the application and difficult to change. Most of these applications have the toughest audit constraints.When new regulations come out companies have to spend millions of dollars to retool the applications and developers re-invent security policy within the application. In cases like Societe General its just a matter of time before an insider outsmarts the system.To reduce the risk companies need a solution that will separate access to data and transactions in a policy driven solution that can change without re-tooling the application and provide high scale authorization to grow with the business