In my previous blog post, I was introducing the National Research and Education Networks (NRENs), their pivotal role in the higher education and research ecosystem, and the reason why Oracle Cloud Infrastructure (OCI) needs to be interconnected to their academic network exchange points at the various geographies. Other than the direct peering of networks that prevents sensitive research traffic to pass through the public Internet or any third-party provider, another major technical enabler is the integrated Identity Governance and Access Management for the maximum safety and security of cloud users and their data.
National Identity Federations
In many regions across the globe, the NREN (or a dedicated organization) also takes the role to run the national identity and access federation of the country. An identity federation is a collection of organizations that agree to interoperate under certain rules. These rules are legal frameworks, policies, technical profiles and standards such as the Security Assertion Markup Language 2.0 (SAML2). These provide the necessary trust and security to exchange identity information to access e.g., services in the cloud. Often there are regular federation members (universities and research institutes), which operate services (SP) and provide identities (IdM), and federation partners (commercial companies such as Oracle that offer services to higher education and research), which only operate services (SP) in the federation.
On top of the national federations, the eduGAIN interfederation service operated by GÉANT connects identity federations around the world, simplifying access to content, services and resources for the global research and education community. eduGAIN comprises over 60 participant federations connecting more than 5,000 Identity and Service Providers for 27 million users (coverage illustrated on the map below with dark colors).
Oracle Identity Solutions
Oracle has been consistently placed in Gartner’s Leaders quadrant of technology companies offering Identity Governance (IG) and Access Management (IAM) solutions worldwide. Oracle's complete, integrated, next-generation identity management platform provides breakthrough scalability and enables institutions to reduce operational costs. Researchers gain the flexibility to secure sensitive applications and data - regardless of their on-premises, cloud or hybrid deployment model. A technical deep dive into multi-tenant identity provisioning and Federated Single-Sign-On (FedSSO) in a hybrid deployment is given in this article.
While undertaking digital transformation projects, institutions must consider Identity-as-a-Service (IDaaS) deployments instead of the traditional on-premises deployment model. Gartner estimates that by 2020, 40% of IAM purchases will be for IDaaS, designed to replace or supplement on-premises deployments. Although Oracle’s on-premises Oracle Identity Governance (OIG) appliance is still demanded, there are more and more customer requests for hosting identity management solutions in the cloud. Oracle’s Identity Cloud Service (IDCS) fully addresses these needs. Today, almost one third of Oracle’s IDCS production deployments are in the public sector, higher education and healthcare.
By implementing Oracle's Identity and Access Management solutions in conjunction with existing investments and emerging technologies in the cloud, we believe higher education and research customers have the opportunity improve their security posture and enable better collaboration and greater innovation globally.
For Oracle, it’s going to be a game changer to become a partner of eduGAIN at the global scale. Joining eduGAIN practically means joining an eduGAIN member federation of a country. Which one to join? There is no strict rule, but one reasonable option is to contact the national federation of the country where Oracle is based (i.e. the InCommon Federation of the USA) or where the services are geographically operated. Discussions are on-going with Internet2 in the USA, GÉANT in Europe and other geographies in this respect.
To learn more about how Oracle is enabling research at scale, visit us here.