By mark.wilcox on May 2, 2007 7:44 AM
Via my colleague VP who I'm working with to help build an Oracle By Example course around OVD and Oracle Access Manager - I learned we've got several new courses around learning how to use Oracle Enterprise Linux (OEL).
As you may know OEL is Oracle's new offering that at least in my personal opinion provides two things:
1 - Alternative network to get patches for Red Hat Enterprise Linux (or if you are starting from scratch, you can install Oracle Enterprise Linux which is very similar to RHEL)
2 - Ability to get Linux support from Oracle support
Also according to our Linux training page it appears you can now get an Oracle Certification around Linux.
So if you have been looking to get more details on Linux and/or more hands-on "in the dirt" with OEL without wanting to have to install the distribution, I think these courses might be very well up your alley.
By mark.wilcox on May 2, 2007 9:56 AM
Our OTN editor appears to have taken on the mission about how to make Oracle blogs more visible to the external world.
Personally I'm not so sure about the recommendations. I think somewhat the limits of the blog software running blogs.oracle.com are a hindrance (e.g. no trackbacks) and generally the fact that we're all still learning how to follow conversations in the blogsphere the way we might follow an email or forum thread.
However, I offer up another strategy to my fellow Oracle colleagues and non-bloggers in general on what/why to blog and perhaps break down some barriers to the conception we're not a "blogging company".
The strategy/principal is "Keystroke Conservation". The premise is that if you have a question you get via email (or perhaps one you need to write up to reply to later) from someone - instead of just replying via email - blog it and then send the link to the blog via email (since in reality most people will likely not be monitoring your RSS feed for responses). This way you have answered the question but once it's written in a central place - you've made it more accessible. It's (usually) instantly become easier to find, for others to link to and you to point others to.
And of course you can adapt the response over time.
Now for the tricky part - sometimes this information is internally proprietary and can't be blogged on the Web at large. So hopefully your organization has something internally you can point to. This doesn't have to be any official "blog software" it could be a Wiki (what we generally use internally here at Oracle) but even if you don't have that - it could be as simple as maintaining a document on a shared network drive that is accessible to your workgroup.
But if the information can be shared publicly - with the amazing amount of free places to start a blog (I know - my friend Zed (aka the dude who wrote Mongrel which is relatively famous for Ruby programmers) has teased me about the number of blogs I've had & failed to do anything with :)) - there is very little reason not to.
This Keystroke Conservation principal is something I've been trying to work on. Though it's a bit like my approach to exercise and diet - I'm better than I was but not yet where I want to be.
Thanks to my friend Jon Udell who created the concept and inspired this post.
By mark.wilcox on May 21, 2007 9:42 AM
We released OVD 10.1.4.2 last week. It is a patchset release and in many cases patchsets are primarily bug fix releases. However, in this case it is another major milestone for us because we were able to add new certifications and completed our integration with the Oracle process.
Perhaps the biggest news is that this release is the first certified release of OVD with Enterprise User Security (EUS) specifically EUS 10g. EUS is an Oracle database option that allows you to manage user credentials in a directory as well as centralize management of database roles. The EUS functionality has been in the database since 8i but until now always required an OID installation.
Due to customer demand - we have released a certified version of OVD to support EUS which means you can deploy EUS without needing to deploy (and synchronize) data to OID. More information on the integration can be found in the OVD 10.1.4.2 documentation. And more information on EUS can be found in the Oracle database security docs.
As part of this effort we are now also running the automated EUS regression tests against both OVD and OID. This should provide us with much higher quality QA in particular since many of these tests have been in-use for several years and thus are very mature. Many thanks to everyone who helped achieve this.
Other notables in OVD 10.1.4.2:
* Enhanced globalization capabilities including expanded multi-byte
data support and localization for 9 admin languages
* Ability to Control LDAP Anonymous Authentication, closing Inactive
Connections and controlling Database Adapter Connection Pools
* New Certified Components (Oracle TimesTen (6.0 and 7.0), MS SQL
Server 2005 in addition to the versions supported by OVD 10.1.4.0.1)
* This release also uses OUI for its installation on top of Oracle
Virtual Directory 10.1.4.0.1.
* And of course the usual round of bug fixing that accompanies any release (see the release notes for the complete list).
And we did all of this while including 12 different teams from across the globe to make an on-time release.
OVD 10.1.4.2 can be downloaded from Metalink (which is where patchsets are normally released) or from OTN. We are releasing on OTN for this patchset to make it easier for customers who wish to explore the EUS integration.
By mark.wilcox on May 23, 2007 8:10 AM
I've realized not everyone knows what Enterprise User Security is and thus I will take a moment to explain what it is which will then help demonstrate the importance of our EUS/OVD integration.
In general terms EUS simplifies database user account and role management allowing you to improve security and meet compliance requirements.
More specifically EUS allows:
- End-users to authenticate username and passwords to the database that are stored in an LDAP server
- Allowings mapping of users and groups to shared schema thus instead of having to share username/passwords to access a database application, users can have their own individual accounts
- Allows mapping of roles (aka Enterprise Roles) in the directory to database roles
EUS has been a database feature since 8i but until EUS 10.1 and OVD 10.1.4.2 - has always required an Oracle Internet Directory (OID) installation.
While OID is a very capable directory - some customers have delayed deploying EUS because they did not want to have to manage an OID instance only to deploy EUS, in particular in cases where they were not using any other Oracle product (such as portal or EBusiness Suite) that required OID.
The OVD-EUS integration allows customers to now manage all of the directory data required for EUS within the existing enterprise directory.
Consult the OVD 10.1.4.2 documentation for list of supported enterprise directories for this integration.
By mark.wilcox on May 24, 2007 7:21 AM
It turns out there was some delay in getting the OVD 10.1.4.2 docs posted on OTN. They were included as part of the install but now you can read them before installing OVD 10.1.4.2.
10.1.4.2 Product Manual
10.1.4.2 Release Notes
OVD-EUS Data Sheet
OVD Homepage on OTN
By mark.wilcox on May 24, 2007 7:54 AM
I was reminded that we have a tuning guide to the Oracle Internet Directory (OID). OID is Oracle's storage-based directory server that leverages the Oracle database to provide scalabilty, reliability and security. It is one of the components (along with OVD and Directory Integration Platform - which is our directory synchronization product) of the Oracle Directory Services package.
By mark.wilcox on May 24, 2007 4:00 PM
On this post the blogger ( mentions that Estonia is going to issue an OpenID for all its citizens as part of a national electronic identity project they already have implemented.
The blogger makes a rather bold claim:
"Those OpenID�s are very secure because smart cards are required which make phishing and identity theft impossible."
But as Simon Willson asks - how?
This is a classic case of being more positive than realities because when it comes to security - nothing is ever truly impossible. It can be harder - but hardly impossible. History is littered with examples where the "impossible" happened -
The Great Wall of China. Maginot Line. Titanic. 9/11.
And So am I really completely wrong? As far as I know scammers need a smart card as well to log in even if they know my password.
Here are some ways I could see how this system could fail:
- A person could be threatened or bribed into activating their smart-card for someone else to use
- The openid service itself could be hacked and thus faked
- The smart cards could be forged
- Valid smart cards could be given to false identities either through forged documents or dishonest government employees
- Someone could figure out how to simulate a valid smart-card authentication
- The openid server could have a bug that allowed for cross-site scripting attacks
- A phishing site might discover a way to capture a valid authentication and replay it later
Overall - I think this OpenID project is an interesting and necessary experiment (how else will ever learn whether OpenID is valuable or not?).
And smart-card authentication is generally more secure than simple username & password.
But we should be keeping in mind how these things can fail and adjust our trust levels as necessary.
By mark.wilcox on May 31, 2007 8:54 AM
One of the responses to my previous post on OpenID and Estonia (there's a phrase I never ever expected to write) is this "A Great Thing Going Amok?". That post is from a blog that appears to be about PassPack - an online password manager. I mention this because I personally wonder how much that fact influence's the poster's writing on OpenID.
Overall the author does raise some valid questions about whether it's a good thing that Estonia is using OpenID or that AOL now gives everyone an OpenID.
Personally I think the answers are on Estonia - probably needs more thought.
On AOL - most likely a very good thing for everyone involved.
And the reason is context.
For a national identity system - there needs to be much discussion about the various areas including security, privacy, legal, political and how it will effect the markets.
For an online identity provider and this is perhaps one of AOL's biggest assets, making it easier to use its identities with other networked entities - makes very good business sense not to mention potentially allowing for easier to use online transactions for its members.
And I think AOL should be commended for trying to do this via basically open systems.
Now the strangest bit to the poster's response is the claims the loss of Free Will in the decision by AOL to give every user an OpenID and by Wordpress enabling OpenID on their blog (the PassPack blog is hosted on Wordpress).
I can't quite figure out um, how, um, giving people you know more features - constitutes "Loss of Free Will".
Generally speaking - having more choices is usually a good thing.
And a basic tenet behind OpenID (and user-centric identity in general) is that you can have multiple identities online which again, gives you more choice about how you wish to exercise your "free will" online.
So yes, it puzzles me how any can claim "Loss of Free Will" in regards to OpenID....
