Virtual Identity Dialogue

I'll be joined by Alex Petrushko from our partner Identigral to talk about how Oracle Virtual Directory can improve your identity management implementation. Alex will be speaking about how a large telco provider used OVD to reduce time it takes to deploy new applications.

The webcast will be live at:
Nov 19, 2009
12:00 p.m. Eastern/ 9:00 a.m. Pacific (60 minutes)

I believe it will also be available for replay as well.
Register for the Webcast

Posted via email from Virtual Identity Dialogue

I wasn't able to make it to Internet Identity Workshop this week because I would like to know the thoughts on Facebook Connect. It appears that more and more sites are now allowing you to use your Facebook account to authenticate you.

The experience in my opinion may make this Facebook's killer app (though my wife's obsession with Cafe World, makes me wish I had paid more attention to Flash development back when it first emerged).

The reason is that - I simply clicked on the Facebook icon on the site I was accessing. And because I happened to be logged into Facebook at the time - I I was granted access. If you are not logged in, you are presented with the familiar Facebook login in a screen. And it then connects you - NO REDIRECTS.

I fell out of my chair. I didn't think that would be possible. But yet, there it was.

And of course the Connect process is potentially prone to phishing attacks but we've been dealing with those for a long time now. So even if you were a bank and wanted to use Facebook Connect -if you combined it with an anti-fraud solution like Oracle Adaptive Access Manager including potential secondary pin (so you would have 2-factor authentication without needing to manage millions of additional passwords) - it's not any less secure than current systems.

I'm not sure of the technology behind it. And I know that the bulk of my friends on Facebook - wouldn't care. And if I was running a consumer-facing business that needed authentication for whatever reason - I would strongly consider rolling the dice on just supporting Facebook Connect backed up with traditional local accounts. And tell the other big-guns out there - if you want to play in my space - you have to give me an experience like Facebook Connect.

Posted via email from Virtual Identity Dialogue

I'm trying out http://www.posterous.com which is a nifty new service I found about via This Week In Startups. Basically it radically simplifies blogging. You send an email to post@posterous.com and bingo you have a blog. No preregistration is necessary. In fact if you don't need to edit your blog - you never ever log into anything.

Plus it will post anything - blogs, photos, video, audio (the latter as attachments). And it supports autoposting which hopefully will make it easier for me to post more frequently. It also means duplicate blogging but that's ok - because it means I can have an IDM blog that is hosted on Oracle and one that is not in case I need the latter in the future.

((tag: marktest))

Posted via email from Virtual Identity Dialogue

I'm testing new blog update software.

Sent from my iPhone

Posted via email from Virtual Identity Dialogue

I will be co-presenting on two sessions at OOW.

The first is Getting More out of Siebel and PeopleSoft Applications with Oracle Directory Services on Oct 13 (Tuesday) at 4pm in Moscone South 236.

The second is Microsoft Active Directory and Windows Security Integration with Oracle Database  on Oct 14 (Wednesday) at 10:15 am also in Moscone South, Room 236.

We will also have a booth in the Identity Management section.

Hard to believe it's the end of September.

Anyway we (and by we, I mean Olaf Stullich my fellow PM here in directory services) updated our white paper on Centralized Oracle Database User Management aka Enterprise User Security.

The most prominent change is to highlight we now also support Novell eDirectory with OVD EUS.

Over the Labor Day weekend, we took a quick trip to visit my parents who still live in Waco, TX (I now live up near Plano, Tx). During the weekly post-church (which primarily serves as social network to organize lunch and dinners during the week) lunch - my parents and parents friends (most of whom, I've known for 20 or more years) got to celebrate the primary accomplishment of Labor Day weekend.

Which is that I finally got my Mom on Facebook. That was much harder than I thought because of lack of updates on the Mac but it did allow me to watch all of the college football games I wanted :).

But what really struck me as funny was that everyone at the table was all playing Farm Town on Facebook. This is a game where you get to plant different crops, raise animals, etc and of course harvest them.

As we were breaking up to go our separate ways - it occurred to me, that the conversations were probably very similar 100 years ago (my parent's church is over 100 years old as a prairie church).

Basically the common phrase was:

"I need to go home and harvest my crops".

Except in 1909 they meant this:

And in 2009 that means this:

I don't do much .NET development these days but I saw this posted on Planet Identity yesterday so I thought I would pass it along for anyone who reads this but maybe doesn't subscribe to the Planet Identity feed.

Zetetic - Zetetic.Ldap - Bringing LDAP + LDIF tools to .NET

It's a new general purpose LDAP API for .NET that at least at first glance feels similar to UnboundID's new LDAP API.

While it's good to see new development in this space - we are trying to move developer identity development into a simpler API via our upcoming ArisID Beans API. Hopefully I will be able to share more about this API soon but as usual - until it's released, I can't publicly talk about it.

However, I can give a slightly more concrete teaser - my goal with ArisID is to make it so that it's like Java Persistence Architecture (JPA) for Identity. Meaning - developers can focus on writing business objects and then just run an IDE extension that creates the proper meta-data (e.g. the CARML file) for it so that an IGF identity provider can provide the data to the client.

It's my belief that if a developer can write something like:

public class MyCustomer {

String customerName;

String customerAddress;

String customerIdentifier;

Boolean isGoodCustomer;

}

That should be basically all they need to do to really worry about when building identity data into their applications.

Until then API like Zetetic.Ldap can help reduce some of the pain at a lower level.

Between helping get internal people up to speed on 11g, a really bad cold which may or may not have been the flu, and vacation (which was culminated with me getting to see two of my current favorite bands live on the Mayhem tour) - been a bit behind on getting to respond to some stuff floating around the blogsphere.

The strangest one was the implication that we here in the Oracle mothership had not been innovative in regards to virtual directory.

Particularly ironic was it came soon after I got publicly acknowledged with an Oracle Innovator Award. And of course we just released 11g.

While we have done several updates to OVD functionality over the past several years (including Oracle Database Enterprise User Security and Microsoft Sharepoint integration) I wanted to highlight the new functionality in our 11g release.

The primary focus for 11g was to improve manageability and usability as opposed to adding a bunch of new server features. The reason for this is that we believe that we already lead the industry in terms of features. Thus there was not as much pressure in terms of adding missing features for the initial release.

The key difference between 10g and 11g is the UI. In 10g, the UI was based on Eclipse. In 11g, we now use a browser-based management console.

While Eclipse was nice (I have no reservations on building another tool using Eclipse RCP) but moving to the Web gave us some advantages:

• By using Oracle ADF UI framework able to leverage the hard-work of this amazing Web-2.0 ready product
• Simplified the ability to integrate with Enterprise Manager and our additional IDM products (as they release their own 11g versions) for administration
• Eliminates problems where customers either couldn't install software on their desktops and non-Windows/Linux platforms

So now let's take a look at some of the new UI elements. If you're reading this in an RSS reader - make sure to click the link to see the blog in your browser to see the images if they don't show up in your reader.

First all Fusion Middleware Components are now integrating with Enterprise Manager. EM provides a standard way of providing monitoring, performance information as well as standard access point to logging and audit information:

The next three shots show different screens with Oracle Directory Services Manager (ODSM). ODSM is used to manage OVD and OID. However, you can still deploy OVD without OID. And you can deploy OID without OVD.

First up is the ODSM Home screen. It provides additional status information not currently found in EM - such as adapter status and version information:

Next we take a look at the ODSM Data Browser which is often used by administrators to quickly see how the data will appear in OVD. I would like to highlight the fact that we have made this data view, much nicer for common LDAP data. In this example we are looking at a person entry - note that we show the most common data in an easy to read format. And if you have a picture for the entry, it shows up (otherwise we show a default icon). This can make it easier to actually check the data because most other LDAP tools don't really make it easy to see the data - they cloud it with attributes you don't really care about. We still provide access to all attributes, but for the common data you probably care the most about - it's highlighted up front.

Finally - all 11g Identity Management will write audit data to a common audit system. By default this is written to a text file. However, it is possible to write this data to a database. And if you write the data to a database, we provide a standard set of Oracle BI Publisher reports.

IdentityForge which is our preferred partner for providing LDAP-enabled access to mainframe identity data has updated their website. And if you have identity information locked in your mainframe that you are trying to integrate with your identity management infrastructure - these are the ones to look to.