Oracle IAM and the Federal ICAM Initiative

Oracle IAM and the Federal ICAM Initiative Nishant Kaushik Lead Strategist, Identity & Access Management

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

Identity, Credential, and Access Management Value Proposition
Increased security, decreased identity theft, data breaches, and trust violations
Compliance with laws, regulations, and standards
Improved interoperability
Enhanced customer service
Elimination of redundancy
Increase in protection of personally identifiable information (PII)
Address Concerns ICAM represents the intersection of digital identities, credentials & access control into one comprehensive approach.

Federal ICAM Roadmap Five Strategic Goals
Comply with federal laws relative to ICAM
Facilitate E-Government by streamlining access to services
Improve security posture across federal enterprise
Enable trust and interoperability
Reduce costs and increase efficiencies
Strategic Vision ICAM segment architecture establishes the foundation for trust & interoperability in conducting electronic transactions both within the Federal Government & with external organizations.

Requirements for IT Security Commercial Sector Managing Security & Risk Increasing Business Value Sustaining Compliance

<Insert Picture Here> Why Oracle?

ICAM Services Framework Source: http://www.idmanagement.gov/documents/FICAM_Roadmap_Implementation_Guidance.pdf

Identity Services Platform Delivering on vision of Service-Oriented Security Identity Service, Identity Store, Credential Store, and Policy Store Providers Declarative Security Services Fusion Apps 3 rd Party/Custom Apps Cloud Service Providers Role Mgmt Directory Svcs ID Admin Authorization Authentication Audit Access Management Directory Services Identity Administration Federation

Oracle Identity Management Comprehensive and Best-of-Breed Oracle Platform Security Services Access Management * Identity Administration Directory Services Access Manager Adaptive Access Manager Enterprise Single Sign-On Entitlements Server Identity Federation Information Rights Management Web Services Manager Identity Manager Directory Server EE Internet Directory Virtual Directory Identity Analytics Management Pack For Identity Management Operational Manageability Identity & Access Governance Security Governor *Access Management includes Oracle OpenSSO STS and Oracle OpenSSO Fedlet

Oracle Identity Manager Identity Administration and Provisioning
Complete and Integrated User and Role Lifecycle Management
Automate Role/Rule-based Provisioning / De-provisioning of user access to resources
Self-service profile and account management requests
Fine-grained Delegated Administration
Internet-grade scalability for extranet provisioning
Service-Oriented
Flexible integration based on SPML
Extensible workflow based on BPEL
Oracle Identity Manager Mainframes Databases and LDAP Custom Apps Enterprise Applications GRANT or REVOKE MANAGE LIFECYCLE Identity Store

Oracle Access Manager Authentication and SSO
End-to-end authentication, single sign-on, and fine grained application protection
Pluggable authentication, flexible identity assertion
Centralized, fine grained policy administration with Session Management to deliver stronger security
Distributed, dynamic access enforcement
Enhanced Manageability
Centralized Server & Agent Administration
Inline Diagnostics & Troubleshooting
Applications Data Services Oracle Access Manager

Oracle Adaptive Access Manager Stronger Authentication and Fraud Prevention
Stronger Authentication Security
OTP Anywhere across Interactive Voice Response, SMS, Email etc.
AnswerLogic offers KBA in combination with registration, answers and fuzzy logic
Proactive Fraud Prevention
Innovative real-time anomaly detection, transaction security
Automatically learns patterns
Centralized policy administration, dashboards, investigation/forensics tools
Universal Risk Snapshots for archival, restoration, forensics and more
Integrated Case Management & Fraud Administration
Secure Login Challenge or Block Risk Modeling Analysis and Forensics Oracle Adaptive Access Manager

Oracle Identity Federation + STS + Fedlet Federation and Identity Propagation
Browser-based, cross-domain SSO
Flexible, standards-based integration framework
Lightweight SP integration via OpenSSO Fedlet
Trust relationship between online partners via OpenSSO Security Token Service (STS)
Comprehensive enterprise security and token services like issuance, validation, and exchange
Support standard (SAML, Kerberos) and Proprietary (Peoplesoft, Siebel) token formats
Support for industry standards
SAML, Liberty ID-FF, WS-Federation
Enterprise-ready operational management and monitoring
For Service Partners Account Mapping IdP Discovery Integration APIs Oracle Identity Federation Applications OpenSSO STS OpenSSO Fedlet Trust Framework SAML Enablement

Oracle Entitlements Server Authorization and Entitlements
Complete application security
Externalized entitlements
Agile business policies universally enforced
Enterprise-ready architecture
Centralized policy management, distribution
Localized policy decisions and enforcement
Granular enforcement & controls
Fine-grained entitlements
Leverage existing identity stores and enterprise data for entitlements decisions
Risk aware authorizations
Protect any system or business component across heterogeneous platforms
Oracle Entitlements Server Enforce Access Evaluate Policies Application Application Application Model Resources Define Policies Map Enterprise Entitlements Distribute policies

Oracle Identity Analytics Compliance and Identity Governance
Rich Identity Warehouse
Optimized for Analysis, Mining, Correlation, Reporting on Identity, Access and Policy Data
Compliance Control Panel
Exhaustive set of Audit and Compliance Reports
Actionable Dashboards
Advanced Role Mining and Engineering
Cert360 offers complete view of users, roles and entitlements to reviewer for attestation
Ability to setup Segregation of Duties (SoD) policies for monitoring, and resolution across IT assets
Dashboard & Reports Enterprise Applications Identity Manager Risk Analytics IT Audit Policy Access Certification Identity Data Sources Access Manager Oracle Identity Analytics Identity Warehouse

Oracle Platform Security Services Identity Platform for Service-Oriented Security
Declarative Security Framework optimizes application lifecycle support
Standards-based and Hot-Pluggable with Identity Management Systems
Security Platform for Oracle Fusion Middleware and Fusion Apps
Identity Store, Credential Store, and Policy Store Providers Oracle Identity Management Oracle Platform Security Services Roles & Entitlements Authorization Auditing Authentication User Provisioning Policy Store Session Data Management Directory Services Access Management Directory Services Identity Administratio n Standards-based Interfaces

Oracle Information Rights Management Secure Emails and Documents
Extend security, control, and tracking of sensitive information beyond repositories and beyond enterprise perimeters
Separation of Rights from Content
Constrain usage in accordance with policy
Classification-Based Rights Management
Full Control over Authorization
Transparent, revocable access for authorized users based on roles
Centralized policy and auditing for widely distributed content
Integration with Oracle Identity Management
Partner Agency State & Local Commercial Agency Perimeters Oracle IRM

Vibrant ISV Ecosystem Physical Access Identity Assurance Network Access Strong Authentication Compliance Data Security SIEM

<Insert Picture Here> Bringing It All Together

ICAM Conceptual Diagram Combine Different Services into an Enterprise Solution Source: http://www.idmanagement.gov/documents/FICAM_Roadmap_Implementation_Guidance.pdf

Complete Lifecycle Management of Identity Manage Credentials and Access in both PACS and LACS Authorized Admins Self-Service Identity Stores Applications Authoritative Sources (HRMS) Lifecycle Management PACS PIV Credential Management Provision/ De-Provision Provision / De-Provision Register PIV in PACS Authorization Engines Oracle Identity Manager

End-to-End Access Management Assert, Validate, Authorize, Enforce and Audit PACS Oracle Platform Security Services LDAP XACML SPML OIM ODS+ SAML OIF+STS +Fedlet OAAM OIA Fully Integrated Suite OES OAM + ESSO Mobile Apps Apps Oracle IRM

<Insert Picture Here> Deploy With Confidence

Oracle Identity Management Complete, Open, Integrated and Secure Hot Pluggable Service-Oriented Security Suite Wide Integration & Standardization

Some of Our Customers Financial Services Manufacturing & Technology Public Sector Transportation & Services Communications Retail

A Leader in Gartner Magic Quadrants These Magic Quadrant graphics were published by Gartner, Inc. as part of larger research notes and should be evaluated in the context of the entire reports. The Gartner reports are available upon request from Oracle. Source: Gartner, Magic Quadrant for User Provisioning – Earl Perkins, Perry Carpenter – September 30, 2010 Gartner, Magic Quadrant for Web Access Management – Ray Wagner Earl Perkins, Gregg Kreizman – November 12, 2009 Magic Quadrant for User Provisioning Magic Quadrant for Web Access Management

A Leader in The Forrester Wave ™: Identity and Access Management, Q4 2009 Source: Forrester, The Forrester Wave™: Identity And Access Management, Q4 2009 – Andras Cser – November 3, 2009 The Forrester Wave is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave are trademarks of Forrester Research, Inc. The Forrester Wave is a graphical representation of Forrester's call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.

For More Information oracle.com/identity search.oracle.com or Identity management

Questions Connect, Discuss @ NishantK blog.talkingidentity.com Learn More oracle.com /identity bit.ly/oracleidm11g

Oracle IAM and the Federal ICAM Initiative

by Nishant Kaushik

Accessibility

Categories

Upload Details

Usage Rights

2 Embeds 94

Statistics

Oracle IAM and the Federal ICAM Initiative Presentation Transcript

http://blog.talkingidentity.com	85
http://www.mastermindclub.org	9