Thursday Apr 30, 2015

PaaS Use Cases: Cloud Documents Sharing and Collaboration

In my post yesterday, I had announced the availability of the April Edition of Oracle Fusion Middleware Newsletter. The newsletter was all about how PaaS services are enabling a digital transformation in the workplace. Enterprises are now not just about their employees but the all encompassing ecosystem of employees, partners, suppliers and even customers. Geography and time zones no longer define the workplace. The workforce needs anytime, anywhere access to work content, available off any device. The same content needs to be shared and collaborated on by people both within the organization and outside. In this world, cloud content sharing and collaboration is not a nice to have but a must have. Oracle Documents Cloud Service (DOCS) is an enterprise-grade cloud content sharing and collaboration solution that allows you to store, share and access content from anywhere off Web, desktop and mobile devices securely and with access trails. But more than that,  Oracle DOCS ties the content available to you to context - to the enterprise content, business processes and applications that you rely on to get your work done.

To offer a 360-degree perspective on why Oracle is investing its R&D efforts in cloud sharing and collaboration, be sure to tune into our live executive webcast on Wednesday, May 13 at 10 am PT/1 pm ET where we would have not only our senior Product Management executives but also Oracle CIO, Mark Sunday, VP of Content and Digital Media Technologies at IDC, Melissa Webster, EVP of TekStream Solutions, our customer as well as Oracle VP of Marketing Cloud, Alex Hooshmand discussing the role of enterprise cloud content sharing and collaboration. Save the date and register today for this webcast.

In the meantime, take a look at some of the common use cases we find where enterprise-grade Documents Cloud Service adds value to Lines of Businesses and IT. Here is the feature from our recent April edition of the newsletter featuring our upcoming webcast's host, Scott Howley, Vice President, Product Management at Oracle.

Cloud Computing Use Cases: Oracle Documents Cloud Service

Cloud computing—software as a service, platform as a service, and infrastructure as a service—is an undisputed game-changer in the corporate world. But with so many different cloud options, it can be complicated to align them with possible real-life scenarios. Here’s where use cases come in handy. In this series of articles, the Oracle Fusion Middleware Newsletter will illustrate how various aspects of cloud computing work within a business setting. For this issue, we’re looking at Oracle Documents Cloud Service.

“One of the reasons that cloud-based file-sharing services are so popular is that they address a universal challenge. Every employee, regardless of their role, needs a secure way to share files for work collaboration,” says Oracle Vice President of Oracle Fusion Middleware Product Management Scott Howley. “In addition, today’s digital workplace requires a 24/7 access to work content from anywhere on any device.”

Use Case 1: Coordinating with Business Partners
Today, internal business functions work with a variety of outside partners—think, for example, of a project in which marketing collaborates with an outside agency on deliverables. “You need to be able to collaborate and share files in real time, but without jeopardizing confidential information such as a press release that could impact stock prices,” says Howley. With Oracle Documents Cloud Service, you have the convenience of collaborative access without the risk associated with consumer products. Enterprise encryption, auditing, tracking, permission controls, and automatic backups keep your information safe.

Use Case 2: Fostering Sales Collaboration
Sales teams often work under deadline, such as when creating a detailed customer request for proposal, a process that involves quickly changing versions that must be instantly shared with both internal and external parties. Additionally, the final output likely needs to be tied back to an opportunity ID in the organization’s CRM system. With Oracle Documents Cloud Service, automatic versioning and syncing ensures version integrity, and its ability to integrate with other Oracle Cloud services such as Oracle Sales Cloud means CRM opportunities won’t get lost.

Use Case 3: Support for Mobile Field Workers
Companies must ensure that mobile or field-site workers can easily and safely access documents—even those with sensitive company information—via a wide variety of devices, from smart phones to tablets and laptops. Oracle Documents Cloud Service provides that flexibility with native support for iPhones, iPads, and Android mobile devices, along with desktop sync for both Mac and Windows computers. Moreover, the ability to embed a user interface in applications, portals, or sites ensures that content can have limitless expressions as work dictates.

“As these use cases show, smart organizations want more than just a standalone file sync and share solution,” says Howley. “They want enterprise-grade security, control, and integration for cloud content sharing.”

To learn more about Oracle Documents Cloud Service, register today for the Oracle Documents Cloud Service executive webcast featuring Oracle CIO Mark Sunday and visit for more information.

Wednesday Apr 29, 2015

On PaaS, Mobile Security, Cloud Content Sharing: April Newsletter is Out

The April edition of the Fusion Middleware newsletter is now out. This edition is all about Digital Transformation. Find out how Platform as a Service (PaaS) is driving the digital revolution and get access to the latest IDC report on the PaaS market, business drivers, benefits and more. As personal and work boundaries blur in the digital age, organizations are getting increasingly concerned about security. The challenges is more acute with trends like Bring Your Own Devices (BYOD)and even Bring Your Own Applications (BYOA). How do you open your company without incurring the security risks? Find out how Mobile Security can help protect your IP, your brand reputation while still enabling a digital trend. And, we continue our ongoing series of Cloud Computing use cases. In this edition, we take a closer look at cloud content sharing and collaboration. Oracle Documents Cloud Service (OracleDOCS)  is an enterprise grade solution that not only offers the intuitive features of cloud file sync and share but to support the various use cases drives a PaaS for SaaS solution allowing you to unlock your company potential. be sure to give it a read to understand how enterprises today are leveraging OracleDOCS.

The newsletter comes complete with news, recent press announcements, information about upcoming events both regional and online, latest market and product materials, and more so don't miss it. And we recommend you subscribe to the newsletter today.

Monday Apr 27, 2015

JD Edwards EnterpriseOne Mobile Enterprise Applications and Learning Oracle MAF

The JD Edwards team has been rocking the mobile scene with numerous mobile applications built on Oracle MAF. There's a new Oracle MAF learning stream here. And noting a quick intro below, a new JD Edwards EnterpriseOne implementation guide.

JD Edwards EnterpriseOne mobile enterprise applications offer users the ability to access and update important business data directly from a mobile tablet or smartphone device. Using Oracle's MAF (Mobile Application Framework) Mobile technology, JD Edwards EnterpriseOne has developed the following mobile applications:

  • Asset Lifecycle Management (ALM)
  • Customer Relationship Management (CRM)
  • Financial Management Solutions (FMS)
  • Health and Safety (HSE)
  • Human Capital Management Fundamentals
  • Project Management
  • Supply Chain Management and Manufacturing
  • Supply Management

Follow @OracleMobile

Friday Apr 24, 2015

Test Drive Oracle’s Application Platform as a Service Solution

By Yoav Eilat-Oracle on Apr 22, 2015

We've just launched a new set of workshops in several U.S. cities: Oracle Platform as a Service for Application Development.

It’s another opportunity to test drive new Oracle Enterprise Manager capabilities, but it goes far beyond Enterprise Manager. This time we focus on Java development and testing in the private and public cloud, and the cloud operations needed to support them.

So bring your laptop, connect to our live environment and try it for yourself!

The day begins with an overview of APaaS benefits and the architectural choices for building your enterprise private or public cloud (or both). You then use step-by-step workbooks that guide you through creating an application platform / middleware cloud environment. The event is perfect for application developers, IT managers and anyone developing, testing and deploying Java applications.

The time is evenly split between private and public cloud labs. These are the workbooks we’ll go through:

· Middleware as a Service

· SOA as a Service

· Fusion Middleware Provisioning

· Creating and Exploring Java Cloud Service

· Building and Deploying an Application with Java Cloud Service

· Managing Java Cloud Service Operations

Looks interesting? Register for an event near you.

Tuesday Apr 21, 2015

Webcast: Develop in the Cloud, For the Cloud

As part of the Oracle Cloud Developer Webcast Series, an upcoming session on April 30 will showcase Oracle's new Developer Cloud Service [DCS]. DCS provides you with a turnkey, secure development platform hosted in the cloud. This session will show you how you can have a complete DevOps solution spun-up within seconds, providing you everything you need to design, develop, build and deploy your applications in the cloud with team collaboration at the heart of it all.

Register Now!
April 30, 9am PT
The Developer Cloud Service product team has just delivered it's latest version, 15.2.2, delivering a feature rich DevOps solution including a New Web UI with support for responsive design. This session consists of both slides and a product demonstration covering the latest release of DCS. For all the specific details of this new release please check out the recent blog post.

Monday Apr 20, 2015

Mobile Cloud Service - Avoiding Apphazard Mobile Delivery

By Ian Wallis, Moble Technical Director, Oracle EMEA

IT organizations are reporting that their traditional three tier architectures are straining to support the needs of mobile users both for customers and employees. And why is this you ask? Well I believe there are many factors causing mobile to stretch and stress traditional IT, a few are listed below:

  • Change – the rate of change in mobile is high with a continuous stream of new devices, features, form factors, operating systems and updates.
  • Innovation – mobile devices can do unique activities such as measure, hear, smell, respond to movement, touch and gesture and many more
  • Connection –the need to handle less reliable connections such as 3G, Edge, GPRS and public WIFI networks
  • Personalisation – mobile devices are personal and apps need the right info at the right place at the right time to avoid being highly intrusive
  • Communication – a trend towards smart endpoints and simple messaging rather than centralized systems and orchestration models
  • Speed of continuous delivery – with the move to Agile development and DevOps, picking the right tool and technology for the job is crucial to be able to work quickly and effectively
  • Processing and battery life - mobile applications work best with simple REST based services rather than more heavy weight XML Web Services which are processor intensive
  • Scale – successful mobile apps can scale very quickly to a global audience of billions of smartphone users
  • Security – a completely new security model with different operating systems and devices, as well as controlling access to data and systems

This struggle has heralded the emergence of new IT delivery models to address the need for scalable mobile services. Services that can support a fragmented set of web and enterprise systems and technologies. Services that can be mashed up to form great mobile apps. One new category of technology is Mobile Backend as a Service (mBaaS). Not an ideal name, as an analyst recently pointed out at an event in Stockholm, asking: “Mobile Backend as a Service, is that even legal?”

Personally I prefer the term Mobile Cloud Services, which combines cloud and service integration with mobile-specific services such as offline functionality, data synchronization, push notifications, location and many others. These Services typically are built with cloud and mobile first in mind, and they leverage node.js infrastructure to provide mobile friendly services sometimes referred to as micro services or micro APIs.

Mobile Cloud Services need to cater for the diverse set of personas involved in developing mobile applications. New roles like Mobile Experience Designer, Producer, Mobile App Developer, Micro Service DeveloperData Scientist and DevOps Engineer have emerged, and these roles need to collaborate, working in parallel rather than sequentially. This includes the ability to create re-usable libraries of mobile services to fast track app development.

Over time I predict that the capabilities supported by  Mobile Cloud Services expanding to include a range of devices an "things" that are well beyond our current understanding of mobile.

Start considering Mobile Cloud Services to avoid the risk of haphazard mobile delivery. To download our eBook on Oracle Mobile Cloud Service, click here.

Follow us @OracleMobile 

Thursday Apr 16, 2015

5 Reasons to Register for Oracle CloudWorld Today

By Ancy Dow

Coming to a city near you is a series of truly exciting, groundbreaking events on how to leverage a modern cloud to become a modern business. In an increasingly hyper-connected world, those who are the first to successfully embrace the cloud will be the first to market, and the first to win.

Here are the top 5 reasons why CloudWorld is crucial for any and all technical or line of business decision-makers who want to drive transformational change, enterprise performance, and innovation by taking advantage of the world’s most cutting-edge technology.

1. Insightful Keynotes with the top Industry Leaders. Listen to Oracle President of Product Development Thomas Kurian discuss Oracle’s overall Cloud strategy, as well as a whole host of the industry’s most respected leaders and analysts in Cloud architecture.

2. Thought Leadership Translated into Real-world Case Studies. Hear from customers and industry experts on why Oracle is the leader in supporting Cloud applications, hear how others have leveraged Oracle Cloud solutions to maximize IT efficiency and business agility, and understand actual use cases and implementations.

3. Hands-On Demos. Experience 8+ Onsite Demos around our latest PaaS cloud services from Oracle, including Database, Java, Mobile, Integration, Process, Documents, BI and more. 

4. Dedicated Tracks Tailored to Your Line of Business. Experience dedicated PaaS Solution Tracks, focused on Senior IT leaders, Development leaders, partners, and Line of Business users, supporting Database, Java, Mobile, Integration, Process, Documents, BI and more. These are transformative deep-dive sessions that are dedicated to highly specific personas and thus extremely relevant, specific to customers’ day-to-days, and full of immediately applicable strategies.

5. Network with Industry Experts and Fellow Professionals. Build your network with some of the top leaders and peers in your industry.

These exciting events have already taken place in Chicago, Beijing, Frankfurt, Moscow, Melbourne, NYC, New Delhi, Mumbai, Tokyo, Buenos Aires and more. The next CloudWorld’s are coming up rapidly—and also with immense global reach. Look for additional locations to be announced soon here. Be sure to reserve your spot today as seats are filling up quickly:

San Jose, US April 30, 2015 Register Now

Mexico City, Mexico July 9, 2015 Register Now

These are definitely a events you won’t want to miss, so see you there!

· Paris, April 14

Monday Apr 13, 2015

How to implement iBeacon in Oracle Mobile Application Framework

Want to alert your customer to a special loyalty discount offer when they enter the menswear department in one of your retail stores?  Want to present information about a famous artist’s life when a visitor to your museum nears one of the artist’s paintings?  These are just two of the many real-world scenarios made possible by the use of iBeacon technology.

This blog post provides an introduction to iBeacon technology and a description of how to build two different MAF apps – one that pretends to be an iBeacon and another that detects iBeacons and uses the local notifications functionality provided in MAF 2.1.1 to inform the user, even when the app isn’t even running.

To deploy these apps to iOS devices you will need an iOS developer account.

What is a beacon?

A beacon is a device that is intentionally conspicuous to draw attention to a location, such as a lighthouse sitting on the edge of a cliff. 

In in the Internet of Things (or IoT), a beacon is a small electronic device that transmits a regular radio signal according to the Bluetooth v4 Low Energy spec (otherwise known as “BLE”).  A beacon typically does no more than advertise its existence by transmitting a unique identifier and can last for months on a single cell battery.

Any BLE-enabled device, such as a modern smartphone, can detect a beacon by listening for BLE-based transmissions.

Whilst the possibilities appear endless, typical applications for beacons currently include retail stores, exhibition halls, museums, places of employment and homes, where users can be alerted to information pertaining to their current location within a building.

What is (an) iBeacon?

iBeacon is a technology introduced by Apple in iOS 7 that defines a standard for how a beacon identifies itself (or “advertises”) in its BLE transmissions.  Any beacon that implements this standard can be called an iBeacon.

Most beacon manufacturers implement the iBeacon standard by default, whilst some can also be configured to use their own proprietary protocol.  It’s also possible to configure a post-2012 iOS device, or Mac running OS X Mavericks (not Yosemite), to act as an iBeacon.

Whilst the iBeacon technology is included in the iOS Core Location framework since iOS 7, any BLE-enabled device can detect iBeacons and various libraries exist for use on devices running Android 4.3 or above.

How does iBeacon work?

The iBeacon standard defines three properties that determine a beacon’s identity:

  • A proximity UUID (universally unique identifier), which is a 128-bit value that uniquely identifies one or more beacons as a certain type or from a certain organization.
  • A major value, which is a 16-bit unsigned integer that can be used to group related beacons that have the same proximity UUID.
  • A minor value, which is a 16-bit unsigned integer that differentiates beacons with the same proximity UUID and major value.

Every iBeacon must advertise a proximity UUID, whilst the advertisement of major and minor values is optional.  All beacon manufacturers allow customers to modify these values on their purchased beacons.

A typical iBeacon deployment (e.g. within a retail store chain) would see all beacons advertising the same proximity UUID, those in a particular location (e.g. a single store) advertising the same major value, and the minor values being used to uniquely identify each beacon.

When using iOS Location Services, an app wishing to detect iBeacons must start by monitoring for an iBeacon region.  A region is defined by the proximity UUID and optionally major and minor values, and can therefore represent one or more beacons.  Consider an app for a retail store chain that monitors for a region defined only by the proximity UUID.  This app will be notified when any of the retain chain’s beacons are detected.  Alternatively, if the region being monitored is defined by proximity UUID and major value, the app might only be notified when a beacon from a particular store (represented by the major value) is detected.

Once an app has been launched and the user has given permission for the app to monitor for beacons, the app will be notified when the device enters a beacon region that is being monitored, even if the app is not running and even if the device has been restarted.  If the app is not running, iOS launches the app for a short period (around 10 seconds), allowing the app to receive and react to the event.  Typically, the app fires an immediate local notification to notify the user.

When a user’s device enters a beacon region, the app can start ranging for individual beacons within the region to determine its relative proximity to each beacon.  This is used to determine when the user is in the immediate proximity of a particular beacon, so that information related to that beacon can be displayed to the user.  The relative proximity is an approximation that can be affected by physical objects including walls, water and the human body.  Most beacon manufacturers allow customers to modify the transmission power and advertising interval on their purchased beacons, so as to fine-tune the distance at which the relative proximity is considered ‘immediate’.

When iOS Location Services determines that it can no longer detect any beacons in the region, it notifies the app that the beacon region has been exited.  In practice, I’ve found that this takes around 30 seconds, but some bloggers have reported much longer times.

Libraries exist for Android that provide similar functionality to iOS Location Services, but I have not explored these (yet).

How to create an iBeacon client app

Click here to continue reading the full post. 

Wednesday Apr 08, 2015

Reduce your commute, mobile apps make for efficient motoring

Posting on behalf of Ian Wallis, Mobile Technical Director EMEA

Posting on behalf of Ian Wallis, Mobile Technical Director EMEA

For an entire week I would wake up in a sweat, feeling disconnected from the world, rush into work, disorientated, feeling like I had lost my bearings, turning up to meetings late or going to the wrong locations, missing calls and emails and finally heading to bed at the end of the day frustrated and exhausted. You are probably wondering whether I am suffering from some form of mid-life crisis? Alas, this was something far more ominous, as for one week I experienced the panic of not having a smartphone to hand while I waited for the delivery of a new iPhone.

The biggest impact was felt on my commute into work. Normally my commute takes an hour during peak traffic. Usually I would have the benefit of a mobile app called Waze to guide and advise me through the maze of back routes in Surrey and Berkshire to get to Oracle’s Thames Valley Park. You can imagine my frustration as I spent an average of 1h 35 minutes commuting into work last week. At each traffic jam my blood pressure would rise as I imagined my alter-ego sailing past these points of congestion using the wonderful navigational recommendations provided by Google and Waze.

By using the Waze app I gain a 35% reduction in my commute time. Can you imagine the increase in personal efficiency if every car commute in the UK was cut by say 20%! We are talking about 16m people in the UK saving an average of eleven minutes a day, which equates to almost 3 million hours saved sitting in traffic and burning fuel at a litre per hour! I would have gained over 2.5 hours per week, 140 hours each year. By adopting mobile technology the potential social impact and economic gain in efficiency is utterly remarkable.

This is just one example of how mobile can become a key facet of getting through the day, reducing pressure and increasing overall personal efficiency. It also indicates how we are becoming more dependent on mobile services.

Oracle has recently researched “Millennials and Mobility: how businesses can tap into the app generation” and this research points to how important it is for enterprises to incorporate mobile into their offerings. If you are not engaging and advising customers and employees in the appropriate manner and at the right time, I can assure you that some other app will be.

By using the power of cloud services and drawing on the huge amount of data mobile generates to build engaging experiences, mobile can guide us to be more efficient and effective in our day-to-day activities. All enterprises should focus on how to leverage mobile or risk getting stuck in traffic. 

Monday Mar 23, 2015

Mobile App for Approvals for EBS 1.2.0 on iOS and Android

Reposting below for another cool new mobile app from Oracle, which btw, was built using Oracle Mobile Application Framework. Follow us @OracleMobile


Oracle Mobile Approvals for Oracle E-Business Suite lets you respond on-the-go to your pending approval requests. From your phone, anywhere and anytime, take quick action on approval requests for expenses, requisitions, purchase orders, recruitment vacancies and offers, and more.

- Quickly filter approval requests by sender or subject
- Review at a glance header and line item details, action history, and comments
- Approve or reject with or without comments, or request more information

Oracle Mobile Approvals for Oracle E-Business Suite is compatible with Oracle E-Business Suite 12.1.3 and 12.2.3 and above. To use this app, you must be a user of Oracle E-Business Suite, with mobile services configured on the server side by your administrator. For information on how to configure mobile services on the server and for app-specific information, see My Oracle Support Note 1641772.1 at



Oracle Mobile Approvals for Oracle E-Business Suite 1.2.0 is available on Apple's iTunes Store and Google Play Store for download.

This app works against Oracle E-Business Suite Release 12.1.3 and above and 12.2.3 and above.


Oracle Mobile Approvals requires set up on Oracle E-Business Suite instance to support connections from the mobile app. Following patches are required to be applied.

Android Screens

Additional Resources

Monday Mar 16, 2015

Vegas, Baby!

No, I'm not going to Vegas. At least not yet. The poker lessons have been getting the better of me lately.  :-)

But you know what's cool about LV? The new City of Las Vegas application.  That's right, the new version of the City of Las Vegas app is built using Oracle Mobile Application Framework. (MAF) And since they used MAF, they built it once, and deployed it on both iOS and Android.

 You can find parking, where the food trucks are located, catch the latest news and if you're a local, report an incident that you want the city to look into.  It's nice the city makes an effort to reach out to locals and visitors. And if you're planning to go to this year's Collaborate 15, you should definitely check it out.

What else is cool you ask? I'm glad you asked. Below are a couple of research links from Ovum covering Oracle MAF.  Check them out.

Monday Mar 09, 2015

Barcelona, Mobile World Congress, and 93,000


That’s how many visitors came to this year’s Mobile World Congress in Barcelona last week. With 8.1 halls, each of which was the size of Moscone South's usual exhibit hall - that’s a big show! And Barcelona, what a gorgeous city. It’s no wonder Picasso spent so much time between Barcelona and Paris.

While I didn’t get a chance to see Zuck chat up, I did get a chance to meet customers excited to hear about Oracle Mobile Platform. In particular, the upcoming release of Oracle Mobile Cloud Service was a highlight of our demos. Not to say that Oracle Mobile Security Suite and Oracle Mobile Application Framework didn’t also stand out - they held their own in terms of interest, but the upcoming cloud service is a mobile game changer.

If you’re unfamiliar, Oracle Mobile Cloud Service is an enterprise Mobile Backend as a Service (MBaaS) that makes it easy to rapidly build mobile apps that access backend systems. As a cloud based platform  client and server side developers can easily collaborate. MCS offers built in mobile analytics so managers can fine tune access and gain insight of all their mobile deployments. Common mobile services such as security, data storage, sync and push notifications are standard making mobile development and deployment easier than ever. 

I just wish we could have shown it to all 93,000 attendees. Maybe next year. But if you can't wait, catch the upcoming Oracle Cloud Day in San Jose on April 30th.

Sunday Mar 01, 2015

New! Establishing a Mobile Security Architecture

Excerpts from a recent publishing.

Beyond Brute Force: 3 User-Friendly Strategies for BYOD Security*

In 1825 a painter named Samuel Morse was visiting New York City to fulfill a portrait commission and received word that his wife—at home in Washington, D.C.—had fallen gravely ill. The following day, another messenger brought heartbreaking news: Morse’s wife had died from her illness. Morse rushed home as fast as nineteenth-century transit could carry him but arrived to find his wife already in her grave. This devastating series of events led Morse to dedicate the remainder of his life to finding a means of rapid communication over long distances—eventually leading to the creation of the single-line telegraph and Morse code.

In 2014 Morse’s tragic episode underscores some of the forces mobile workers are still facing today. We are working longer hours than previous generations, many of us at greater distances from those we love. Our smartphones bring us closer (expanding Morse’s vision) with the people we care about, being no more than a voice call, e-mail, text message, or Facebook wall post away. As a result, personal and work communications are intersecting, with 89 percent of employees today using personal mobile devices at work or using their work devices for personal applications.

The phenomenon of Bring Your Own Device (BYOD) to work gives employees a kind of comfort Morse never knew, but it makes CIOs and CSOs uneasy, sparking concerns about protecting corporate data and preventing unauthorized access to internal systems. These fears are not unfounded: recent statistics show that cell phone theft has created a $US30 billion black-market economy. In San Francisco alone, 50 percent of all robberies are cell phone thefts. It is not a matter of if but when a personal device with your corporate data will fall into the wrong hands.

Download and read the rest here.

Tuesday Feb 24, 2015

Standards Corner: A 'Robust' Schema Approach for SCIM

Last week, I had a question last week about SCIM's (System for Cross-domain Identity Management).  How does the working group recommend handling message validation? Doesn't SCIM have a formal schema?

To be able to answer that question, I began to realize that the question was about a different style of schema than SCIM supports. The question was assuming that “schema” is defined how XML defines schema as a way to validate documents.

Rather than focus on validation, SCIM’s model for schema is closer to what one would describe as a database schema much like many other identity management directory systems of the past. Yet, SCIM isn't necessarily a new web protocol to access a directory. It is also for web applications to enable easy provisioning. The SCIM schema model is "behavioural" - it defines the attributes and associated attribute qualities a particular server supports. Do clients need to discover schema? Generally speaking they do not. Let’s take a closer look at schema in general and how SCIM’s approach supports cross-domain schema issues.

[Read More]

Monday Feb 23, 2015

Enabling Mobile Application Management with Secure Enterprise Single Sign On


Oracle Mobile Security Suite (OMSS) addresses BYOD challenges by isolating corporate from personal data on consumers’ personal mobile devices without needing to lockdown the entire device. Using a technique called containerization; the Oracle Mobile Security Suite creates a Secure Workspace (SWS) in which corporate applications,email and data are stored. Only authenticated users can access the secure workspace to run applications and access data and only applications provisioned or approved by corporate IT can be installed and executed from within this secure workspace. If the device is lost or stolen, corporate IT can remotely wipe the secure workspace without affecting any personal data.

The OMSS Secure Workspace (SWS) leverages OAM infrastructure for secure authentication (or even strong authentication/risk based access in the upcoming PS3 release) and seamless single sign on to corporate resources for all containerized apps. In this blog post I'll describe how the OAM Mobile & Social (M&S) OAuth Service allows OAM to provide secure authentication and enterprise single sign on to Oracle's Mobile Secure Workspace (SWS) .

How it Works

In order for the Mobile Security Access Server (MSAS) to authenticate users against Oracle Access Manager and retrieve Oracle Access Manager and OAuth tokens for integrated single sign on, the Mobile Security Access Server (MSAS) is registered as an OAuth Client with the M&S OAuth Service. In the current PS2 release we support the Confidential Client OAuth flow only; however in the upcoming PS3 release we will support Dynamic Client Registration as well.

Confidential Client Flow - In this flow MSAS is the OAuth 2.0 Confidential Client and M&S is the OAuth Server as well as the Resource Server. MSAS uses the clientid and secret entered in the container as confidential credentials for this flow. The confidential client first obtains an JWT User Token (referred to as User Identity Assertion) using this clientid, secret and the userid and password entered by the user in the secure workspace. The confidential client then obtains an OAuth2.0 Access Token using a standard OAuth 2.0 JWT user assertion flow on behalf of the resource owner. The OAM Tokens to access 11g or 10g protected resources are then obtained using the extension OAM Credential grant type using this JWT User Token. MSAS stores the encrypted JWT UT and the OAM MT (corresponds to an OAM_ID cookie for OAM protected web resources) in an STOKEN which is returned to the secure workspace app. This allows an authenticated secure workspace app user to single sign on to OAM protected resources with the OAM MT in the STOKEN and to any OAM OAuth REST interface using the JWT UT in the STOKEN.

Dynamic Client Registration - In this authentication model, a workspace is dynamically registered with M&S through MSAS and the workspace itself obtains the JWT Client Token after successful workspace registration. Compare this to the Confidential Client Flow flow above where the workspace app uses the client credential of MSAS. The registration of the workspace basically involves app and device profile attributes to be automatically sent to the M&S OAuth Server which creates a JWT Client token based on the unique "fingerprint" specific to the app and the device of the workspace app. The rest of the flow is similar where the workspace app itself is the OAuth Client (mobile OAuth client) and M&S is the OAuth Server as well as the Resource Server. In this flow we support step up authentication (using KBA or OTP) and device context based fine grained authorization during both user authentication to the workspace app and subsequent single sign on to corporate resources from any of the containerized apps. This is now possible because M&S uses its built-in integration with OAAM (using the Security Handler Plugin) to perform risk analysis based on the device and app context now available in this authentication.


Get the latest on all things Middleware. Join Oracle's Middleware Community today.

Find Us on facebook Follow us on twitter Catch Us on YouTube 


« October 2015