Con8902 developing secure mobile applications-final


Published on

Mark Wilcox's OOW2013 presentation

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Voice over … none of this constitutes a commitment to deliver futures
  • With Fusion Middleware, you can extend and maximize your existing technology investment with the same technologies used in Fusion Applications, including embedded analytics and social collaboration, and mobile and cloud computing. Oracle’s complete SOA platform lets your IT organization rapidly design, assemble, deploy, and manage adaptable business applications and—with Oracle’s business process management tools—even bring the task of modeling business processes directly to the business analysts. Oracle Business Intelligence foundation brings together all your enterprise data sources in a single, easy-to-use solution, delivering consistent insights whether it’s through ad hoc queries and analysis, interactive dashboards, scorecards, OLAP, or reporting. And, your existing enterprise applications can leverage the rich social networking capabilities and content sharing that users have come to expect in consumer software. Oracle Fusion Middleware is based on 100 percent open standards, so you aren’t locked into one deployment model when your business requirements change.
  • Oracle Access Manager for Mobile and Social OverviewConnects mobile users to identity services using REST interfacesOrganizations can bridge the security gap between the enterprise and mobile devices. With RESTful identity services, rich mobile applications can access stateless identity functions from mobile devices which are limited by processing capacity and battery power. Organizations can maketheir backend services and data available in a secure manner by simply exposing these through virtual REST API’s in the DMZ. Messages, security tokens, and protocols are automatically translated between formats appropriate for mobile devices and the source system. REST API’s can mash up information from multiple sources and be protected from a wide variety of attacks (denial of service, sql injection, content retrieval attacks, etcetc), usage can be monitored, and all your Oracle Access Management technologies can be leveraged for further protection. Delivers SSO and Authorization for native mobile applications Traditional mobile security solutions like VPN tunnels are limited in that they cannot overcome the problem of SSO for native mobile apps. OAM-M&S simplifies SSO across rich mobile apps and browser applications. This reduces the number of logins required for enterprise applications from the native mobile screen. Authorization can control what transactions end users are able to perform from a device and under what conditions. Perhaps only transactions below a given amount are allowed from a mobile device. An organizations REST API’s require authorization, what data is accessible to a given user must be controlled and monitored. A users location and device state may need to be taken into account. Enables sign on from 3rd party and Social identities to Enterprise resourcesWith the proliferation of social networking sites, there is a need for relying parties to consume identities from internet identity providers like Facebook, Twitter, LinkedIn, Google and Yahoo. Many of these providers support user centric federation standards like OpenID and Oauth. OAM-M&S enables organizations to accept internet identities for signing on users to low value applications like blogs, communities, etc. This in turn can provide a seamless user experience for users without the burden of additional logins.Single Sign-On covers web applications, native mobile applications, and also the RESTful API’s and web services accessed from the device.Supports industry standards (OpenID, OAuth)Oracle IDM supports OpenID and Oauth. So with Oracle Identity Management we are making it easier for relying parties to accept identities from internet identity providers like Facebook, Twitter, LinkedIn, Google and Yahoo.  
  • Mobile Security – web and mobile appDevice registration and fingerprintLost & stolen device securityGPS/WIFI based location awareness
  • Oracle Adaptive Access ManagerDevice Fingerprinting and Registration DatabaseRisk-Based Authentication that Factors Mobile ContextOracle Enterprise GatewayEnables Mobile Application REST API’s and protects API’s, webservices, and SOA infrastructure from external threats and invalid / suspicious requestsExtends Access Management with authentication, authorization, audit to REST API’s, web servicesOracle Entitlement ServerMake AuthorizationDecisions and Redact Data based on User,Mobile, or any other ContextExternalize AuthorizationPolicies from Application CodeOracle Access Management : Mobile & SocialMobile Identity and Access GatewayAuthentication, Registration, and User Profile Services for MobileOracle Web Services ManagerLast mile security for an organizations backend web services and SOA infrastructure Embedded agentsNative Mobile Security SDKNative Login Screens / Secure Credential StorageEasy Integration w/ SSO and Web Services SecurityNative Mobile Security AppsLogin App for Native and Web Apps Providing Device ContextNative White Pages App Integrated w/ User Profile Services
  • Con8902 developing secure mobile applications-final

    1. 1. CON8902 - Developing Secure Mobile Applications Mark Wilcox Senior Product Manager September 2013
    2. 2. This document is for informational purposes. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle. This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle. This document and information contained herein may not be disclosed, copied, reproduced or distributed to anyone outside Oracle without prior written consent of Oracle. This document is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates. Copyright © 2011, Oracle and/or its affiliates. All right 2
    3. 3. Oracle Fusion Middleware Business Innovation Platform for the Enterprise and Cloud  Complete and Integrated Web Social Mobile  Best-in-class User Engagement Business Process Management  Open standards Content Management Service Integration Business Intelligence Data Integration Identity Management Development Tools Cloud Application Foundation  On-premise and Cloud  Foundation for Oracle Fusion Applications and Oracle Cloud Enterprise Management 3
    4. 4. Program Agenda  Define the problem and solution  Partner Demo and Presentation  Oracle Shows The Developer Demo 4
    5. 5. The Mobile and Social Access Promise Anytime Anywhere Access New Tools for Business Personal and Business Devices Mobile, Social and Cloud Access Copyright © 2012, Oracle and/or its affiliates. All right Mobile and Social Access is changing the landscape 5
    6. 6. The Mobile and Social Access Problems Security Proliferation of Devices Cannot leverage existing security Limited device control A compliance challenge Copyright © 2012, Oracle and/or its affiliates. All right How to centrally manage the security and be complaint? 6
    7. 7. The Mobile and Social Access Problems User Experience Native Applications No Native Single Sign-on Password Help Desk Calls Inconsistent Login Experience Copyright © 2012, Oracle and/or its affiliates. All right How to improve user experience and productivity? 7
    8. 8. Oracle Access Management Mobile & Social Overview Mobile Security Social Sign-On Cloud Access Standards Support 8
    9. 9. Mobile Security Device Fingerprinting & Tracking Device Registration Access Management Oracle SDK OAM Service Native App Lost & Stolen Devices GPS/WIFI Location Awareness OAAM Service Risk-based KBA & OTP Web App REST Transactional risk analysis Mobile and Social Directory User Profile Services Security App 9
    10. 10. Client SDKs Native Libraries for iOS and JAVA Store/Access Keys, Tokens, Handles and other secure data Access Mobile Device Information (OS, Carrier, Geolocation, IP/MAC) Quickly build security into your mobile applications Support KBA, OTP via Email and SMS Manage Single Sign-on Copyright © 2012, Oracle and/or its affiliates. All right 10
    11. 11. Mobile & Social Access Management Deployment Architecture Corporate DMZ Corporate Network Oracle Access Manager OAM Agent Directory Services OES PDP Mobile and Social Oracle Adaptive Access Manager OES PDP Oracle Enterprise Gateway Web Services Manager Service Bus HTTP/REST/SOAP/OAuth Clients Copyright © 2011, Oracle and/or its affiliates. All right Context Aware Authorization and Data Redaction 11 SOAP/REST and Legacy Web Services 11
    12. 12. Partner Presentation Vivek Lodhi ERS Specialist Manager , Deloitte & Touche LLP Copyright © 2011, Oracle and/or its affiliates. All right 12
    13. 13. Oracle Developer Demo DEMO Copyright © 2011, Oracle and/or its affiliates. All right 13
    14. 14. Summary • Mobile security is more than device management • Use a Mobile-focused security product to simplify the development of secure mobile applications • Oracle provides an end to end mobile security solution that leverages existing investments in access management Copyright © 2012, Oracle and/or its affiliates. All right 14
    15. 15. Next Steps • Partners • Contact Partner Training Services to learn how they can help you learn Oracle Access Management Secure Mobile Development • Customers • Contact your Oracle Account Representative to learn more Copyright © 2012, Oracle and/or its affiliates. All right 15
    16. 16. 16
    17. 17. 17