« April 1, 2008 | Main | April 22, 2008 »

April 11, 2008 Archives

April 11, 2008

Service-Oriented Security

By david.chappell on April 11, 2008 5:27 PM

At this week's RSA Conference 2008, Thomas Kurian laid out Oracle's vision for what is being coined Service-Oriented Security.  Service-Oriented Security is a way of using a service orientation to enable applications with a complete set of the common security capabilities and security processes such as authentication, authorization, user administration, role management, identity virtualization and governance, and entitlement management, as well as audit and control.  Tony Baer also discusses the topic in his blog: http://www.onstrategies.com/CURRENT-NEWS/Oracle-Releases-Role-Manager-Pushes-Service-Oriented-Security-Strategy.html. 


 


Typically an application may hard wire security capabilities, which makes for a brittle architecture that is not conducive to change.  With Service-Oriented Security, security capabilities and processes are decoupled from applications and more centralized via SOA, making them more available, manageable and consistent across an enterprise.  So in a sense, we are using SOA to enable and strengthen your SOA projects by making them more agile.


 


To back this up, there have been some key deliverables to date which enable this vision, which cover security issues spanning deployment, governance, administration, and development




  • GA of Oracle Role Manager, which provides a service for roles-based access control, provisioning and approvals across business applications.


  • GA of Oracle Application Access Controls Governor 8.0, which is control monitoring software that provides segregation of duties analysis and enforcement for heterogeneous enterprise application environments


  •  A controlled beta preview release of Oracle Fine Grained Authorization.  This is software designed to externalize hard-coded authorization policies from heterogeneous enterprise applications, and nicely complements Oracle's Identity and Access Management offering.


  • Identity Governance Framework - a multi-vendor standard proposal, spearheaded by Oracle, that provides a service-oriented privacy-aware architecture for developers to access identity data while adhering to usage policies.  Oracle, in conjunction with the Liberty Alliance, has delivered the first open source component of the proposed standard.  

For more information, check out these links -


White paper on Service Oriented Security  -


http://www.oracle.com/technology/products/id_mgmt/pdf/serv_oriented_sec.pdf


 


Other related announcements -


Oracle Releases Oracle Application Access Controls Governor 8.0


Liberty Alliance and Oracle Team to Advance Identity Governance Framework


 


Dave

| Comments (0) AddThis Social Bookmark Button

Search All Blogs

Google Search


Only search this blog

About April 2008

This page contains all entries posted to David Chappell Blog in April 2008. They are listed from oldest to newest.

April 1, 2008 is the previous archive.

April 22, 2008 is the next archive.

Many more can be found on the main index page or by looking through the archives.

RSS

Subscribe to this blog's feed
Powered by
Movable Type and Oracle