• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content


Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Like this presentation? Why not share!

Oracle IAM and the Federal ICAM Initiative



Presentation from the Oracle Federal Forum that describes how Oracle IAM can help meet the requirements of the Federal ICAM initiative.

Presentation from the Oracle Federal Forum that describes how Oracle IAM can help meet the requirements of the Federal ICAM initiative.



Total Views
Views on SlideShare
Embed Views



2 Embeds 99

http://blog.talkingidentity.com 90
http://www.mastermindclub.org 9



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.


14 of 4 previous next Post a comment

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • can i get PPT for this presentation osama.fathi@egabi.com
    Are you sure you want to
    Your message goes here
  • Can I get this presentation in power point format? Thanks! bjlewis76@gmail.com
    Are you sure you want to
    Your message goes here
  • Can I get this presentation in PowerPoint format please?

    Are you sure you want to
    Your message goes here
  • Can I get this presentation in PowerPoint of PDF please?

    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • First, as you all know and you heard in our key note, Security Business requirements are challenging. Organizations are being bombarded by increasing number of threat vectors while at the same time managing increasing numbers of identities. Identities of customers, partners, employees, consultants, etc. We have all followed the volatility in the financial markets creating a business and economic environment where IT must deliver increasing productivity while reducing cost. The IT organization must deliver Increasing Business Value. While at the same time, new government regulations across the globe, have introduced legislation increasing the number of compliance initiatives that IT must support.
  • The ICAM service architecture consists of the Services Framework , a functional framework that classifies ICAM service components with respect to how they support business and/or performance. The figure represents two main layers of the Services Framework:  Service Type. Provides a layer of categorization that defines the context of a specific set of service components. The service types in the diagram are represented by the darker blue, outer boxes.  Service Component . A self-contained business process or service with predetermined and well-defined functionality that may be exposed through a well-defined and documented business or technology interface. The service components in the diagram are represented by the lighter blue, inner boxes objectives.
  • With Identity Management 11g, Oracle is delivering the foundation for a unique concept called Service-Oriented Security which is all about enabling identity management functionalities for applications via reusable shared service interfaces. With SoS, we are abstracting out the complexity of implementing security artifacts into applications; developers can now seamlessly weave security into their applications, as well as rapidly deploy them into an enterprise identity management framework. 1. With SoS, Oracle is offering security as discrete services that can be deployed easily. 2. With SoS Oracle offers a framework to build security declaratively into applications resulting in many benefits. Organizations benefit tremendously through faster development cycles, the assurance of strong centralized security policies, increased agility to change policies without touching application code, and the ability to meet compliance requirements more cost-effectively than ever before. 3. Oracle provides a standards-based web services and application programming interfaces (APIs) that insulate developers from security and identity management implementation details. For example, developers don’t need to know the nitty-gritty of cryptographic key management, developers don’t need to code to LDAP API and deal with user repositories and other identity management infrastructures You will hear more about this and how it enforces security in cloud environments in our following session so please stick around for that.
  • Oracle OpenSSO Fedlet packaged as a Web Archive (WAR), a service provider can immediately federate with an OIF identity provider without requiring a full-blown federation solution in place.
  • Oracle has one of the most extensive list of customers in the industry. Here is a list of just some of the major customers that use our products to provide Identity Management Security

Oracle IAM and the Federal ICAM Initiative Oracle IAM and the Federal ICAM Initiative Presentation Transcript

  • Oracle IAM and the Federal ICAM Initiative Nishant Kaushik Lead Strategist, Identity & Access Management
  • The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
  • Identity, Credential, and Access Management Value Proposition
    • Increased security, decreased identity theft, data breaches, and trust violations
    • Compliance with laws, regulations, and standards
    • Improved interoperability
    • Enhanced customer service
    • Elimination of redundancy
    • Increase in protection of personally identifiable information (PII)
    Address Concerns ICAM represents the intersection of digital identities, credentials & access control into one comprehensive approach.
  • Federal ICAM Roadmap Five Strategic Goals
    • Comply with federal laws relative to ICAM
    • Facilitate E-Government by streamlining access to services
    • Improve security posture across federal enterprise
    • Enable trust and interoperability
    • Reduce costs and increase efficiencies
    Strategic Vision ICAM segment architecture establishes the foundation for trust & interoperability in conducting electronic transactions both within the Federal Government & with external organizations.
  • Requirements for IT Security Commercial Sector Managing Security & Risk Increasing Business Value Sustaining Compliance
  • <Insert Picture Here> Why Oracle?
  • ICAM Services Framework Source: http://www.idmanagement.gov/documents/FICAM_Roadmap_Implementation_Guidance.pdf
  • Identity Services Platform Delivering on vision of Service-Oriented Security Identity Service, Identity Store, Credential Store, and Policy Store Providers Declarative Security Services Fusion Apps 3 rd Party/Custom Apps Cloud Service Providers Role Mgmt Directory Svcs ID Admin Authorization Authentication Audit Access Management Directory Services Identity Administration Federation
  • Oracle Identity Management Comprehensive and Best-of-Breed Oracle Platform Security Services Access Management * Identity Administration Directory Services Access Manager Adaptive Access Manager Enterprise Single Sign-On Entitlements Server Identity Federation Information Rights Management Web Services Manager Identity Manager Directory Server EE Internet Directory Virtual Directory Identity Analytics Management Pack For Identity Management Operational Manageability Identity & Access Governance Security Governor *Access Management includes Oracle OpenSSO STS and Oracle OpenSSO Fedlet
  • Oracle Identity Manager Identity Administration and Provisioning
    • Complete and Integrated User and Role Lifecycle Management
    • Automate Role/Rule-based Provisioning / De-provisioning of user access to resources
    • Self-service profile and account management requests
    • Fine-grained Delegated Administration
    • Internet-grade scalability for extranet provisioning
    • Service-Oriented
      • Flexible integration based on SPML
      • Extensible workflow based on BPEL
    Oracle Identity Manager Mainframes Databases and LDAP Custom Apps Enterprise Applications GRANT or REVOKE MANAGE LIFECYCLE Identity Store
  • Oracle Access Manager Authentication and SSO
    • End-to-end authentication, single sign-on, and fine grained application protection
    • Pluggable authentication, flexible identity assertion
    • Centralized, fine grained policy administration with Session Management to deliver stronger security
    • Distributed, dynamic access enforcement
    • Enhanced Manageability
      • Centralized Server & Agent Administration
      • Inline Diagnostics & Troubleshooting
    Applications Data Services Oracle Access Manager
  • Oracle Adaptive Access Manager Stronger Authentication and Fraud Prevention
    • Stronger Authentication Security
      • OTP Anywhere across Interactive Voice Response, SMS, Email etc.
      • AnswerLogic offers KBA in combination with registration, answers and fuzzy logic
    • Proactive Fraud Prevention
      • Innovative real-time anomaly detection, transaction security
      • Automatically learns patterns
    • Centralized policy administration, dashboards, investigation/forensics tools
      • Universal Risk Snapshots for archival, restoration, forensics and more
      • Integrated Case Management & Fraud Administration
    Secure Login Challenge or Block Risk Modeling Analysis and Forensics Oracle Adaptive Access Manager
  • Oracle Identity Federation + STS + Fedlet Federation and Identity Propagation
    • Browser-based, cross-domain SSO
      • Flexible, standards-based integration framework
    • Lightweight SP integration via OpenSSO Fedlet
    • Trust relationship between online partners via OpenSSO Security Token Service (STS)
      • Comprehensive enterprise security and token services like issuance, validation, and exchange
      • Support standard (SAML, Kerberos) and Proprietary (Peoplesoft, Siebel) token formats
    • Support for industry standards
      • SAML, Liberty ID-FF, WS-Federation
    • Enterprise-ready operational management and monitoring
    For Service Partners Account Mapping IdP Discovery Integration APIs Oracle Identity Federation Applications OpenSSO STS OpenSSO Fedlet Trust Framework SAML Enablement
  • Oracle Entitlements Server Authorization and Entitlements
    • Complete application security
      • Externalized entitlements
      • Agile business policies universally enforced
    • Enterprise-ready architecture
      • Centralized policy management, distribution
      • Localized policy decisions and enforcement
    • Granular enforcement & controls
      • Fine-grained entitlements
      • Leverage existing identity stores and enterprise data for entitlements decisions
      • Risk aware authorizations
    • Protect any system or business component across heterogeneous platforms
    Oracle Entitlements Server Enforce Access Evaluate Policies Application Application Application Model Resources Define Policies Map Enterprise Entitlements Distribute policies
  • Oracle Identity Analytics Compliance and Identity Governance
    • Rich Identity Warehouse
      • Optimized for Analysis, Mining, Correlation, Reporting on Identity, Access and Policy Data
    • Compliance Control Panel
      • Exhaustive set of Audit and Compliance Reports
      • Actionable Dashboards
    • Advanced Role Mining and Engineering
    • Cert360 offers complete view of users, roles and entitlements to reviewer for attestation
    • Ability to setup Segregation of Duties (SoD) policies for monitoring, and resolution across IT assets
    Dashboard & Reports Enterprise Applications Identity Manager Risk Analytics IT Audit Policy Access Certification Identity Data Sources Access Manager Oracle Identity Analytics Identity Warehouse
  • Oracle Platform Security Services Identity Platform for Service-Oriented Security
    • Declarative Security Framework optimizes application lifecycle support
    • Standards-based and Hot-Pluggable with Identity Management Systems
    • Security Platform for Oracle Fusion Middleware and Fusion Apps
    Identity Store, Credential Store, and Policy Store Providers Oracle Identity Management Oracle Platform Security Services Roles & Entitlements Authorization Auditing Authentication User Provisioning Policy Store Session Data Management Directory Services Access Management Directory Services Identity Administratio n Standards-based Interfaces
  • Oracle Information Rights Management Secure Emails and Documents
    • Extend security, control, and tracking of sensitive information beyond repositories and beyond enterprise perimeters
      • Separation of Rights from Content
      • Constrain usage in accordance with policy
    • Classification-Based Rights Management
    • Full Control over Authorization
      • Transparent, revocable access for authorized users based on roles
    • Centralized policy and auditing for widely distributed content
    • Integration with Oracle Identity Management
    Partner Agency State & Local Commercial Agency Perimeters Oracle IRM
  • Vibrant ISV Ecosystem Physical Access Identity Assurance Network Access Strong Authentication Compliance Data Security SIEM
  • <Insert Picture Here> Bringing It All Together
  • ICAM Conceptual Diagram Combine Different Services into an Enterprise Solution Source: http://www.idmanagement.gov/documents/FICAM_Roadmap_Implementation_Guidance.pdf
  • Complete Lifecycle Management of Identity Manage Credentials and Access in both PACS and LACS Authorized Admins Self-Service Identity Stores Applications Authoritative Sources (HRMS) Lifecycle Management PACS PIV Credential Management Provision/ De-Provision Provision / De-Provision Register PIV in PACS Authorization Engines Oracle Identity Manager
  • End-to-End Access Management Assert, Validate, Authorize, Enforce and Audit PACS Oracle Platform Security Services LDAP XACML SPML OIM ODS+ SAML OIF+STS +Fedlet OAAM OIA Fully Integrated Suite OES OAM + ESSO Mobile Apps Apps Oracle IRM
  • <Insert Picture Here> Deploy With Confidence
  • Oracle Identity Management Complete, Open, Integrated and Secure Hot Pluggable Service-Oriented Security Suite Wide Integration & Standardization
  • Some of Our Customers Financial Services Manufacturing & Technology Public Sector Transportation & Services Communications Retail
  • A Leader in Gartner Magic Quadrants These Magic Quadrant graphics were published by Gartner, Inc. as part of larger research notes and should be evaluated in the context of the entire reports. The Gartner reports are available upon request from Oracle. Source: Gartner, Magic Quadrant for User Provisioning – Earl Perkins, Perry Carpenter – September 30, 2010 Gartner, Magic Quadrant for Web Access Management – Ray Wagner Earl Perkins, Gregg Kreizman – November 12, 2009 Magic Quadrant for User Provisioning Magic Quadrant for Web Access Management
  • A Leader in The Forrester Wave ™: Identity and Access Management, Q4 2009 Source: Forrester, The Forrester Wave™: Identity And Access Management, Q4 2009 – Andras Cser – November 3, 2009 The Forrester Wave is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave are trademarks of Forrester Research, Inc. The Forrester Wave is a graphical representation of Forrester's call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.
  • For More Information oracle.com/identity search.oracle.com or Identity management
  • Questions Connect, Discuss @ NishantK blog.talkingidentity.com Learn More oracle.com /identity bit.ly/oracleidm11g