SANS Institute Product Review: Oracle Entitlements Server

Demystifying External Authorization: Oracle Entitlements Server Product ReviewTanya Baccam, Senior Instructor and Courseware Author, SANSRoger Wigenstam, Sr. Director of Product Management, Oracle © 2012 The SANS™ Institute - www.sans.org

Speakers Tanya Baccam Roger Wigenstam Senior Instructor Sr. Director SANS Product Management

Agenda • External Authorization Overview • Oracle Entitlements Server • Product Review • Q&A

Defining External Authorization“Managing granular access permissions for applications, middleware and databases by externalizing and centralizing standards-based authorization policies.” Data Applications Web Services PortalsData redaction Fine-grained access to Data filtering for Access control forand filtering for applications based on standards-based web sensitive documentsdata at rest and services stored in portals and roles, entitlements, content managementdata in motion. attributes, runtime systems based on roles context and identity attributes Context-Aware Access Control

Why Is It Important? Regulatory Role ExplosionConsiderations Fragmented SecurityRegulations are Role explosion makes itgetting complex and difficult to secure Authorization policiesoften demand transactions and data are often hardwired intoenforcement of based on roles application businessGranular Access logicPrivileges

Applying External Authorization Content Collaboration Privacy Confidentiality Regulation Audit

Common Use Cases • Web Services (SOA) Security • Web Access Control • Application Transactions • Relational Database Information • Portals (SharePoint, etc)

Oracle Entitlements Server (OES)• Unified External Authorization for Applications, Web Services, Portals and Databases• Standards-based Policy Enforcement at Run-time• Declarative Security Model Simplifies Application Lifecycle

Real-Time Authorization Sub-millisecond Authorization Response Time • Massively scalable External Authorization Management • Scales easily to large number of protected resources • Hundreds of millions of users • Thousands of roles • From small workgroups to mission- critical deployments • Authorization checks enforced with real-time latency©2012 Oracle Corporation

Comprehensive Standards Support• Attribute Based Access Control• XACML• OpenAZ• NIST Role Based Access Control• Enterprise RBAC• Java2 / JAAS• Code Based Access Control• JSR 115 / JACC*• Data Security Oracle Confidential

Native & Custom Integrations Identity Management Application Servers Portals & Content Mgmt Development FWK’s SOA Policy Store Data Sources XML Gateways < XML > Oracle Confidential

Use Cases Application Access Control Data Security SharePoint Web Services Security Security

Architecture PEP Id Store PDP PIPsPEP OES Admin Server Identity Store Policy Store Id Store PDP PIPs PEP Id Store PIPs PDP

Application Access ControlWeb Access Control (URL-based andFine-grained) * Oracle EntitlementsAttribute based Access Control Server can be used to enforce multiple(ABAC/XACML) compliance requirements.Static and Dynamic Role MappingRole InheritanceSeparation of Duties ChecksRuntime Constraint and Context-aware Policy EnforcementIntegration with LDAP-baseddirectories

Data SecuritySelective Data Redaction/Filtering * OES enables - Row-level security management of -Columnar security access policies based on business need.Centralized Authorization PolicyAdministration for DatabasesIntegration with major databases(Oracle, DB2, Sybase, MySQL)

SharePoint SecurityDocument Access Control (based * OES provides a varietyon document tags, attributes, of authorizationlocation, user, role, etc) decisions for different types of applicationsCustom Page Content (FGA checks and users.for ASP.NET pages)Integration with Active Directoryand LDAP-based directories

Web Services Security Integration with XML Gateways * Policies can be set up toSelective Data Redaction/Filtering secure connectivity to SOA and cloud environments..for SOA web servicesSupport for a variety of messagestandards (XML/SOAP/REST/JMS)

Aberdeen Group Event SeriesFeaturing Derek Brink Chicago New York April 10th April 12th San Francisco May 22nd Toronto Boston April 17th April 19th Register at: www.oracle.com/identity

Platform Webcast SeriesOracle Customers Discussing Results of PlatformApproach Platform Best Cisco’s Platform Practices Approach Agilent Technologies Cisco Systems Available On-Demand Available On-Demand Platform for Platform Business Compliance Enabler ING Bank Toyota Motors April 11th 2012 May 30th 2012 Register at: www.oracle.com/identity

Securing Oraclehttps://www.sans.org/security-training/securing-oracle-74-mid

Questions

SANS Institute Product Review: Oracle Entitlements Server

by OracleIDM

Accessibility

Categories

Upload Details

Usage Rights

2 Embeds 7

Statistics

SANS Institute Product Review: Oracle Entitlements Server Presentation Transcript

http://www.unitask.com	6
http://www.5z5.com	1