1) The document discusses Oracle Identity Governance and Access Management projects for several clients, including integrating numerous applications with OIM and implementing ESSO.
2) It provides an overview of integrating applications with OIM using connectors and protecting web applications using OAM with WebGates deployed.
3) Finally, it outlines different deployment approaches for OAM including agent-based, agent-less, using a terminal server as a gateway, and a hybrid approach combining methods.
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Andrejs Prokopjevs
Nowadays having a proper security configuration is a huge challenge, especially looking at the global hacks and personal data leak incidents that happened in IT a while back. Oracle EBS is not perfect and has lots of vulnerabilities covered by Oracle almost every quarter. A very small percent of Apps DBAs know all the features and options available, and usually, do not go over firewall/reverse proxy layer.
This presentation is going to cover an overview and recommendations of options and security features that are available and can be used out-of-the-box, and some of the non-trivial configurations that can help to keep your Oracle EBS system protected, per our experience.
Comprehensive Identity and Access Governance for Rapid, Actionable Compliance
The industry’s most comprehensive identity governance solution delivers user administration, privileged account management, and identity intelligence, powered by rich analytics and actionable insight.
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Andrejs Prokopjevs
Nowadays having a proper security configuration is a huge challenge, especially looking at the global hacks and personal data leak incidents that happened in IT a while back. Oracle EBS is not perfect and has lots of vulnerabilities covered by Oracle almost every quarter. A very small percent of Apps DBAs know all the features and options available, and usually, do not go over firewall/reverse proxy layer.
This presentation is going to cover an overview and recommendations of options and security features that are available and can be used out-of-the-box, and some of the non-trivial configurations that can help to keep your Oracle EBS system protected, per our experience.
Comprehensive Identity and Access Governance for Rapid, Actionable Compliance
The industry’s most comprehensive identity governance solution delivers user administration, privileged account management, and identity intelligence, powered by rich analytics and actionable insight.
Overview of Data Loss Prevention Policies in Office 365Dock 365
Presentation about identifying, monitoring, and automatically protect sensitive information across Office 365.
With a DLP Policy, you can:
- Identify sensitive information across many locations, such as SharePoint Online and OneDrive for Business.
- Prevent the accidental sharing of sensitive information.
- Monitor and protect sensitive information in the desktop versions of Excel 2016, PowerPoint 2016, and Word 2016.
- Help users learn how to stay compliant without interrupting their workflow.
- View DLP reports showing content that matches your organization's DLP policies.
Visit www.mydock365.com to learn more about SharePoint with Dock.
The Salesforce platform offers system as well as application level security capabilities for building robust and secure applications. Join us as we introduce the system-level security features of Salesforce, like authentication and authorization mechanisms that include various Single Sign-On and OAuth flows. We'll also cover declarative application-level security features, like user profiles, roles and permissions, and how an Organization Wide Security and record-sharing model enforces a finer level of access control over the data.
Presentation on using Social Login based on OAuth 2.0 with Oracle APEX, this includes a demonstration on how to configure Facebook, Google and LinkedIn to be used for authentication with APEX.
This presentation was given as a webinar as part of the Oracle APEX Office Hours series:
https://asktom.oracle.com/pls/apex/f?p=100:551:::NO:551:P551_CLASS_ID:744:
From the outset, Oracle has delivered the industry's most advanced technology to safeguard data where it lives—in the database. Oracle provides a comprehensive portfolio of security solutions to ensure data privacy, protect against insider threats, and enable regulatory compliance for both Oracle and non-Oracle Databases. With Oracle's powerful database activity monitoring and blocking, privileged user and multi-factor access control, data classification, transparent data encryption, consolidated auditing and reporting, secure configuration management, and data masking, customers can deploy reliable data security solutions that do not require any changes to existing applications, saving time and money.
Introduction to Oracle Cloud Infrastructure ServicesKnoldus Inc.
Oracle Cloud Infrastructure is a set of complementary cloud services that enable you to build and run a wide range of applications and services in a highly available hosted environment. Oracle Cloud Infrastructure (OCI) offers high-performance compute capabilities (as physical hardware instances) and storage capacity in a flexible overlay virtual network that is securely accessible from your on-premises network.
Oracle Enterprise Manager (EM) provides complete lifecycle management for the cloud - from automated cloud setup to self-service delivery to cloud operations. In this session you’ll learn how to take control of your cloud infrastructure with EM features including Consolidation Planning and Self-Service provisioning with Metering and Chargeback. Come hear how Oracle is expanding its management capabilities into the cloud!
(As presented by Adeesh Fulay at Oracle Technology Network Architect Day in Chicago, October 24, 2011.)
APIs have become a strategic necessity for your business. They facilitate agility and innovation. However, the financial incentive associated with this agility is often tempered with the fear of undue exposure of the valuable information that these APIs expose. With data breaches now costing $400m or more, senior IT decision makers are right to be concerned about API security.
In this SlideShare, you'll learn:
-The top API security concerns
-How the IT industry is dealing with those concerns
-How Anypoint Platform ensures the three qualifications needed to keep APIs secure
Zero Trust, Zero Trust Network, or Zero Trust Architecture refer to security concepts and threat model that no longer assumes that actors, systems or services operating from within the security perimeter should be automatically trusted, and instead must verify anything and everything trying to connect to its systems before granting access.
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...apidays
APIsecure 2023 - The world's first and only API security conference
March 14 & 15, 2023
Approaching Multicloud API Security USing Metacloud
David Linthicum, Chief Cloud Strategy Officer at Deloitte Consulting
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Open APIs - Risks and Rewards (Øredev 2013)Nordic APIs
Introducing Open APIs and the security risks involved and the great rewards that can be reaped. Going through the advantages of using and publishing APIs and how to get started, how to handle security risks with a "neo-security" stack and how Twitters API has been used to analyse Twitter use in Sweden.
Lightning talk from Øredev 7 november 2013 in Malmö Sweden. Presented by Andreas Krohn, Travis Spencer and Hampus Brynolf. More information at http://nordicapis.com/oredev2013.
Overview of Data Loss Prevention Policies in Office 365Dock 365
Presentation about identifying, monitoring, and automatically protect sensitive information across Office 365.
With a DLP Policy, you can:
- Identify sensitive information across many locations, such as SharePoint Online and OneDrive for Business.
- Prevent the accidental sharing of sensitive information.
- Monitor and protect sensitive information in the desktop versions of Excel 2016, PowerPoint 2016, and Word 2016.
- Help users learn how to stay compliant without interrupting their workflow.
- View DLP reports showing content that matches your organization's DLP policies.
Visit www.mydock365.com to learn more about SharePoint with Dock.
The Salesforce platform offers system as well as application level security capabilities for building robust and secure applications. Join us as we introduce the system-level security features of Salesforce, like authentication and authorization mechanisms that include various Single Sign-On and OAuth flows. We'll also cover declarative application-level security features, like user profiles, roles and permissions, and how an Organization Wide Security and record-sharing model enforces a finer level of access control over the data.
Presentation on using Social Login based on OAuth 2.0 with Oracle APEX, this includes a demonstration on how to configure Facebook, Google and LinkedIn to be used for authentication with APEX.
This presentation was given as a webinar as part of the Oracle APEX Office Hours series:
https://asktom.oracle.com/pls/apex/f?p=100:551:::NO:551:P551_CLASS_ID:744:
From the outset, Oracle has delivered the industry's most advanced technology to safeguard data where it lives—in the database. Oracle provides a comprehensive portfolio of security solutions to ensure data privacy, protect against insider threats, and enable regulatory compliance for both Oracle and non-Oracle Databases. With Oracle's powerful database activity monitoring and blocking, privileged user and multi-factor access control, data classification, transparent data encryption, consolidated auditing and reporting, secure configuration management, and data masking, customers can deploy reliable data security solutions that do not require any changes to existing applications, saving time and money.
Introduction to Oracle Cloud Infrastructure ServicesKnoldus Inc.
Oracle Cloud Infrastructure is a set of complementary cloud services that enable you to build and run a wide range of applications and services in a highly available hosted environment. Oracle Cloud Infrastructure (OCI) offers high-performance compute capabilities (as physical hardware instances) and storage capacity in a flexible overlay virtual network that is securely accessible from your on-premises network.
Oracle Enterprise Manager (EM) provides complete lifecycle management for the cloud - from automated cloud setup to self-service delivery to cloud operations. In this session you’ll learn how to take control of your cloud infrastructure with EM features including Consolidation Planning and Self-Service provisioning with Metering and Chargeback. Come hear how Oracle is expanding its management capabilities into the cloud!
(As presented by Adeesh Fulay at Oracle Technology Network Architect Day in Chicago, October 24, 2011.)
APIs have become a strategic necessity for your business. They facilitate agility and innovation. However, the financial incentive associated with this agility is often tempered with the fear of undue exposure of the valuable information that these APIs expose. With data breaches now costing $400m or more, senior IT decision makers are right to be concerned about API security.
In this SlideShare, you'll learn:
-The top API security concerns
-How the IT industry is dealing with those concerns
-How Anypoint Platform ensures the three qualifications needed to keep APIs secure
Zero Trust, Zero Trust Network, or Zero Trust Architecture refer to security concepts and threat model that no longer assumes that actors, systems or services operating from within the security perimeter should be automatically trusted, and instead must verify anything and everything trying to connect to its systems before granting access.
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...apidays
APIsecure 2023 - The world's first and only API security conference
March 14 & 15, 2023
Approaching Multicloud API Security USing Metacloud
David Linthicum, Chief Cloud Strategy Officer at Deloitte Consulting
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Open APIs - Risks and Rewards (Øredev 2013)Nordic APIs
Introducing Open APIs and the security risks involved and the great rewards that can be reaped. Going through the advantages of using and publishing APIs and how to get started, how to handle security risks with a "neo-security" stack and how Twitters API has been used to analyse Twitter use in Sweden.
Lightning talk from Øredev 7 november 2013 in Malmö Sweden. Presented by Andreas Krohn, Travis Spencer and Hampus Brynolf. More information at http://nordicapis.com/oredev2013.
Realizing Great Customer Experiences with Adobe® LiveCycle® ES3Craig Randall
Focusing on user experience can improve the value of the enterprise applications you deliver. In this session about the new architectural changes in the next release of LiveCycle ES as well as the new features in our servers, client runtimes and tools that will allow you to build, deploy and measure excellent customer experiences.
Directory Services with the ForgeRock Identity Platform - So What’s New?ForgeRock
Let’s be frank. Your identity platform is only as good as its foundation. “Identity done right” gets done wrong without a rock-solid directory to store and access all that identity data. While certainly not a sexy topic… directory is your plumbing making it a critical aspect regardless of its appeal. Good news for you however, either way you look at it our Directory Services, built from the OpenDJ project, is the gold standard: decades of telco experience led us to develop a high-performance, web-scale directory, delivering throughput in the tens-of-thousands of logins per second. We’re not s*itting you when we say we’ve got a lot of experience where the Sun don’t shine!
Webinar Highlights:
- Intro to the ForgeRock Identity Platform
- New features available in the release
- What does performance, scalability, and high availability to manage data for hundreds of millions of users, devices, and things look like?
Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/
Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/
FIWARE Identity Management and Access ControlFIWARE
This training camp teaches you how FIWARE technologies and iSHARE, brought together under the umbrella of the i4Trust initiative, can be combined to provide the means for creation of data spaces in which multiple organizations can exchange digital twin data in a trusted and efficient manner, collaborating in the development of innovative services based on data sharing and creating value out of the data they share. SMEs and Digital Innovation Hubs (DIHs) will be equipped with the necessary know-how to use the i4Trust framework for creating data spaces!
Securing Servers in Public and Hybrid CloudsRightScale
RightScale Webinar: Security and compliance remain major challenges to adoption of public cloud infrastructure hosting. Technical differences in public cloud environments render many established security models and controls inoperable. Understanding these differences and the options available to you are key to running a secure cloud environment.
Join Carson Sweet, co-founder and CEO of CloudPassage and Uri Budnik, Director, ISV Partner Program of RightScale for a free webinar where industry experts discuss why security and compliance are different in the cloud, outline a model for securing cloud-based hosting environments, and explain best practices for implementing a secure cloud infrastructure.
We will discuss:
- What's different about security in the cloud
- Shared responsibility
- Architectural challenges
- Key features to secure your cloud servers
- Secure deployment via RightScripts
Don't miss out on this opportunity to find out about all you need to secure your cloud servers!
Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...mfrancis
The “internet of things” is the next revolutionary wave following profound changes brought to us by Personal Computers (connecting places) and Mobile Phones (connecting people on the go). This third wave heralds the beginning of the new era of pervasive connectivity, embedded intelligence, and application convergence. It will be the world where smart things will communicate among themselves and with us enabling greener, more efficient, and at the same time more comfortable environment.
This talk will present a platform and products designed to serve the new markets enabled by the Internet of Things, with a particular focus on the value of the OSGi framework enabling convergence of Home Automation, Smart Energy, Electric Vehicle Charging, and e-health on a single remotely manageable platform. It will also provide insights on how the platform was developed leveraging the extensibility offered by the OSGi framework and ProSyst’s modular architecture.
The built-in OSGi stack provides Java-level abstraction of the network interfaces and Smart Energy Profile 2.0 stack as well as cloud integration features such as web server, web services and standards-based remote management. The OSGi framework is the key enabler of the product lifecycle and remote application management mandatory for service provider driven deployments. The Smart Energy 2.0 standard is a key element of the future smart grid. And the work presented in this talk describes the first platform integrating the SEP 2.0 protocol stack with an OSGi based middleware. The OSGi based solution also provides higher level of device security through the use of secure element. The UDK-21 is build around a System-on-Chip STreamPlug (ST2100), the solution features a fully integrated HomePlug PHY/MAC and Analog Front End combined with the ARM926EJ-S processor and a rich set of interfaces.
A demo showing Smart Energy Profile 2.0 use cases will outline these features. The demo will show how web based applications can interact with the OSGi stack on the already publicly available UDK-21 based gateway to control remote devices, such as a thermostat or an electric load. The access to SEP 2.0 devices will be done by the means of JSON-RPC based APIs, independent of the underlying device protocol, hence highlighting the benefits of a generic protocol agnostic architecture from the application standpoint. Other examples of the products that can be built around UDK-21 include Electric Vehicle Charger, Smart Meter, and a Basement Sensor Hub.
A Breakout Session on Atomic Architecture presented by ForgeRock team members Jamie Nelson, VP Engineering, Jonathan Scudder, OpenAM Lead Architect & Co-founder, and Jake Feasel, Sr. Software Developer. At the 2014 IRM Summit in Phoenix, Arizona.
The wait is over! ForgeRock is releasing shiny new versions of all solution areas of the ForgeRock Identity Platform. To give you a preview on what’s coming, join this webinar to hear directly from the Product Managers what’s new in:
Access Management
Identity Management
Directory Services
Identity Gateway
Shared Services
Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/
Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/
FIWARE Training: Identity Management and Access ControlFIWARE
An online training course run by the FIWARE Foundation in conjunction with the i4Trust project and IShare Foundation. The core part of this virtual training camp (27 Jun - 01 Jul 2022) covered all the necessary skills to develop smart solutions powered by FIWARE. It introduces the basis of Digital Twin programming using NGSI-LD (the simple yet powerful open standard API enabling to publish and access digital twin data) combined with common smart data models
In addition, it covers the supplementary FIWARE technologies used to implement the rest of functions typically required when architecting a complete smart solution: Identity and Access Management (IAM) functions to secure access to digital twin data, and functions enabling the interface with IoT and 3rd systems, or the connection with different tools for processing and monitoring current and historic big data.
Extending this core part, the training camp also cover how you can easily integrate FIWARE systems with blockchain networks to create audit-proof logs of processes and ensure transparency.
2. Our Major Projects on Oracle Identity Governance and
Access Management
Client: Robi (An Axiata Telecom Company)
Project Scope: Supply of hardware and software; integration of 11 applications with OIM;
implementation of ESSO on 20 applications
Client: Banglalink
Project Scope: Integration of 16 applications with OIM; Implementation of ESSO on 24 applications
Client: Acleda Bank Plc, Cambodia
Project Scope: Implementation of ESSO on 15 applications
Client: Grameenphone Ltd
Project Scope: Supply of hardware and software; integration of 134 applications with OIM;
integration of 700+ nodes with OPAM
2
3. Integration with OIM using connectors
3
Application Database
Recon Employee Master Data
Provisioning
Reconciliation Adapter
Provisioning Adapter
Reconciliation
HRMS
Data From Authentic Source
(Trusted Reconciliation)
Oracle Identity Manager
Identity Connector Framework
(ICF)
[DBAT]
4. Protecting Web Application Server using OAM
Web Servers
(Apache, IIS, OHS etc)
Users
OAM Cluster
LDAP Server
(Active Directory/OID/OUD)
OAM WebGate Deployed
to Protect Resources
Verifies User Credentials
Pass Security TokensUser Request Web URL
5. Single Sign On Request Flow in OAM
End Users
User Store (LDAP)
Web Server With WebGate Oracle Access Manager
User Request Web URL Check Protection
Evaluates & Returns Policy DecisionRedirect To App if Unprotected
Sends Login Page if Protected
Send User Credentials Verify User Credentials
Create Sessions , Cookies or HTTP Headers
Check User access
10
Evaluates and Return Authorization
11
Redirects to Application if Authorized
1 2
34
5
6 7
8
9
6. Integration with OAM for SSO using webgate
External Users
Front End Proxy
(Deploy Webgate)
Application Servers
Internal Users
Oracle Traffic Director
Oracle Access Manager
Active Directory
Oracle Internet Directory
7. HOLISTIC VIEW OPAM DEPLOYMENT
77
Remote Users
VPN SSH/RDP
Internal User
RDP
Access Over LAN
OPAM Windows Agent
OPAM Application Server Database Server
Metadata logs
and
Video Capture
SSH RDP SSH SSH/Telnet/Web Browser
User Session Data Flow
Audit Data Flow
OPAM Session Manager
Terminal Server/Jump Server
LDAP Server
OPAM Windows Agent
8. AGENT-BASED DEPLOYMENT (WINDOWS)
8
Database
Server
OPAM Application
Server
Metadata logs
and
Video Capture
OPAM Windows Agent
OPAM Windows Agent
OPAM Windows Agent
OPAM Windows Agent
ActiveDirectoryFileServerApplicationServerDesktop
Remote Users
VPN
RDP
RDP
RDP
Internal User
RDP
Access Over LAN
Local login
Direct Login
User Session Data Flow
Audit Data Flow
9. AGENT-LESS DEPLOYMENT (LINUX/UNIX)
9Database Server
OPAM
Application
Server
Metadata logs
and
Session Capture
Remote Users
VPN
SSH
Internal User
SSH
OPAMSession
Manager
User Session Data Flow
Audit Data Flow
OPAM Session Manager
LDAP Server
Authentication
10. TERMINAL SERVER AS A GATEWAY
10
Remote Users
VPN
RDP
Internal User
RDP
Access Over LAN
Putty
Web Browsers
(Web Portals)
OPAM Windows Agent
OPAM Application Server Database Server
Metadata logs
and
Video Capture
SSH RDP SSH SSH/Telnet/Web Browser
User Session Data Flow
Audit Data Flow
OPAM Agent
Terminal Server/Jump Server
11. FIREWALL CONFIGURATION FOR GATEWAY APPROACH
11
• Network Firewall do not allow end user to bypass Terminal server.
RDP
Internal User
Access Over LAN
Remote Users
VPN
RDP
Terminal Server
12. HYBRID DEPLOYMENT-PROPOSED SOLUTIONS
(AGENT-BASED + AGENT LESS + GATEWAY APPROACH)
1212
Remote Users
VPN
SSH/RDP
Internal User
RDP
Access Over LAN
OPAM Windows Agent
OPAM Application Server Database Server
Metadata logs
and
Video Capture
SSH RDP SSH SSH/Telnet/Web Browser
User Session Data Flow
Audit Data Flow
OPAM Agent
Terminal Server/Jump Server
LDAP Server
OPAM Windows Agent
2FA
2FA
2FA
13. ORACLE ACCESS MANAGER - 2FA
1313
Remote Users
VPN
OPAM Self Service
Console
Internal User
User Login using RDP
Access Over LAN
OPAM Server
Terminal Server/Jump Server
LDAP Server
OAM Server
2FA1
2
Token for 2FA
4
OPAM Windows Agent
3
2 FA Token
14. ON DEMAND ACCESS
1414
OIM & SOA PlatformEnd Users Approval Policy
Terminal Server/Jump Server
LDAP Server
Reset
Password
Authentication
SSH
RDP
SSH/Telnet/Web Browser
Request for
Access
Approval
Process