Icam oracle-webcast-2012-10-10

2,924 views
2,830 views

Published on

Slides from an Oracle ICAM webcast on 10/10/2012

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,924
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
50
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • There has been significant progress building the standards and infrastructure at the federal level to establish a baseline for trust and security for user access.These efforts have provided a solid foundation for the
  • Identity Governance is fully integrated with Access Management and Directory Services, and uses our Platform Security Services, to provide a complete, scalable, standards based IDM Platform.
  • One of the long time problems that we have addressed is how to preserve all of your customizations. After all, if you spend the time to get a UI exactly how you want it, you really don’t want to have to rebuild it after an upgrade.
  • Integration with social networks is important for employee and consumer relationshipsStudy by Enterprise Consulting group: 44% of organizations plan to social enable apps in the near future
  • )
  • Icam oracle-webcast-2012-10-10

    1. 1. 1 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    2. 2. The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.2 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    3. 3. ICAM Framework for EnablingAgile, Flexible Service DeliveryDerrick Harcey, P.E., CISSPEnterprise Security ArchitectDarin PendergraftPrincipal Product Marketing Director3 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    4. 4. Agenda • ICAM Overview  Oracle Identity Platform  Deployment Recommendations  Questions4 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    5. 5. •ICAM Overview5 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    6. 6. Identity Management Evolution Single Sign-on Automation Governance Password Audit Mgmt 1990s 2000s 2010 Current6 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    7. 7. Government Security Momentum NIEM 1.0 Federal Identity, Credentialing and OMB 11-11 Access Management ARRA Mandates State PIV, PIV-I, HSPD-12 (FICAM) HIE compliance by 2014, NIEM 2.0 HIX HITECH SICAM Roadmap e-authentication released Federal PKI – 2002 National Strategy for FISMA Trusted Identities in Cyberspace (NSTIC) HIPPA - 1996 1990s 2000s 2010 Current7 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    8. 8. Identify Security Controls Model for Classification and Trust NIST 800-37 / FISMA Process Standards OutcomeStep 1: Categorize NIST 800-53, NIST 800-30 Data ClassificationInformation SystemStep 2: Select Security NIST 800-63, NIST 800-37, Impact Assessments andControls FIPS 199 Authentication LevelsStep 3: Implement Security Authentication and Identity NIST 800-63, NIST 800-53Controls Proofing requirementsStep 4: Assess Security Identity Management Controls NIST 800-63Controls ImplementedStep 5: Authorize Information Initial Security Certification NIST 800-53, NIST 800-53 ASystem and AccreditationStep 6: Monitor Security NIST 800-37, NIST 800-53, Annual Certification andControls NIST 800-53 A Accreditation 8 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. NIST SP 800-37, NIST SP 800-18, NIST SP 800-60, NIST SP 800-53
    9. 9. NIST 800-63 Authentication Assurance Levels NIST 800-63 Assurance High Level Requirements Level 1 Secure pseudonym without ID proofing - password 2 Secure pseudonym with ID proofing - password 3 Two factor authentication with ID proofing 4 Hard crypto with ID proofing National Institute of Standards and Technology: http://www.nist.gov9 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 9
    10. 10. FICAMFederalIdentityCredentialAccessManagement The purpose of the Roadmap is to outline a common framework for ICAM within the Federal Government and to provide supporting implementation guidance for agencies as they plan and execute their architecture for ICAM programs. - Federal Chief Information Officer (CIO) Council - ICAM Roadmap10 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    11. 11. SICAMStateIdentityCredentialAccessManagement The implementation of SICAM initiatives will facilitate the creation of government services that are more accessible, efficient, and easy to use. - NASCIO SICAM Roadmap and Implementation Guidelines11 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    12. 12. SICAM Services ICAM ArchitectureFICAM Services• Centralized Services• Standards Based Enterprise Architecture• Foundation for Trust and Interoperability SUNY 12 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    13. 13. Oracle ICAM components NIST 800-63 mapping Requirement Oracle Product Mapping Token Identity Proofing Authentication Assertion13 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    14. 14. FICAM – Service Framework Audit and Reporting Audit Trail Digital Identity Credentialing Privilege Management Management Reports Identity Proofing Sponsorship Account Management Vetting Enrollment / Registration Bind / Unbind Adjudication Issuance Provisioning Lifecycle Management Lifecycle Management Privilege Administration Linking / Association Self Service Resource Attr / Meta Mgmt Authentication AuthZ and AccessAuthoritative Attr Exchange Credential Validation Backend Attr Retrieval Cryptography Biometric Validation Policy Administration Encryption / Decryption Session Management Policy Decision Digital Signature Federation Policy Enforcement Key Management 14 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    15. 15. Identity and Access Management Modern, Innovative & Integrated ICAM Foundation Identity Governance Access Management Directory Services Digital Identity • Access Request & Approval • Mobile Access Management • Elastic Scalability Credentialing Identity Proofing • Roles based User Provisioning • Social Identity Access • Proxy-based Search Privilege Management Sponsorship • Risk-based Access Certification • Single Sign-On & Federation • LDAP Storage Vetting Account ManagementAuthentication • Closed Loop Remediation / Registration Enrollment • Authentication + Credentials • Virtualized Identity Access Adjudication • Role Mining & Management • Unbind Credential Validation AuthZ and Access Synchronization • LDAP Bind /Authorization & Entitlements Issuance •Lifecycle Management Management Privileged Account • Web Services Security Audit and Reporting Provisioning Biometric Validation Backend Attr Retrieval Lifecycle Management Audit Trail Cryptography Linking / Association Session Management Policy Administration Privilege Administration Self Service Encryption / Decryption Authoritative Attr Exchange Platform Security Services Policy Decision Reports Management Resource Attr / Meta Mgmt Federation Digital Signature Policy Enforcement Key Management15 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    16. 16. Oracle Identity Platform16 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    17. 17. Identity and Access Management Platform Governance Access Directory Password Reset Web Single Sign-on LDAP Storage Privileged Accounts Federation Virtual Directory Access Request Mobile, Social & Cloud Meta Directory Roles Based Provisioning External Authorization Role Mining SOA Security Attestation Integrated ESSO Separation of Duties Token Services Platform Security Services17 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    18. 18. Oracle IDM – Themes and Drivers Simplify and InnovateSimplified Experience Modernized PlatformCloud, Mobile and SocialExtreme Scale Faster LowerClear Upgrade Path Deployment TCO18 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    19. 19. Oracle Identity Governance Provisioning, Certification, Role Governance, SoD Self Service Actionable compliance dashboards 80+ OOTB 360 deg. view of user access Role Governance – Role Mining – Role Consolidation – Role Versioning 19 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    20. 20. End-User friendly User Interface Browser-based customizable UI20 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    21. 21. Access Request Shopping Cart Simplicity Browse Search & Track Receipt Select Confirmation21 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    22. 22. Access Certification Making Certification sustainable  Spreadsheet approach  Risk Analytics  Business – IT collaboration22 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    23. 23. WORK IS SOCIAL Plan to social enable 44% applications in the near future Source: Enterprise strategy group 2012 82% Of the world reached by social media sites ComScore Datamine Jan 201223 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    24. 24. New Access ManagementCLOUD, MOBILE, SOCIALSIGN-ON Social Trust Mobile Sign-on REST Sign-on Device Attributes Fraud Detection Location Data 24 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    25. 25. Context Aware Access Management Example Has he accesses between 00:00 – 03:00 in the Behavioral Patterns last two months? Has he used this device more than 20% in the last three months? Tuesday April 10th Does subject live in same 2:15 am PDT residence as requestor? Get Citizen Information: John, Doe Does usually perform citizen lookups? 99343 Anywhere Street, Waterson Street, MD 20147 Valid Credentials given from inside network, but already 555-223-2233 logged in from outside network. 444-33-2222 Which session is really who we think it is?25 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    26. 26. PII Protection & Data Redaction • Context Aware Authorization of Transactions • Authorization for REST API’s • Selective Data Redaction of the response payload • Authorization Service can also be exposed directly to Any client even mobileHTTP / REST / SOAP / OAuth Clients User Service Request Response - getUserDetail - updateUser Oracle Enterprise - deleteUser… Gateway { “UserDetailResponse“: { “usererID”: Bob Doe, Acme Corp isAuthorized(user = “99999” “name”: Device = iOS “Sally Smith” 5.0, non-registered “phone”: • =Threat “555-1234567” Location Detection & Protection 37.53043790,-122.26648800 “SSN”: • API Security & Management “***********“ userId = 99999 • Secure”@^*%&@$#%!“ Cloud Connectivity “creditCardNo”: getUserDetail) action = • Mobile Access Gateway “purchaseHistory”: “…” Oracle Entitlements Server } } 26 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 26
    27. 27. Oracle Unified Directory Features Extreme Scale • Scale to 10’s of Billions • Convergence of directories • Integrated with Enterprise Next Generation Manager • Interoperable with all certified ODSEE ISV software Integrated and Interoperable • Integrated with ODS+27 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    28. 28. Hardware/Software Synergy OPTIMIZED SYSTEM DIRECTORY SERVER 3X PERFORMANCE 1/3 COST28 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    29. 29. Sun2Oracle Upgrade Program Focusing on Action Partner for Success Upgrade to a more cost effective and feature rich solution Leverage experienced SI partners Make use of available tools Coexistence strategy or replatform? 29 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    30. 30. Platform Architectural Benefits Shared Connectors Less Customization Faster Implementation Centralized Policies Standardize Access Reduced Risk Workflow Integration Automated Process Improved ComplianceCommon Data Model Standard Reporting Fewer Data Stores30 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    31. 31. Platform Approach Reduces Cost Oracle IDM Platform Benefits Advantage Increased End- • Emergency Access • 11% faster User Productivity • End-user Self Service • 30% faster • Suspend/revoke/de-provision •48% Cost Savings Reduced Risk end user access • Integrate a new app faster with 46% faster the IAM infrastructure • 64% faster Enhanced Agility14% Fewer instances of unauthorized access • Integrate a new end user role faster into the solution • 73% faster Enhanced • Reduces unauthorized access • 14% fewer Security and35% Fewer Audit Deficiencies Compliance Reduced Total • • Reduces audit deficiencies Reduces total cost of IAM • 35% fewer Cost • 48% lower initiatives Source: Aberdeen “Analyzing Point Solutions vs. Platform” 201131 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    32. 32. Oracle Identity Management Architecture Business Suite Simplicity Friendly Consolidation Scalable Satisfied Easy Operationally Users Adoption32 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    33. 33. Deployment Recommendations33 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    34. 34. Federal ICAM Recommendations• Expand and Modernize FICAM Architecture• Application Integration • Application Request Lifecycle • Risk Management • Application Access Control (M 11-11)• Align with Agency External Services34 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    35. 35. State Government Recommendations• Define State Strategy for SICAM• Implement Governance Process• Implement Shared Services – Identity Providers• Integrate Key Relying Parties 35 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    36. 36. FICAM AAES* – Oracle Alignment AAES 1 Provides aggregation of identity attributes OVD Supports deployment of connectors and service interfaces to retrieve identity AAES 2 attributes for distributed sources. OVD, OIM AAES 3 Utilizes a unique person identifier to distinguish between identities. OIM, OVD Provides transformation of identity attributes from authoritative source data storage AAES 4 format to a standardized format to present data externally. OVD Provides correlation of identity attributes from distributed sources of identity AAES 5 information. OIM, OVD Provides the capability to reconcile differences between different sources of identity AAES 6 attributes. OIM Provides an interface to request identity attributes over common protocols such as AAES 7 LDAP/s, DSML, SAML, and SPML. OEG, OIM, OIF Provides security to protect data against unauthorized access and logging to facilitate AAES 8 audits. OES, OEG, OVD Provides various views of identity attributes and display them only to users or systems AAES 9 that are authorized to view those attributes. OVD Provides the ability to request identity data based on a variety of methods (name, AAES 10 globally unique identifier, email, DOB). OVD AAES 11 Provides reports of identity attributes. OBIEE Provides the capability to push or pull identity attributes including the ability to AAES 12 distribute new identities and updates to existing identity attributes. OIM AAES 13 Provides the capability to protect data at rest. OUD, DB Sec AAES 14 Provides the capability to sign attribute assertions. OIF, STS, OEG36 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. * Authoritative Attribute Exchange Service
    37. 37. Oracle Solution Advantages Federated Trust, but Verify John Smith Credential User Device Location Verify ID Protected Profile Tracking Profile Resources Identity Provider Service Provider Security Layers User authenticated by an Identity Provider (out of SP control) with ICAM Scheme* SP can trust the assertion but assess risk of access request Challenge users for additional identity verification based on risk37 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. *idmanagement.gov
    38. 38. Oracle ICAM Identity Platform HTTP GET/POST Web Applications MQ, JMS Access Services REST OAM, OAAM, OIC,OIF,OES Entitlement Server PEP/PDP .Net Web WebGates Web Applications Apps Enterprise Gateway Java EE Web Apps RESTMobile Clients Directory Services OVD, OUD XML .Net Web Srvcs Agents OWSMMobile Clients Java EE Web Srvcs DB Firewall Identity Governance Services OIM/OIA SOAP Third-party Stores Web Services Database/Directories JMS ESSO Web Services Extranet DMZ Intranet App Tier Intranet Data Tier 38 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    39. 39. Oracle’s ICAM Resources Oracle Secure Government Resource Center – ICAM Resources Oracle Security – Identity and Access Management – Database Security Oracle Secure Government Blog  http://blogs.oracle.com/securegov/ ICAM Engagements  ICAM Engagements  ICAM Assessment Workshop39 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    40. 40. Government Security Summary 1 Standards based Enterprise Architecture 2 Standard Processes for Security Controls 3 Data Security 4 Web Services Secure Services 5 Comprehensive ICAM Solution40 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    41. 41. Oracle Product Information Oracle Identity Management Overview: http://www.oracle.com/technetwork/middleware/id-mgmt/overview/index.html Oracle Identity Management 11g Whitepaper: http://www.oracle.com/technetwork/middleware/id-mgmt/overview/oracle-idm-wp-11gr2-1708738.pdf Oracle Reference Architecture for Security: http://www.oracle.com/technetwork/topics/entarch/oracle-ra-security-r3-0-176702.pdf Oracle Identity Management 11.1.2 - Enterprise Deployment Blueprint http://www.oracle.com/technetwork/database/availability/maa-deployment-blueprint-1735105.pdf Oracle Real Application Clusters Administration and Deployment Guide http://download.oracle.com/docs/cd/E11882_01/rac.112/e16795/toc.htm Oracle Internet Directory 11g in the Facebook Age http://www.oracle.com/technetwork/middleware/id-mgmt/overview/oid11g-500m-socialmedia-benchmark-349887.pdf Two Billion Entry Directory Benchmark – Oracle http://www.oracle.com/technetwork/middleware/id-mgmt/overview/peg-oid-benchmark-131118.pdf Oracle Identity Federation http://download.oracle.com/docs/cd/E10773_01/doc/oim.1014/b25355/deployinstall.htm#BABHIJGJ41 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    42. 42. Upcoming Secure Government Activities Safeguarding Government Cyberspace November 28, 2012, 2:00 p.m. ET http://events.oracle.com Oracle Federal Forum: Secure Government Track November 14, 2012 8:00 a.m. – 5:00 p.m. ET www.oracle.com/goto/OracleFedFor um42 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    43. 43. Secure Government Resource Center Helping Organizations Achieve Security Throughout the Enterprise Cloud Security Cyber Security Data Security Identity, Credential and Access Management (ICAM) Security FrameworkAccess Link:http://www.oracle.com/go/?&Src=7618005&Act=32&pcode=WWMK12041319MPP022 43 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    44. 44. Questions44 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    45. 45. 45 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    46. 46. 46 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.

    ×