1 / 22

Kerry Osborne Senior Oracle Guy

Kerry Osborne Senior Oracle Guy. Caveats. The opinions expressed are mine … I’m an old guy I am biased towards Oracle technology I have not drunk too much of the Kool-Aid. Why Identity Management?. My Totally Unscientific Survey ~40 companies ~90% public ~40% over $1B

jackson-rowe
Download Presentation

Kerry Osborne Senior Oracle Guy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Kerry Osborne Senior Oracle Guy

  2. Caveats • The opinions expressed are mine … • I’m an old guy • I am biased towards Oracle technology • I have not drunk too much of the Kool-Aid

  3. Why Identity Management? My Totally Unscientific Survey • ~40 companies • ~90% public • ~40% over $1B ~95% are interested in Identity Management

  4. Why Identity Management? • Users are frustrated • SOX is Scary • Need to Reduce Costs • It’s Complicated

  5. Why Oracle Identity Management? OID Oracle Database Oracle Identity Management

  6. Oracle Internet Directory (OID) • v3 compliant LDAP server • Built on Oracle Database • Scalable • Performant • Highly Available

  7. Speaking of eggs • Is it better to have all your eggs in one basket, or not?

  8. Squirrel and Fort Knox

  9. Squirrel and Fort Knox • Squirrel’s Approach • He puts nuts in lots of places. • They are totally insecure. Therefore, he needs lots of holes. • He has lots of nuts. Therefore, he doesn’t care if he loses some. • Fort Knox Approach • Put all the gold bullion in one place and lock it down. • Can’t afford to loose any. • Not enough man power to guard many locations.

  10. Back to the Future Traditional Database Systems • Usually authenticated by the database • Yielded lots of silos • Usually not directly associated with a person

  11. Two Common Security Models • Every user has his own database account • Full access to base tables must be granted • Access to ad-hoc tools must be limited • Can make use of advanced Oracle features OR • Users log on to a proxy account • Better approach generally (see caveat 1.0) • Not necessary for user to know the actual account • Easier to convert to centralized authentication

  12. Case Study #1 Document Management / Workflow Application Problem: • Build a document management system capable of handling millions of documents from paper to searchable XML database. • The application should support multiple groupings of users with multiple responsibilities. • Provide a very flexible routing/approval infrastructure.

  13. Case Study #1 Architecture: • Oracle Database using Oracle Text • Java application to access the final database • Oracle Forms • Oracle Workflow

  14. Case Study #1 Solution: • Use proxy security model where by all users log on to a common database account. • Use OID for authentication • Create a table of users • Synchronize application users table with OID via triggers • No need for password field in users table • Create view of users table for Workflow

  15. Forms App OID/SSO Authentication Workflow Workflow_users_view Database Trigger App_users Username Email Workflow_users Username Email Case Study #1

  16. Case Study #2 Consolidation of Security Models / Authentication Problem: • Numerous custom Oracle based applications all with their own security components makes compliance with government regulations difficult. Architecture: • Numerous applications all accessing Oracle. • Each application uses individual database account security model. • The applications use database roles for security. • The client uses Oracle’s Internal Controls Management product. • The client plans to implement Oracle Financials.

  17. Case Study #2 Solution: • Convert custom applications to “Bolt On” applications in Oracle Financials. • Provides a common security model • Provides auditing capability • Provides a common user interface • Provides out of the box integration with OID/SSO

  18. OID/SSO XX1 Users Roles Menus Fin Apps Apps GL AP XX1 XX2 … Users GL_User1 AP_User1 XX1_User1 XX1_User2 … XX2 Users Roles Menus Responsibilites AP Clerk AP Super User XX1 Clerk XX1 Super User … Case Study #2

  19. Case Study #3 Active Directory Sync / .Net Application Problem: • The users wish to have centralized authentication • This will provide users with access to the application, whether they are defined in AD, OID or the application. Architecture: • .Net application • The application uses the Proxy Security Model with an internal table of application users.

  20. Case Study #3 Solution: • Use OID as the central repository • Synchronize OID with AD and the Internal Users Table • AD sync accomplished with DIP on timed basis • Database users table sync is bi-directional • To OID via database triggers • From OID with timed job using function based view (ldap search)

  21. .net application IIS Oracle Database AD Oracle SSO Plug In App_users via trigger OID/SSO timed event Sync Ldap$users Case Study #3

  22. Questions? www.enkitec.com Kerry.Osborne@enkitec.com

More Related