Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

SANS Institute Product Review: Oracle Entitlements Server


Published on

Webcast covering SANS Institute's Product Review of Oracle Entitlements Server

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

SANS Institute Product Review: Oracle Entitlements Server

  1. 1. Demystifying External Authorization: Oracle Entitlements Server Product ReviewTanya Baccam, Senior Instructor and Courseware Author, SANSRoger Wigenstam, Sr. Director of Product Management, Oracle © 2012 The SANS™ Institute -
  2. 2. Speakers Tanya Baccam Roger Wigenstam Senior Instructor Sr. Director SANS Product Management
  3. 3. Agenda • External Authorization Overview • Oracle Entitlements Server • Product Review • Q&A
  4. 4. Defining External Authorization“Managing granular access permissions for applications, middleware and databases by externalizing and centralizing standards-based authorization policies.” Data Applications Web Services PortalsData redaction Fine-grained access to Data filtering for Access control forand filtering for applications based on standards-based web sensitive documentsdata at rest and services stored in portals and roles, entitlements, content managementdata in motion. attributes, runtime systems based on roles context and identity attributes Context-Aware Access Control
  5. 5. Why Is It Important? Regulatory Role ExplosionConsiderations Fragmented SecurityRegulations are Role explosion makes itgetting complex and difficult to secure Authorization policiesoften demand transactions and data are often hardwired intoenforcement of based on roles application businessGranular Access logicPrivileges
  6. 6. Applying External Authorization Content Collaboration Privacy Confidentiality Regulation Audit
  7. 7. Common Use Cases • Web Services (SOA) Security • Web Access Control • Application Transactions • Relational Database Information • Portals (SharePoint, etc)
  8. 8. Entitlements Server Product Overview Roger Wigenstam Sr. Director of Product Management, Oracle©2012 Oracle Corporation
  9. 9. Oracle Entitlements Server (OES)• Unified External Authorization for Applications, Web Services, Portals and Databases• Standards-based Policy Enforcement at Run-time• Declarative Security Model Simplifies Application Lifecycle
  10. 10. Real-Time Authorization Sub-millisecond Authorization Response Time • Massively scalable External Authorization Management • Scales easily to large number of protected resources • Hundreds of millions of users • Thousands of roles • From small workgroups to mission- critical deployments • Authorization checks enforced with real-time latency©2012 Oracle Corporation
  11. 11. Comprehensive Standards Support• Attribute Based Access Control• XACML• OpenAZ• NIST Role Based Access Control• Enterprise RBAC• Java2 / JAAS• Code Based Access Control• JSR 115 / JACC*• Data Security Oracle Confidential
  12. 12. Native & Custom Integrations Identity Management Application Servers Portals & Content Mgmt Development FWK’s SOA Policy Store Data Sources XML Gateways < XML > Oracle Confidential
  13. 13. Oracle Entitlements Server Product Review Tanya Baccam, SANS©2012 Oracle Corporation
  14. 14. Use Cases Application Access Control Data Security SharePoint Web Services Security Security
  15. 15. Architecture PEP Id Store PDP PIPsPEP OES Admin Server Identity Store Policy Store Id Store PDP PIPs PEP Id Store PIPs PDP
  16. 16. Application Access ControlWeb Access Control (URL-based andFine-grained) * Oracle EntitlementsAttribute based Access Control Server can be used to enforce multiple(ABAC/XACML) compliance requirements.Static and Dynamic Role MappingRole InheritanceSeparation of Duties ChecksRuntime Constraint and Context-aware Policy EnforcementIntegration with LDAP-baseddirectories
  17. 17. Data SecuritySelective Data Redaction/Filtering * OES enables - Row-level security management of -Columnar security access policies based on business need.Centralized Authorization PolicyAdministration for DatabasesIntegration with major databases(Oracle, DB2, Sybase, MySQL)
  18. 18. SharePoint SecurityDocument Access Control (based * OES provides a varietyon document tags, attributes, of authorizationlocation, user, role, etc) decisions for different types of applicationsCustom Page Content (FGA checks and users.for ASP.NET pages)Integration with Active Directoryand LDAP-based directories
  19. 19. Web Services Security Integration with XML Gateways * Policies can be set up toSelective Data Redaction/Filtering secure connectivity to SOA and cloud environments..for SOA web servicesSupport for a variety of messagestandards (XML/SOAP/REST/JMS)
  20. 20. Aberdeen Group Event SeriesFeaturing Derek Brink Chicago New York April 10th April 12th San Francisco May 22nd Toronto Boston April 17th April 19th Register at:
  21. 21. Platform Webcast SeriesOracle Customers Discussing Results of PlatformApproach Platform Best Cisco’s Platform Practices Approach Agilent Technologies Cisco Systems Available On-Demand Available On-Demand Platform for Platform Business Compliance Enabler ING Bank Toyota Motors April 11th 2012 May 30th 2012 Register at:
  22. 22. Securing Oracle
  23. 23.©2012 Oracle Corporation
  24. 24. Questions