Virtual Identity Dialogue

I had a couple of messages posted as comments to other posts that I want to respond to.

Jackson Shaw asked me:
"I think you need to do a better job getting the word out and, unless I
am mistaken, Oracle charges for Kerberos, smartcard and radius
authentication (Oracle Advanced Security).
I realize as software vendors we all have to make money for our
shareholders but charging for OAS? Microsoft doesn't charge for any of
those capabilities.
Maybe I'm mistaken about that but if so, see your first take: "Maybe we
need to get the word out."
Best,
Jackson"

My answer:
Need to be more specific here - Oracle is *not* just the database :). If you are using Oracle SSO and/or Oracle Access Manager- they can leverage Kerberos via Windows Native Authentication without needing any other additional license.

If you do wish to use Kerberos (or any of the other authentication options covered by ASO) - you do currently need the Advanced Security Options license. I don't discuss pricing or licensing details - I just handle functional/technical issues and what the price list says :). Though I would point out there are many other features that ASO covers such as Virtual Private Database and database encryption technologies that you likely will want to use anyway. 

Finally in terms of comparing to Microsoft "for free" - as I pointed out in this post - if your client is on Windows (and can leverage OS Authentication) and the Database on Windows - you can use OS Authentication without needing ASO license (though I would ask that you confirm any licensing questions with your account represenative). That's effectively the same as what MSFT gives you. Except that we don't limit you to running your database just on Windows. Or having to just use AD for your directory.
---
James from Architect Book wrote me:
All the stuff that you mentioned requires OVD, I think Jackson wanted
it to be supported in Oracle natively without having to acquire any
additional products and/or licenses.

My reply:
Actually none of the Kerberos components require OVD at all. If you want to deploy OSSO 10g (current version) it does require OID though I believe we'll change that requirement in the future. EUS (which is orthogonal to Kerberos authentication because EUS is primarily about user management) does require either OID or OVD. But even that being said - most organizations do benefit from a virtual directory for use cases that extend beyond the database.

My colleague and friend Manny Fernandes asked me "hey if the DB lets you manage users with AD - why do you need EUS?"

The simple answer is that no - it doesn't replace the need for EUS because it doesn't cover all of the use cases EUS does.

Database Windows Native Authentication provides this:
If user is a member of AD Group ORA_DBA - they have SYSDBA privileges
If user is a member of AD Group ORA_OPER - they have SYSOPER privileges

Otherwise you need to manually create each user in the database and set them up to be identified as "external" though you can use the Oracle Admin Assistant for Windows to map AD groups to Database roles.

And - this is all restricted to just database running on Windows.

EUS in contrast provides
Ability to map multiple users to a shared schema 
Ability to map members of enterprise LDAP groups to DB roles
Is not restricted by any OS (though does require OID or OVD)

I had this post on my mind for a while so I thought I'd finally write my rant before the year ran out.

It appears there is a strong and growing backlash to PowerPoint aka PPT (even at OOW we had the "No Slide Zone"). Which I think is focusing on the wrong thing. To borrow an analogy I read "Blaming PPT for bad presentations is like blaming ball-point pens for bad penmanship".

Basically - the tool isn't the problem though I'll admit it does make it easy to do presentations badly.

First some presentation background. Before We had PPT - when you learned to give a speech (my dad is a speech teacher & I took many speech classes throughout school) was to write down your key points (bullet points :)) on 3x5 cards.

And even in those ancient days - hard to imagine BUT some people presented well and many did not.

Enter PPT - which because it seemed to make 3x5 cards now viewable by everyone in the room - somehow we decided that was a good thing.

Which of course leads to "Death by PowerPoint". I have also experienced "Death by Boring Demo". Though each are caused by the same basic problems.

Which is actually sad because PPT (and it's copy-cat cousins) probably does more to actually enable good presentations than practically any other tool.

That is if you know what to do.

My advice largely based on "Beyond Bullet Points" and "Presenting to Win" is this:
* Organize your thoughts into 5, 15 and 45 minute presentations
* On slides - use graphics to communicate visually. Leave any verbal notes in the Speaker Notes field
* Practice your presentation

And if you are going to give a demo - in particular at a conference booth - keep it snappy & short. While we like to think it's "Show & Tell" - in reality it should be more "Show and Listen". Both sides will learn more from conversation framed in the context of the demo than watching the canned presentation anyway.

Finally here are 3 presentations that I think really show what you can do:

I've linked to places that will let you purchase the video. Trying to find them online elsewhere is left as an exercise for the reader.

* Robert Wuhl's "Assume the Position" - Very entertaining trip through pop-culture history going back even into the 1700s.
* Thomas P. Barnett's "Pentagon's New Map" - Besides presenting a new way to look at the world  - this is the presentation that totally changed my view of what a PPT presentation could be.
* Al Gore's Inconvenient Truth - I don't agree with the movie (though for much more complex reasons that don't belong in this blog) but I have to admit - he can give one heck of a PPT. After all it won him an Oscar and a Nobel Peace Prize.