Oracle Entitlements Server 11g provides real-time, fine-grained authorization for applications, web services, and data. It scales to support large numbers of users, roles, and resources, and enforces authorization decisions with low latency. It integrates with applications through open standards and supports selective data redaction and encryption.

1. <Insert Picture Here>
Introducing Oracle Entitlements Server 11g

2. This document is for informational purposes. It is not a
commitment to deliver any material, code, or functionality, and
should not be relied upon in making purchasing decisions. The
development, release, and timing of any features or functionality
described in this document remains at the sole discretion of
Oracle. This document in any form, software or printed
matter, contains proprietary information that is the exclusive
property of Oracle. This document and information contained
herein may not be disclosed, copied, reproduced or distributed to
anyone outside Oracle without prior written consent of
Oracle. This document is not part of your license agreement nor
can it be incorporated into any contractual agreement with Oracle
or its subsidiaries or affiliates.
2

3. Agenda
<Insert Picture Here>
• Oracle Entitlements Server Overview
• Oracle Entitlements Server 11g – What’s New?
• Planning Your Deployment (SENA Systems)
3

4. Homegrown Applications Pose Significant Risk
• Vast Majority of Apps are Homegrown
• 50% of applications budgets on in-house
software *
• Homegrown Apps often host sensitive
information
• Homegrown Apps are more vulnerable to
security breaches
* For large companies in competitive, fast-moving industries such as
telecommunications, financial services, high tech, pharmaceuticals, and
media, those outlays can run into hundreds of millions of dollars.
4

5. State of Security Solutions Today
Homegrown Apps, Cloud Applications Mobile Computing
SOA, and Portals
• Evolving security • Modern IT initiatives
needs and compliance require enforcement of
• Security policies are
mandates require granular access
fragmented
constant application privileges
• Often host sensitive
retooling resulting in • Insufficient tooling and
information that is
higher costs and support for developing
vulnerable to security
diminished service apps that require fine-
risks.
levels. grained authorization
5

6. Declarative Security
Examples
Users Roles Privileges Resource Context
 Equity Trades Mortgage Equity • NASDAQ trading 10am-4pm
Fund • Restrict Trade Sizes to < $100K
• By Geography
 Municipal Equity • Daily trading limit of $5M
• By Trade limit Fund
Amy Harris Junior Traders
• Unauthorized for trading
 Equity Research Oil & Gas
• Authorized for Review of Energy
• By Vertical industry  Semiconductors Companies listed on NYSE
• By Line of Business • Authorized for access to research
reports
Ellen Stewart Equity Analyst
Mortgage Equity • Authorized for 24x7 Trading
 Equity Trades Fund • Rebalancing of Small-Cap Funds
 Rebalance Funds  Municipal Equity • Daily Trading Limit of $1B
Fund
Steve Jackson Fund Manager

7. Oracle
Entitlements
Server
Fine-grained
Authorization for
Web Applications,
Portals, Middleware
& Databases

8. Oracle Entitlements Server
Sample Fine-grained Authorization Policies
• Example Policies
• Junior Traders can submit nstock trades / day with a total value of $5M, during regular
trading hours, if market volatility is low
• Sensitive patient information should not be visible to clerical workers but allowed for
Specialists as long as consent has been given or an emergency
• Call Center Reps need approval from a Supervisor to transfer a support case to
Engineering
• Documents of a given type, sensitivity, and content is only available to employees of
(x,y,z) with sufficient clearance, grade, and authentication level
8

9. Announcing
Standards-based, Real-time External
Authorization
9

10. Oracle Entitlements Server 11g
Key Design Themes
Real-time Rapid Application Comprehensive
Authorization Integration Standards Support
10

11. Real-time Authorization
with Oracle Entitlements Server 11g
• Massively scalable External Authorization
Management
• Scales easily to large number of protected
resources
• Hundreds of millions of users
• Thousands of roles
• From small workgroups to mission-critical
deployments
• Authorization checks enforced with real-time
latency
11

12. Oracle Entitlements Server 11g
Key Design Themes
Real-time Rapid Comprehensive
Authorization Application Standards Support
Integration
12

13. Fine-grained Authorization for SOA & Web Services
isAuthorized(user = Bob Doe,
userOrg = Acme Corp
Request userRole = Marketing Manager
customerId = 99999
HTTP GET/POST action =getCustomerDetail)
Web
Client REST
XML
Web SOAP Web
REST/SOAP Service
Service
Client
JMS
<SOAP:Envelope>
…
<SOAP:Body>
<getCustomerDetailResponse>
<customerID>99999</customerID>
<name> Sally Smith </name>
Oracle Entitlements Server <phone> 555-1234567 </phone>
<SSN>***********</SSN>
<creditCardNo>@^*%&@$#%!</creditCardNo>
<purchaseHistory> … </purchaseHistory>
•Selective Data Redaction & Encryption of the Response </getCustomerDetailResponse>
response payload </SOAP:Body>
</SOAP:Envelope>
•OES authorization decision returns an “Obligation”
with information on what to redact and/or encrypt
13

14. Data Security
withOracle Entitlements Server
Security Module Security Module
Oracle
Entitlements
Security Module Server (Admin Security Module
Server)
• Enforcement of data security for heterogeneous data sources
- RDBMS, Object Relational, XML, Multi-Dimensional Cubes
• Enforcement of security at Data, Business Logic and Presentation tiers
• Integrates with Oracle and non-Oracle Databases, Hibernate, TopLink
14

15. Native & Custom Integrations
Portals and Content Management Identity Management
App Servers & Dev Frameworks XML Gateways
Middleware Data Sources
15

16. Oracle Entitlements Server 11g
Key Design Themes
Real-time Rapid Application Comprehensive
Authorization Integration Standards Support
16

17. Comprehensive Standards Support
with Oracle Entitlements Server 11g
• Supports modern authorization standards
• Attribute based Access (ABAC, XACML, OpenAZ)
• Role based Access (NIST RBAC, Enterprise RBAC)
• Java security frameworks (JAAS)
• Choice and flexibility ensures protection of existing investments
• Supports different IT maturity levels for externalizing authorization
• Commitment to innovation, contribution and implementation of
open standards.
17

18. 18| © 2011 Oracle Corporation – Proprietary and Confidential