SANS Institute Product Review of Oracle Entitlements Server
By B Shashikumar on Apr 24, 2012
In a new independent product review report titled “Demystifying External Authorization: Oracle Entitlements Server Product Review”, SANS analyst and senior courseware author, Tanya Baccam provides an insightful analysis of Oracle Entitlements Server (OES) strongly endorsing its key capabilities and customer benefits. In this product report, the SANS institute reviewed some of its core capabilities which enable businesses to enforce granular security throughout the stack - apps, web services, portals or databases can all be secured with OES. You can download the full product review here.
- Application Security: Applications of many flavors – including homegrown, packaged and cloud applications can be secured with OES. Organizations can decouple the evolution of authorization policies from business logic by externalizing access privileges from applications. This drastically simplifies the application development lifecycle.
- SharePoint Security: Content Management Servers such as SharePoint provide excellent facilities for storing, retrieving and sharing documents. They often come with standard facilities to secure documents. OES can extend these simple security models with sophisticated RBAC and ABAC based models. OES s allows organizations to gain control of prolific use of SharePoint. It can also lock down information hosted in SharePoint to a very granular level protecting web parts, pages, list items and so on.
- Data Security: Sometimes information stored in a database is extremely sensitive and extensive checks need to be done irrespective of the application. For example, credit card numbers and passwords should only be shared on a need to know basis. In these situations it may be desirable to enforce restrictions from within the Database itself. OES can be used to do Row and Column level filtering based on standards based authorization policies. Because this filtering is done within the database, security policies will be enforced irrespective of the application. This solution is also useful with legacy applications which cannot externalize authorization.
- Web Services Security: OES in combination with XML gateways such as Oracle Enterprise Gateway helps enforce granular security for SOA environments. For instance, organizations can now enforce security policies for web services based on the content of SOAP headers and attribute information. This makes it easier to enforce policies based on time of day, client IP etc. Policies can be setup to redact confidential information from web service responses. And OES supports most web services message standards including SOAP, REST, and JMS.
- “The ability to
centrally manage access down to the specific resource level has, in the past,
seemed unachievable beyond a system-by-system basis. Oracle
Entitlements Server (OES) made the process of controlling access easier—and
more manageable across multiple applications and scenarios within those
applications—with no retooling of applications required.”
You can download the full report here.