Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Declarative security-oes


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Declarative security-oes

  1. 1. <Insert Picture Here>Introducing Oracle Entitlements Server 11g
  2. 2. This document is for informational purposes. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle. This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle. This document and information contained herein may not be disclosed, copied, reproduced or distributed to anyone outside Oracle without prior written consent of Oracle. This document is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates.2
  3. 3. Agenda <Insert Picture Here> • Oracle Entitlements Server Overview • Oracle Entitlements Server 11g – What’s New? • Planning Your Deployment (SENA Systems)3
  4. 4. Homegrown Applications Pose Significant Risk • Vast Majority of Apps are Homegrown • 50% of applications budgets on in-house software * • Homegrown Apps often host sensitive information • Homegrown Apps are more vulnerable to security breaches * For large companies in competitive, fast-moving industries such as telecommunications, financial services, high tech, pharmaceuticals, and media, those outlays can run into hundreds of millions of dollars.4
  5. 5. State of Security Solutions Today Homegrown Apps, Cloud Applications Mobile Computing SOA, and Portals • Evolving security • Modern IT initiatives needs and compliance require enforcement of • Security policies are mandates require granular access fragmented constant application privileges • Often host sensitive retooling resulting in • Insufficient tooling and information that is higher costs and support for developing vulnerable to security diminished service apps that require fine- risks. levels. grained authorization5
  6. 6. Declarative Security ExamplesUsers Roles Privileges Resource Context  Equity Trades Mortgage Equity • NASDAQ trading 10am-4pm Fund • Restrict Trade Sizes to < $100K • By Geography  Municipal Equity • Daily trading limit of $5M • By Trade limit FundAmy Harris Junior Traders • Unauthorized for trading  Equity Research Oil & Gas • Authorized for Review of Energy • By Vertical industry  Semiconductors Companies listed on NYSE • By Line of Business • Authorized for access to research reportsEllen Stewart Equity Analyst Mortgage Equity • Authorized for 24x7 Trading  Equity Trades Fund • Rebalancing of Small-Cap Funds  Rebalance Funds  Municipal Equity • Daily Trading Limit of $1B FundSteve Jackson Fund Manager
  7. 7. OracleEntitlementsServerFine-grainedAuthorization forWeb Applications,Portals, Middleware& Databases
  8. 8. Oracle Entitlements Server Sample Fine-grained Authorization Policies • Example Policies • Junior Traders can submit nstock trades / day with a total value of $5M, during regular trading hours, if market volatility is low • Sensitive patient information should not be visible to clerical workers but allowed for Specialists as long as consent has been given or an emergency • Call Center Reps need approval from a Supervisor to transfer a support case to Engineering • Documents of a given type, sensitivity, and content is only available to employees of (x,y,z) with sufficient clearance, grade, and authentication level8
  9. 9. Announcing Standards-based, Real-time External Authorization9
  10. 10. Oracle Entitlements Server 11g Key Design Themes Real-time Rapid Application Comprehensive Authorization Integration Standards Support10
  11. 11. Real-time Authorization with Oracle Entitlements Server 11g • Massively scalable External Authorization Management • Scales easily to large number of protected resources • Hundreds of millions of users • Thousands of roles • From small workgroups to mission-critical deployments • Authorization checks enforced with real-time latency11
  12. 12. Oracle Entitlements Server 11g Key Design Themes Real-time Rapid Comprehensive Authorization Application Standards Support Integration12
  13. 13. Fine-grained Authorization for SOA & Web Services isAuthorized(user = Bob Doe, userOrg = Acme Corp Request userRole = Marketing Manager customerId = 99999 HTTP GET/POST action =getCustomerDetail) Web Client REST XML Web SOAP Web REST/SOAP ServiceService Client JMS <SOAP:Envelope> … <SOAP:Body> <getCustomerDetailResponse> <customerID>99999</customerID> <name> Sally Smith </name> Oracle Entitlements Server <phone> 555-1234567 </phone> <SSN>***********</SSN> <creditCardNo>@^*%&@$#%!</creditCardNo> <purchaseHistory> … </purchaseHistory> •Selective Data Redaction & Encryption of the Response </getCustomerDetailResponse> response payload </SOAP:Body> </SOAP:Envelope> •OES authorization decision returns an “Obligation” with information on what to redact and/or encrypt 13
  14. 14. Data Security withOracle Entitlements Server Security Module Security Module Oracle Entitlements Security Module Server (Admin Security Module Server) • Enforcement of data security for heterogeneous data sources - RDBMS, Object Relational, XML, Multi-Dimensional Cubes • Enforcement of security at Data, Business Logic and Presentation tiers • Integrates with Oracle and non-Oracle Databases, Hibernate, TopLink14
  15. 15. Native & Custom Integrations Portals and Content Management Identity Management App Servers & Dev Frameworks XML Gateways Middleware Data Sources15
  16. 16. Oracle Entitlements Server 11g Key Design Themes Real-time Rapid Application Comprehensive Authorization Integration Standards Support16
  17. 17. Comprehensive Standards Support with Oracle Entitlements Server 11g • Supports modern authorization standards • Attribute based Access (ABAC, XACML, OpenAZ) • Role based Access (NIST RBAC, Enterprise RBAC) • Java security frameworks (JAAS) • Choice and flexibility ensures protection of existing investments • Supports different IT maturity levels for externalizing authorization • Commitment to innovation, contribution and implementation of open standards.17
  18. 18. 18| © 2011 Oracle Corporation – Proprietary and Confidential