Tuesday Sep 16, 2014

Oracle Identity Management: Customers Partners & OpenWorld 2014


Blog by: Eric Renaud, Senior Product Manager, Oracle

Join Oracle, our partners and customers at Oracle OpenWorld 2014 as we relate experiences with and demonstrate how Oracle's Identity Management solutions increase security and allow companies to homogenize and defragment identity information and services, which can result in faster deployment times, faster upgrades, and lower cost of ownership by providing consistent access controls and an optimized user experience across the extended enterprise. To help organizations offer more digital services, Oracle Identity Management provides the foundation to connect to the internet value chain and economies of scale to manage users across all channels of interaction including cloud, mobile, and social.

Listen in customer led sessions and hear about real world implementations of Oracle Identity Management solutions across multiple markets in these and more sessions with Oracle partners and customers.

Session

Partner/Customer

Ready for the Digital Economy? Oracle’s Vision of How Identity Helps

Intuit, Safeway

Identity as a Service: 
Extend Enterprise Controls and Identity to the Cloud

Intuit

Securing the New Perimeter: Strategies for Mobile Application Security

AurionPro

Customer Success Stories: 
How to Eliminate the Blind Spots in Enterprise Risk

Qualcomm, UL, Jeffries

Identity Governance Across the Extended Enterprise

Visa, SPAR, Dewpoint Inc.

The Age of Megavolume: 
Oracle’s Next-Generation Directory and Future Strategy

Qualcomm, City of Los Angeles

There and Back Again: Journey to a Successful Deployment

Deloitte & Touche LLP, Aptec LLC

Securing Oracle Applications and the Extended Enterprise with IdM

Simeio Solutions, Sony Computer Entertainment Amercia

Learn from the expert as they demonstrate the Identity Management solutions that can help reduce complexity and risk while lowering costs and providing improved user experiences. See all the Identity Management demos at OOW14 here.

Demo

Location

Identity Management for the Cloud

Moscone South, Left - SLM-123

Identity Management Monitoring with Enterprise Manager 12c

Moscone South, Left - SLM-141

Oracle Mobile Security Suite: Secure Enterprise Applications

Moscone South, Left - SLM-136

Oracle Mobile Security Suite: Enable Secure Access to B2C Applications

Moscone South, Left - SLM-134

Access Management: Complete, Intelligent, and Scalable

Moscone South, Left - SLM-121

Access Management: External Fine-Grained Authorization

Moscone South, Left - SLM-122

Identity Governance: Increased Productivity with Business-Friendly Self-Service

Moscone South, Left - SLM-143

Identity Management executives and experts will be readily available for discussions and follow ups. Don’t forget to catch live demonstrations of our complete Oracle Identity Management solutions set while at OpenWorld.

To maximize your attendance at
Oracle OpenWorld 2014, running in San Francisco, CA from September 28th to October 2nd, be sure to review the complete listing of Oracle Identity Management Sessions and Demos. The Schedule Builder is an invaluable tool to use when plan your visit to the conference. Be sure to pre-enroll in sessions of your interest as rooms can fill up. You can search identity management sessions using the term “identity+management” in the Content Catalog

Before and during, follow the conversation about Oracle OpenWorld 2014 on Twitter with #OOW14 and, as always, engage with us @oracleidm and follow the Identity Managment blog. We hope to see you there!

Tuesday Aug 19, 2014

Oracle Identity Manager Role Management With API

As an administrator, you use roles to create and manage the records of a collection of users to whom you want to permit access to common functionality, such as access rights, roles, or permissions.

Roles can be independent of an organization, span multiple organizations, or contain users from a single organization.

Using roles, you can:

  • View the menu items that the users can access through Oracle Identity Manager Administration Web interface.

  • Assign users to roles.

  • Assign a role to a parent role

  • Designate status to the users so that they can specify defined responses for process tasks.

  • Modify permissions on data objects.

  • Designate role administrators to perform actions on roles, such as enabling members of another role to assign users to the current role, revoke members from current role and so on.

  • Designate provisioning policies for a role. These policies determine if a resource object is to be provisioned to or requested for a member of the role.

  • Assign or remove membership rules to or from the role. These rules determine which users can be assigned/removed as direct membership to/from the role.


 In this post, i will share some examples for role management with Oracle Identity Management API.  You can do role operations you can use Thor.API.Operations.tcGroupOperationsIntf interface.

tcGroupOperationsIntf service =  getClient().getService(tcGroupOperationsIntf.class);   

 Assign an user to role : 

  public void assignRoleByUsrKey(String roleName, String usrKey) throws Exception {

        Map<String, String> filter = new HashMap<String, String>();

        filter.put("Groups.Role Name", roleName);

        tcResultSet role = service.findGroups(filter);

        String groupKey = role.getStringValue("Groups.Key");

        service.addMemberUser(Long.parseLong(groupKey), Long.parseLong(usrKey));

    }

 Revoke an user from role:

    public void revokeRoleByUsrKey(String roleName, String usrKey) throws Exception {

        Map<String, String> filter = new HashMap<String, String>();

        filter.put("Groups.Role Name", roleName);

        tcResultSet role = service.findGroups(filter);

        String groupKey = role.getStringValue("Groups.Key");

        service.removeMemberUser(Long.parseLong(groupKey), Long.parseLong(usrKey));

    }

Get all members of a role : 

    public List<User> getRoleMembers(String roleName) throws Exception {

        List<User> userList = new ArrayList<User>();

        Map<String, String> filter = new HashMap<String, String>();

        filter.put("Groups.Role Name", roleName);

        tcResultSet role = service.findGroups(filter);

      String groupKey = role.getStringValue("Groups.Key");

        tcResultSet members = service.getAllMemberUsers(Long.parseLong(groupKey));

        for (int i = 0; i < members.getRowCount(); i++) {

                members.goToRow(i);

                long userKey = members.getLongValue("Users.Key");

                User member = oimUserManager.findUserByUserKey(String.valueOf(userKey));

                userList.add(member);

        }

       return userList;

    }


About me:

Mustafa Kaya is a Senior Consultant in Oracle Fusion Middleware Team, living in Istanbul. Before coming to Oracle, he worked in teams developing web applications and backend services at a telco company. He is a Java technology enthusiast, software engineer and addicted to learn new technologies,develop new ideas.

Follow Mustafa on Twitter,Connect on LinkedIn, and visit his site for Oracle Fusion Middleware related tips.

Tuesday Jul 15, 2014

Oracle Identity Manager Developing Custom Scheduled Tasks

Oracle Identity Manager contains a set of predefined tasks that can be scheduled as job runs. OIM also provides the capability of creating your own scheduled tasks. You can create scheduled tasks according to your requirements if none of the predefined scheduled tasks fit your needs.You can develop various scheduled task such as reconciliation, user expire date check and etc.

In this post, I will explain create a custom scheduled task for check user's expire date. This jobs send notification to user's manager two weeks before end date.

Steps for create new schedule tasks;

  1. Create schedule task java class.

This class extends from OIM API's oracle.iam.scheduler.vo.TaskSupport. And override execute method for processing logic based on your requirements.

public class ExpireCheckJob extends TaskSupport {

    public ExpireCheckJob() {

        super();

    }

    public void execute(HashMap hashMap) throws Exception{

        try{

             List<HashMap<String, String>> usrlist = new ArrayList<HashMap<String, String>>();

             usrlist = getusersExpireToday();

             for (int i = 0; i < usrlist.size(); i++) {

                     User userDetails = usrlist.get(i);

                     sendNotificationToUserManager(user);

             }  

        }catch(Exception e){

            e.printStackTrace();

        }

    }

    public HashMap getAttributes() {

        return null;

    }

    public void setAttributes() {

    }

2.Create the plugin.xml file.

<?xml version="1.0" encoding="UTF-8"?>
<oimplugins xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <plugins pluginpoint="oracle.iam.scheduler.vo.TaskSupport">
            <plugin pluginclass="com.oracle.oim.scheduledjobs.ExpireCheckJob" version="1.0" name="ExpireCheckJob"/>
     </plugins>
</oimplugins>

For example, you can configure a reconciliation run using a scheduled task that checks for new information on target systems periodically and replicates the data in Oracle Identity Manager.

 3.  Create a plugin.zip file which contains jar and plugin.xml

plugin/
lib/
PLUGIN.JAR

plugin.xml

4. Copy this zip file to OIM_HOME/server/plugins

5.  Copy jar file to OIM_HOME/server/ScheduleTask

6.  Configuring the schedule task xml file

This xml defines schedule task information.

<?xml version="1.0" encoding="UTF-8"?>
<xl-ddm-data version="2.0.1.0" user="XELSYSADM" database="jdbc:oracle:thin:@trkist01-odb-01:1521/MIDM" exported-date="1342018530943" description="ExpireCheckJob">
     <scheduledTask repo-type="MDS" name="ExpireCheckJob" mds-path="/db" mds-file="ExpireCheckJob.xml">
          <completeXml>
               <scheduledTasks xmlns="http://xmlns.oracle.com/oim/scheduler">
                    <task>
                         <name>ItAuthExpireCheckJob</name>
                         <class>com.oracle.oim.scheduledjobs.ExpireCheckJob</class>
                         <description>ExpireCheckJob</description>
                         <retry>1</retry>
                    </task>
               </scheduledTasks>
          </completeXml>
     </scheduledTask>
</xl-ddm-data>

Import the schedule task xml file via OIM Sysadmin console.

7.Create a new schedule task from OIM Sysadmin console.


First log in to Oracle Identity System Administration with the appropriate credentials.

1.In the left pane, under System Management, click Scheduler. The Advanced Administration is displayed with the Scheduler section in the System Management tab active. 

2. On the left pane, from the Actions menu, select Create. Alternatively, you can click the icon with the plus (+) sign beside the View list.

Job Name: Enter a name for the job.For our example : Expire Date Check

Task: Specify the name of the scheduled task that runs the job. For our example : ExpireDateCheckJob

* To search and specify a scheduled task:

1. Click the magnifying glass icon next to this field.

3. In the Search and Select : Scheduled Task dialog box, specify a search criterion for the scheduled task and click the icon next to Search field.A list of all scheduled tasks that meet the search criterion is displayed.

1. From this list, select the scheduled task that runs the job being created, and then click Confirm.


Start Date: Specify the date and time on which you want the job to run. To do this, select the date and time along with timezone from the date editor and click Ok. By default, the timezone is "(UTC-08:00) US Pacific Time".

Retries: Retry count is used to manage the job in case of failure. A job cannot execute more than its retry count if it fails consecutively. The job is disabled if it fails consecutively till its retry count is exhausted. The job must be enabled from the UI for further execution.

Schedule Type: Depending on the frequency at which you want the job to run, select one of the following schedule types:

Periodic: Select this option if you want the job to be run at a time that you specify, on a repeating basis. If you select this option, then you must enter an integer value in the Run every field under the Job Periodic Settings section and select one of the following values:

 - mins
                         - hrs
                         - days

Cron: Select this option if you want the job to be run at a particular interval on a recurring basis. For example, you can create a job that must run at 8:00 A.M. every Monday through Friday or at 1:30 A.M. every last Friday of the month.

* The recurrence of the job must be specified in the Cron Settings section. In the Recurring Interval field, you can select any of the following values:
- Daily
- Weekly
- Monthly on given dates
- Monthly on given weekdays
- Yearly
After selecting a value, you can enter an integer value in the Days between runs field.

Single: Select this option if the job is to be run only once at the specified start date and time.


  No pre-defined schedule: This option specifies that no schedule is attached to the job you are creating, and therefore, it is not triggered automatically. As a result, the only option to trigger the job is by clicking Save and Run Now.


About me:

Mustafa Kaya is a Senior Consultant in Oracle Fusion Middleware Team, living in Istanbul. Before coming to Oracle, he worked in teams developing web applications and backend services at a telco company. He is a Java technology enthusiast, software engineer and addicted to learn new technologies,develop new ideas.

Follow Mustafa on Twitter,Connect on LinkedIn, and visit his site for Oracle Fusion Middleware related tips.

Tuesday Jun 17, 2014

Oracle Identity Manager Custom Event Handler

In an Identity Management system, any action performed by a user or system is called an operation. Examples of operations are creating users, modifying roles, and creating password policies. The process of any Oracle Identity Manager operation that goes through a predefined set of stages and executes some business logic in each stage is called an orchestration. The type of object that is changed by the orchestration is called an orchestration target. 

Orchestration is divided into predefined steps called stages. Every operation moves through these stages until it reaches finalization. Orchestration has the following stages:

  • Validation: Stage to perform validation on the orchestration, such as validity of orchestration parameters. Orchestration parameter is the data that is required to carry out the orchestration operation.
  • Preprocess: Stage to perform orchestration parameter manipulations or get approvals or perform Segregation of Duties (SoD) checks.
  • Action: Stage in which the action takes place.
  • Audit: Stage in which the auditing of operation is performed.
  • Postprocess: Stage in which consequent operations related to the current operation takes place. Examples of consequent operations are auto role membership and policy evaluation on a user creation.
  • Finalization: Last stage in the process to perform any clean up.

Oracle Identity Manager allows you to implement Service Provider Interfaces (SPIs) to customize the functionality of orchestration operations. Only customization of preprocess, postprocess, validation, and finalization stages of an operation in an entity orchestration is supported.

In my example, i will explain user enable operation. For example, we may want to change user's end-date when user's status change to enable.

1-) Develop custom event handler Java code.

For our example, I will use Postprocess stage therefore our class must be extended from oracle.iam.platform.kernel.spi.PostProcessHandler.

public class RoleUserEventManagement
  implements PostProcessHandler
{
private RoleUserEventProcessors roleUserEventProcessor;

  private RoleUserEventProcessors getRoleUserEventProcessor()
  {
    if (this.roleUserEventProcessor == null) {
      this.roleUserEventProcessor = new RoleUserEventProcessors();
    }

    return this.roleUserEventProcessor;
  }

  public void initialize(HashMap<String, String> arg0)
  {
  }

  public boolean cancel(long arg0, long arg1, AbstractGenericOrchestration arg2)
  {
    return false;
  }

  public void compensate(long arg0, long arg1, AbstractGenericOrchestration arg2)
  {
  }

  public EventResult execute(long processId, long eventId, Orchestration orchestration)
  {
    Utils.logger.error("[RoleUserEventManagement][execute] : Starting.");

    EventResult eventResult = new EventResult();
    String type = orchestration.getTarget().getType();
    Utils.logger.error("[RoleUserEventManagement][execute] type : " + type);

    if ("RoleUser".equalsIgnoreCase(type)) {
      try {
String operation = orchestration.getOperation();
             User user = getUserManager().getUser(processId, orchestration);
              if (UserManagerConstants.Operations.ENABLE.name().equalsIgnoreCase(operation)) {
                    updateUserEnddate(user);
               }

      } catch (Exception e) {
        eventResult.setFailureReason(e);
      }
    }

    return eventResult;
  }

  public BulkEventResult execute(long arg0, long arg1, BulkOrchestration arg2)
  {
    return null;
  }
}

2-) Create a jar.

Create a jar with custom event handler Java class. Jar must be include the following JAR files in the class path to compile a custom class:

From the OIM_ORACLE_HOME/server/platform/ directory:
  • iam-platform-kernel.jar
  • iam-platform-utils.jar
  • iam-platform-context.jar
  • iam-plaftorm-authz-service.jar
From the OIM_ORACLE_HOME/designconsole/lib/ directory:
  • oimclient.jar
  • xlAPI.jar

3-)  Define a XML file.

<?xml version = '1.0' encoding = 'UTF-8'?>
<xl-ddm-data version="2.0.1.0" user="XELSYSADM" database="jdbc:oracle:thin:@trkist01-odb-01:1521/MIDM" exported-date="1354621487559" description="RoleUserEventManagement">
     <eventhandlers repo-type="MDS" name="RoleUserEventManagement" mds-path="/db" mds-file="RoleUserEventManagement.xml">
          <completeXml>
               <eventhandlers xmlns="http://www.oracle.com/schema/oim/platform/kernel" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.oracle.com/schema/oim/platform/kernel orchestration-handlers.xsd">
                    <action-handler orch-target="oracle.iam.platform.kernel.vo.EntityOrchestration" class="com.mypackage.oim.plugins.events.RoleUserEventManagement" entity-type="RoleUser" operation="CREATE" name="RoleUserEventManagement" stage="postprocess" sync="TRUE" order="FIRST" />
               </eventhandlers>
          </completeXml>
     </eventhandlers>
</xl-ddm-data>

4-)  Create a plug-in zip file

  a.Define a plug-in XML.

<?xml version="1.0" encoding="UTF-8"?>
<oimplugins xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <plugins pluginpoint="oracle.iam.platform.kernel.spi.EventHandler">
         <plugin pluginclass="com.mypackage.oim.plugins.events.RoleUserEventManagement" version="1.0" name="RoleUserEventManagement"/>
     </plugins>
</oimplugins>

b.Package the plug-in XML and the JAR file that contains the custom class or classes into a plug-in ZIP file.

5-) Copy zip file to OIM_HOME/server/plugins directory.
6-) Register plug-in ZIP file.

You can use the Plugin Registration Utility for registering and unregistering plug-ins. The utility uses the following files:

  • pluginregistration.xml
  • ant.properties
These files are located in the OIM_HOME/plugin_utility/ directory.

Before using the utility, perform the following:

  1. Set the values for WLS_HOME and OIM_HOME in ant.properties.
  2. For example:

    WLS_HOME =.../middleware/wlserver_10.3

    OIM_HOME =..../middleware/Oracle_IDM1/server

    In addition, set the path for MW_HOME in the ant.properties file.

  3. Build the wlfullclient.jar in Oracle WebLogic server:
      1. Change directories to WLS_HOME/server/lib.
  4. Run the following command:
java -jar ../../../modules/com.bea.core.jarbuilder_1.3.0.0.jar

To register a plug-in:

  1. Execute the ant target "register":
  2. ant -f  pluginregistration.xml register
  3. This will prompt for the Oracle Identity Manager username and password along with the server information and the location of the plugin zip file. Enter the complete path of the zip file location.

About me:

Mustafa Kaya is a Senior Consultant in Oracle Fusion Middleware Team, living in Istanbul. Before coming to Oracle, he worked in teams developing web applications and backend services at a telco company. He is a Java technology enthusiast, software engineer and addicted to learn new technologies,develop new ideas.

Follow Mustafa on Twitter,Connect on LinkedIn, and visit his site for Oracle Fusion Middleware related tips.

Tuesday Apr 08, 2014

Send Notification With Oracle Identity Manager API

Information about events occurring in Oracle Identity Manager are required to be sent to various users, such as requesters, beneficiaries, or administrators. This information about events is sent by using the notification service in the form of notification e-mail messages. The notification service allows you to perform all notification-related operations in Oracle Identity Manager.

A notification template is used to send notifications. These templates contain variables that refer to available data to provide more context to the notifications. The channel through which a notification is sent is known as the notification provider. Examples of such channels are e-mail, Instant Messaging (IM), Short Message Service (SMS), and voice. To use these notification providers, Oracle Identity Manager uses Oracle User Messaging Service (UMS).

In some case, you need a custom notificaion process such as you can send notification after Active Directory Create User. I want to explain how you can send a notification any time with oim api.

1-) Create a notification template from Oracle Identity Manager Administration Console.

oim notification

2-) Develop send notification adapter code. (Add your classpath: oimclient.jar)

  private NotificationService notificationService;

  public NotificationService getNotificationService()

  {

    if (this.notificationService == null) {

      this.notificationService = ((NotificationService)Platform.getService(NotificationService.class));

    }

    return this.notificationService;

  }

  public void sendNotification(String receiverUserId, String templateName, HashMap<String, Object> templateParams)

    throws EventException, UnresolvedNotificationDataException, TemplateNotFoundException, MultipleTemplateException, NotificationResolverNotFoundException, UserDetailsNotFoundException, NotificationException

  {

    NotificationEvent event = new NotificationEvent();

    event.setUserIds(receiverUserId); // set OIM User Login parameter

    event.setTemplateName(templateName); // set OIM Notification template name. 

    event.setSender(null); 

    event.setParams(templateParams); // it's used for set some parameters in template.

    getNotificationService().notify(event); // send notification

  }

Template params use for send some dynamic variable in notificiation template. if you want to send information such as user login,password etc in notification, first you have to add variable with "$" character in notification template ($userLoginId) then set this variable with a HashMap in code.

3-) Create a process task adapter from design console and assign it after "AD User" Process Form, "Create User" task ,"SUCCESS" response. 

Mustafa Kaya is a Senior Consultant in Oracle Fusion Middleware Team, living in Istanbul. Before coming to Oracle, he worked in teams developing web applications and backend services at a telco company. He is a Java technology enthusiast, software engineer and addicted to learn new technologies,develop new ideas.

Follow Mustafa on Twitter,Connect on LinkedIn, and visit his site for Oracle Fusion Middleware related tips.

Wednesday Feb 19, 2014

Management of Oracle Database Authorization with Oracle Identity Manager

Oracle Identity Manager projects usually starts with management of user identity life-cycle from trusted resource to target systems. After completed user's identity management in first step second step is entitlement management of user's. For example role management of user's on Oracle Databases or Windows Servers or any custom applications.

I want to share my experience about management of Oracle Database authorization through Oracle Identity Manager in a project on this post.

We used three component for management of Oracle Database Authorization. These are Oracle Database Enterprise User Security(EUS), Oracle Unified Directory(OUD) and Oracle Identity Manager(OIM).  

Enterprise User Security enables you to centrally manage database users across the enterprise. This is a component of Oracle Database.

Oracle Unified Directory is a comprehensive next generation directory service that is designed to address large deployments, to provide high performance, to be highly extensive and to be easy to deploy, manage, and monitor. Oracle Unified Directory is used to role management integrated with Enterprise User Security.Integrating Oracle Unified Directory with Oracle's Enterprise User Security (EUS) enables you to store user identities in Oracle Unified Directory for Oracle Database authentication.

Oracle Identity Manager is used to management of Oracle Unified Directory user's life-cycle with right value and user's group.All of this process stars from Oracle Identity Manager and then insert user to OUD group or delete user from OUD group.So user will have rights via Oracle Unified Directory and Enterprise User Security.


Following steps explain integration of these three tools.

1- Enabling Oracle Unified Directory for Enterprise User Security by using Oracle Directory Services Manager(ODSM).

  • Connect to the directory server from ODSM.
  • Select the Home tab.
  • Under the Configuration menu, select Create Base DN.
  • On the Configuration Wizard, enter the details of the new suffix.
  • Select the EUS Enabled check box.
  • Click Create to add the new, EUS-enabled suffix.

2- After OUD has been enabled for EUS, you must update the realm information in the OUD configuration by performing the following steps:

  • Locate the LDIF template file at install_dir/config/EUS/modifyRealm.ldif.
  • Edit the modifyRealm.ldif file as follows:

-Replace dc=example,dc=com with the correct naming context for your server instance.

-Replace ou=people and ou=groups with the correct location of the user and group entries in your DIT.

  • Use the ldapmodify command to update the configuration with the edited LDIF template file, for example:

- $ ldapmodify -h localhost -p 4444 -D "cn=directory manager" -j pwd-file -v -f modifyRealm.ldif

3- Complete below configuration on Oracle Database

  • Configure your database for directory usage by using NetCA.
  • Register the database with the directory by using DBCA.
  • Creating a shared schema in the database.
  • Mapping enterprise users to the shared schema.

4-Install Oracle Internet Directory Connector to Oracle Identity Manager because of user provisioning to Oracle Unified Directory and manage groups so roles.

When complete all of above steps.First Enterprise User Security enabled on DB,then create DB roles -enterprise role- and map this roles to the Oracle Unified Directory global roles.And last manage user's Oracle database authorization with Oracle Identity Manager through Oracle Unified Directory.

P.S.: if you want to manage Oracle Database 9i you have to use Oracle Internet Directory instead of Oracle Unified Directory.

About me:

Mustafa Kaya is a Senior Consultant in Oracle Fusion Middleware Team, living in Istanbul. Before coming to Oracle, he worked in teams developing web applications and backend services at a telco company. He is a Java technology enthusiast, software engineer and addicted to learn new technologies,develop new ideas.

Follow Mustafa on Twitter,Connect on LinkedIn, and visit his site for Oracle Fusion Middleware related tips.

Wednesday Jan 22, 2014

The Application Security Manifesto – The Great App Re-Architecture

Author: Greg Jensen, Senior Principal Product Director

In our previous post in this series, we touched on the “State” of our current Applications and how we have traditionally incorporated security models into these applications in the past. We also touched on how the next generation of application requirements are evolving to incorporate a number of ground-breaking changes in how we leverage security within the application, and how we use the applications themselves.

The Great Application Re-Architecture

It has always been the great give and take in IT.  The lower IT product owner wants the most capable product, regardless of what the rest of the business is using, forgoing the possibility of cross pollination benefits. It’s about being able to do their job as well as one can.  The other side is, the executive who wants an integrated approach where multiple products from one vendor are designed with integration in mind, to cross pollinate data and information across teams. Individual product capabilities may not be as strong but the greater benefits of a single vendor approach sit better with executive teams.  This has been the struggle companies have been dealing with for decades and only recently is there a light at the end of the tunnel with the advent of an open framework based on an open standards approach for sharing information between “best of breed” products and vendors.  This allows the individual IT product owners to get the best of breed product they want, while the executive teams who look for cross-pollination and integration, reap the benefits of a standards-based method of integrating across the stack. 

So what is this gain?  This has allowed us to now look at a new methodology for the application and development of our Applications and the services that support it.  When we are able to de-bundle and share services such as security, rather than building security into every application, the benefit is obvious and immediate.  It means applications can be brought up in near real time, with a simple hook into the security module, using a standards based (Service Oriented Architecture - SOA) connection, to pull Identity profiles and policies into new applications.  This means one can now repeat this process again and again with new applications and services, without creating new security profiles and infrastructure. It’s all about repeatability, re-usability and the added benefit of centralizing all of your auditable data in one location for compliance-based reports.

The Five Transformational Principals

There are always drivers of transformation, and for applications, it can be summed up in five principals that are currently driving the transformation we are discussing: Fine-grained Entitlements, Identity Platform Services, Social Integration, Complete Access & Mobile/Cloud.

External Authorization & Fine Grained Entitlements

Today, access just isn’t about the managing passwords and user ID’s inside the enterprise anymore. We have to move beyond the old model of granting access privileges to specific repositories of information and for each application separately with the expectation that the role of the user never changes.  The reality is…it does.  Take the example of a group of users for a large investment bank.  You would like to treat your junior traders with more limited privileges that are based around restricting trading limits and times in which they can initiate trades.  However, as your junior traders grow in their careers within the organization, it is important that their access grows with them.  This means their access needs to change over time, rather than just being layered and added upon to ensure “over provisioning” does not occur over the course of an employee’s career.  At the same time, you’re most senior fund managers need to be given the authorization to perform larger transactions, day or night, without any daily limits, from any Geography, and from any device inside or outside the bank network. This is the kind of “context based” Identity Management that truly unlocks the potential of enforcing just what each employee role is capable of doing.

Identity Platform Services

Organizations are putting a major emphasis on cost reduction efforts, and there are many areas this is being accomplished throughout the enterprise. Common data repositories, common reporting systems, common event collection systems, common security information management tools and the next step is utilizing common security frameworks for externalizing the security from applications and platforms.  This has the added benefits of cost savings from a licensing standpoint, ramp up time on projects, training and overhead, and ability to re-use.  There are also secondary savings in reduced exposure to audits by centralizing all of the regulatory and compliance event data in one single location, one report, and one auditable database. 

Social Integration

Criminals understand well that one of today’s fastest trends is the use of “social sign-on” or the use of Facebook credentials for authenticating and logging into other applications and services.  We can create new accounts on a web site, or log in using our Facebook credentials.  This is all in the name of making things more convenient. A form of “single sign-on” for the masses, called “social sign-on”.  How often do we read about social credentials being stolen, compromised and being taken advantage of, so why are we putting so much faith in them without extra precautions?  Imagine what one can do with these social credentials if one used them across a variety of services and offerings for authentication?  This is why there needs to be an additional effort in securing these social credentials, by absorbing them within a broader Identity that is provisioned to you, that is more secure.

Complete Access

This takes us to how we can expand all of our digital identities, user identities, passwords and more into a single set of credentials that one has to remember and authenticate.  Now to the average person, this sounds like a risk.  In the world of Single Sign-on, we are more likely to change our master password every 30 days, than we are the 30-40 passwords that it manages underneath.  Criminals understand that many users are likely using the same Gmail password today, that they did 1 year ago.  Many also understand that many of these users also repurpose personal passwords into their work environment.  So the idea being…if you can compromise their Flowers.com account, you can compromise their HR account at work, or their financial records database.  This is simply because the human mind is unable to remember too many complex passwords, and if they are changed every 30 days, then we struggle even more often.  Enter the world of Complete Access and offerings such as Single-Sign on.  This allows one to set up a master user ID, and password, which you are required to reset the password on a frequent basis. For extra protection, companies may ask you to provide multi-factor authentication, such as 1) What you have (smartcard, key or biometrics) 2) What you know (pin #, passphrase).  Once this Authentication takes place, the SSO client quickly unlocks access to a small database of all of your User ID and passwords for each of your applications and services.  Now the idea here being, now each individual application and service you set up can now be a strongly cryptic password, and not a variation of the same password. Now you can set time limits of 30 days and expire your passwords.  Now you can set up a provisioning process for your enterprise applications so that you provision only one User ID and password, and never share any of the unique User ID and passwords for the individual apps underneath it.  This allows you to more easily de-provision applications and services at will.   This doesn’t stop at just the desktop; this is what extends to mobile platforms now as well. So regardless if you are on a Windows, Mac, Android or iOS device, your Complete Access follows you.

Mobile & Cloud Security

With the mobile platform, enters a whole new category of applications underpinned by what we call the “Cloud”, and this brings into question how we address the security implications of both of these platforms. Five years ago, a 5,000 employee organization was struggling with how to manage the provisioning model for 5-7,000 user IDs for their employees.  Today, that same company is dealing with 5 to 10 identities per device, per user.  With each employee leveraging 2 to 3 devices, this could be as many as 200,000 identities in itself.   Now businesses are facing the bigger dilemma with the cloud.  How do we create, provision and manage credentials for all of our partners and customers who do business with us over the Internet?   In a consumer oriented business, this could be millions of identities. What is needed is an architecture that can scale as the business needs transform to include new technologies, new services, and new avenues of sales and distribution.

Maturity of the Optimized Application

As with everything in technology, we are seeing maturity and capability grow in leaps and bounds in the areas of our Application Optimization.  We have moved from the days of our first applications where our security focus was limited due to its complexity and high cost, as well as limits in regulatory reporting, to models where we started to consolidate our applications. Here, we started to see some degree of centralized security controls, but they were very limited in nature.  Today, we are in a phase of what we call the “Optimized Platform��, where the main driver is Data Governance for Risk & Compliance.  This is not where our maturity for applications will end.  The future is a bright one, and we will see Optimized Processes where the drivers are automated auditing and compliance reporting, in the not too distant future.  It doesn’t stop there.  This maturity and capability has to take us to the point where we are including Self-Healing and Automation where some of the main security drivers are automated fraud management and automated IT & User provisioning.  The key to this maturity is having an infrastructure in place today that is capable of growing with you, as the capability grows.

In Summary – The Platform Transformation

We have discussed where we are with our state of applications today.  We have shared where we need to be and the transformation principals that will drive this Great Application Re-Architecture.  All of this is supported by a platform transformation here at Oracle that we call Oracle AppAdvantage.

Oracle AppAdvantage for Security, is simply when we de-bundle from the application, and make it part of the platform, a sharable component that all applications can leverage.  When you build a car, the car battery isn’t used for just the engine to start with.  It’s used to power the radio. It’s used to power the lights, the horn, the seat warmers, and the fan. Everything.  It’s a shared component within the car.  It’s a platform approach to building an automobile, and we are now doing the same for security. 

Tuesday Jan 07, 2014

Manage Child Process Forms With Oracle Identity Manager API

Oracle Identity Manager allows you to manage roles, responsibility or group membership as an entitlement. An entitlement granted to an account on a target system enables the account user to a specific task or function.In Oracle Identity Manager, there is one process form for each account (resource) provisioned to an OIM User. Entitlement data is stored in child process forms of the process form.

You can manage child form with Oracle Identity Manager api such as remove and add data. For this operations, you can use tcFormOperationsIntf service.

First,you have process instance key for find the right child table. 

    import Thor.API.Operations.tcFormInstanceOperationsIntf;

    private tcFormInstanceOperationsIntf service;

    /**
     * Default constructor.
     */
    public ProcessFormManagerImpl() {
        service = getClient().getService(tcFormInstanceOperationsIntf.class);
    }

    public void addDataChildProcessForm(long processInstanceKey, String columnName,
                                 String columnValue) throws Exception {
//columnName example UD_ADUSRC_GROUPNAME
        long processFormDefinitionKey =
            service.getProcessFormDefinitionKey(processInstanceKey);
        int processParentFormVersion =
            service.getProcessFormVersion(processInstanceKey);
        tcResultSet childFormDef =
            service.getChildFormDefinition(processFormDefinitionKey,
                                           processParentFormVersion);
        long childKey =
            childFormDef.getLongValue("Structure Utility.Child Tables.Child Key");
        HashMap addAttr = new HashMap();
        addAttr.put(columnName, columnValue);
        service.addProcessFormChildData(childKey, processInstanceKey, addAttr);
    }

    public void removeDataChildProcessForm(long processInstanceKey,
                                           String childFormKey,
                                           String columnName,
                                           String columnValue) throws Exception {
        long processFormDefinitionKey =
            service.getProcessFormDefinitionKey(processInstanceKey);
        int processParentFormVersion =
            service.getProcessFormVersion(processInstanceKey);
        tcResultSet childFormDef =
            service.getChildFormDefinition(processFormDefinitionKey,
                                           processParentFormVersion);
        long childKey =
            childFormDef.getLongValue("Structure Utility.Child Tables.Child Key");
        tcResultSet childData =
            service.getProcessFormChildData(childKey, processInstanceKey);
        for (int i = 0; i < childData.getRowCount(); i++) {
            childData.goToRow(i);
            String groupName = childData.getStringValue(columnName);
            if (groupName.equals(columnValue)) {
                long rowKey = childData.getLongValue(childFormKey);
                service.removeProcessFormChildData(childKey, rowKey);
            }
        }
    }

About me:

Mustafa Kaya is a Senior Consultant in Oracle Fusion Middleware Team, living in Istanbul. Before coming to Oracle, he worked in teams developing web applications and backend services at a telco company. He is a Java technology enthusiast, software engineer and addicted to learn new technologies,develop new ideas.

Follow Mustafa on Twitter,Connect on LinkedIn, and visit his site for Oracle Fusion Middleware related tips.

Tuesday Dec 17, 2013

Standards Corner: Double-Blind Identity

For several years now, BC has been working on a new identity services project that would enable citizens to securely access government services online. For BC, there is clear motivation: reducing identity management and fraud costs in everything from drivers licenses to health insurance. Find out how BC takes a new approach to identity services using double-blind identity architecture.[Read More]

Monday Dec 09, 2013

Account Provisioning With Oracle Identity Manager API

Oracle Identity Manager allows you to provision account using the OIM api. You can use Oracle Identity Manager to create, maintain, and delete accounts on target systems. Oracle Identity Manager becomes the front-end entry point for managing all the accounts on these systems. After the accounts are provisioned, the users for whom accounts have been provisioned are able to access the target systems without any interaction with Oracle Identity Manager. This is the provisioning configuration of Oracle Identity Manager.

oim provision

Sometimes you will need give account from remote operations (webservice or some remote connector).For this operations , you have to find right application instance for provision account. You can use findApplicationInstanceByName method of oracle.iam.provisioning.api.ApplicationInstanceService service for find application instance. Then,you can provision an application instance with OIM api, using oracle.iam.provisioning.api.ProvisioningService service.


import oracle.iam.provisioning.api.ProvisioningService;

import oracle.iam.provisioning.api.ApplicationInstanceService;


    public void provisionAccount(String userKey) throws ApplicationInstanceNotFoundException,

                                                                        GenericAppInstanceServiceException,

                                                                        UserNotFoundException,

                                                                        GenericProvisioningException {

  ProvisioningService service=getClient().getService(ProvisioningService.class); 

  ApplicationInstance appInstance=findApplicationInstanceByName("Application Instance Name");

                //serverName example : UD_ADUSER_SERVER

        //itResourceName example : Active Directory

        FormInfo formInfo = appInstance.getAccountForm();

        Map parentData = new HashMap();

        parentData.put(serverName, itResourceName);

        String formKey = String.valueOf(formInfo.getFormKey());

        AccountData accountData = new AccountData(formKey, null, parentData);

        Account account = new Account(appInstance, accountData);

        account.setAccountType(Account.ACCOUNT_TYPE.Primary);

        service.provision(userKey, account);

}


    public ApplicationInstance findApplicationInstanceByName(String applicationInstanceName) throws ApplicationInstanceNotFoundException,

                                                                                                GenericAppInstanceServiceException {

 ApplicationInstanceService service=getClient().getService(ApplicationInstanceService.class);

        ApplicationInstance appInstance=service.findApplicationInstanceByName(applicationInstanceName);

        return appInstance;

    }

About me:

Mustafa Kaya is a Senior Consultant in Oracle Fusion Middleware Team, living in Istanbul. Before coming to Oracle, he worked in teams developing web applications and backend services at a telco company. He is a Java technology enthusiast, software engineer and addicted to learn new technologies,develop new ideas.

Follow Mustafa on Twitter,Connect on LinkedIn, and visit his site for Oracle Fusion Middleware related tips.

Tuesday Nov 12, 2013

Chalk Talk with John: Business Value of Identity and Access Management


Conveying the business value of Identity and Access Management to non technologists can potentially be challenging, especially considering the breadth capability supplied by these technologies.

In this episode of Chalk Talk with John, Bob at Codeaway Valley asks Jim from Middleware Fields how they are able to manage access to buildings and facilities throughout their community. Bob and his team struggle to keep up with the needs of their community members, while ensuring the community’s safety. Jim shares his creative solution to simplifying the management of access throughout their community in Middleware Fields.

About me:

Hi, I am John Brunswick, an Oracle Enterprise Architect. As an Oracle Enterprise Architect, I focus on the alignment of technical capabilities in support of business vision and objectives, as well as the overall business value of technology.  Before coming to Oracle, I was a Practice Manager within BEA System's Business Interaction Division consulting organization, orchestrating enterprise systems in support of line of business goals.

Follow me on Twitter and visit my site for Oracle Fusion Middleware related tips.

Wednesday Nov 06, 2013

Hello With Oracle Identity Manager Architecture

Hi, my name is Mustafa! I'm a Senior Consultant in Fusion Middleware Team and living in Istanbul,Turkey. I worked many various Java based software development projects such as end-to-end web applications, CRM , Telco VAS and integration projects.I want to share my experiences and research about Fusion Middleware Products in this column.

Customer always wants best solution from software consultants or developers. Solution will be a code snippet or change complete architecture. We faced different requests according to the case of customer. In my posts i want to discuss Fusion Middleware Products Architecture or how can extend usability with apis or UI customization and more and I look forward to engaging with you on your experiences and thoughts on this. 

In my first post, i will be discussing Oracle Identity Manager architecture  and i plan to discuss Oracle Identity Manager 11g features in next posts.

Oracle Identity Manager System Architecture

Oracle Identity Governance includes Oracle Identity Manager,Oracle Identity Analytics and Oracle Privileged Account Manager. I will discuss Oracle Identity Manager architecture in this post. 

In basically, Oracle Identity Manager is a n-tier standard  Java EE application that is deployed on Oracle WebLogic Server and uses  a database . 

oracle identity manager architecture


Oracle Identity Manager presentation tier has three different screen and two different client. Identity Self Service and Identity System Administration are web-based thin client. Design Console is a Java Swing Client that communicates directly with the Business Service Tier.  Identity Self Service provides end-user operations and delegated administration features. System Administration provides system administration functions. And Design Console mostly use for development management operations such as  create and manage adapter and process form,notification , workflow desing, reconciliation rules etc.

Business service tier is implemented as an Enterprise JavaBeans(EJB) application. So you can extense Oracle Identity Manager capabilities. 
-The SMPL and EJB APIs allow develop custom plug-ins such as management roles or identities. 
-Identity Services allow use core business capabilites of Oracle Identity Manager such as The User provisioning or reconciliation service.
-Integration Services allow develop custom connectors or adapters for various deployment needs.
-Platform Services allow use Entitlement Servers, Scheduler or SOA composites.

The Middleware tier allows you using capabilites ADF Faces,SOA Suites, Scheduler, Entitlement Server and BI Publisher Reports. So OIM allows you to configure workflows uses Oracle SOA Suite or define authorization policies use with Oracle Entitlement Server. Also you can customization of OIM UI without need to write code and using ADF Business Editor  you can extend custom attributes to user,role,catalog and other objects.


Data tiers; Oracle Identity Manager is driven by data and metadata which provides flexibility and adaptability to Oracle Identity Manager functionlities. 
-Database has five schemas these are OIM,SOA,MDS,OPSS and OES. Oracle Identity Manager uses database to store runtime and configuration data. And all of entity, transactional and audit datas are stored in database.
-Metadata Store; customizations and personalizations are stored in file-based repository or database-based repository.And Oracle Identity Manager architecture,the metadata is in Oracle Identity Manager database to take advantage of some of the advanced performance and availability features that this mode provides.
-Identity Store; Oracle Identity Manager provides the ability to integrate an LDAP-based identity store into Oracle Identity Manager architecture. 

Oracle Identity Manager

Oracle Identity Manager uses the human workflow module of Oracle Service Oriented Architecture Suite. OIM connects to SOA using the T3 URL which is front-end URL for the SOA server.Oracle Identity Manager uses embedded Oracle Entitlement Server for authorization checks in OIM engine. 

Several Oracle Identity Manager modules use JMS queues. Each queue is processed by a separate Message Driven Bean (MDB), which is also part of the Oracle Identity Manager application. Message producers are also part of the Oracle Identity Manager application.

Oracle Identity Manager uses a scheduled jobs for some activities in the background.Some of scheduled jobs come with Out-Of-Box such as the disable users after the end date of the users or you can define your custom schedule jobs with Oracle Identity Manager APIs.

You can use Oracle BI Publisher for reporting Oracle Identity Manager transactions or audit data which are in database.

About me:

Mustafa Kaya is a Senior Consultant in Oracle Fusion Middleware Team, living in Istanbul. Before coming to Oracle, he worked in teams developing web applications and backend services at a telco company. He is a Java technology enthusiast, software engineer and addicted to learn new technologies,develop new ideas.

Follow Mustafa on Twitter,Connect on LinkedIn, and visit his site for Oracle Fusion Middleware related tips.

Thursday Aug 22, 2013

Global Perspective: Oracle AppAdvantage at Work Down Under

Global Perspective is a monthly series that brings experiences, business needs and real-world use cases from regions across the globe. This month’s feature showcases real-world business stories from the APAC region.

Author: Juliana Button

We recently had the pleasure of Mohamad Afshar, Vice President, Oracle Fusion Middleware Product Management and Rick Beers, Senior Director Oracle Fusion Middleware Product Management, join us in Australia for our inaugural Business Innovation Summit. This full-day thought leader’s event was attended by 50 business and IT leaders, and proved to be an excellent opportunity to network and share ideas and best practices around Oracle’s key mobile and cloud-based strategies for infrastructure modernisation and business transformation. The interactive agenda included joint customer/partner presentations, panel discussions and workshop exercises where attendees discussed Oracle AppAdvantage, Engineered Systems and Oracle Fusion Middleware and how these technologies provide a pathway to simplify IT complexity, support innovation and agility to reduce costs and deliver competitive differentiation in their organizations today.

Let’s take a look at how some of these Australian customers are using Oracle AppAdvantage today to deliver benefits in each of the three Oracle AppAdvantage layers.

Simplify IT by minimizing complexity, improving performance and lowering cost with secure and reliable systems across the entire Enterprise.

Yarra Valley Water (YVW) – YVW needed to upgrade its IT infrastructure to better support its Oracle Utilities Customer Care and Billing system and its plans for creating customer-facing Web portals. In mid-2012, the organization developed a private cloud infrastructure, based on Oracle Exadata Database Machine, Oracle Exalogic Elastic Cloud, and Oracle Enterprise Manager. The infrastructure includes a pair of Oracle Exadata and Oracle Exalogic engineered systems at YVW’s production and disaster recovery centers. By taking advantage of Oracle Exadata and Oracle Exalogic’s high performance and stability, YVW ensured its Oracle Utilities Customer Care and Billing applications can reach their full potential. It reduced application response times from up to 9 seconds to a subsecond, lowered average customer call times by 30 seconds, and cut the overnight batch processing time by 71%. It has also reduced the time required for development, testing, and production tasks by 30%. For more information you can read the full case study or watch one of the videos - Exalogic Boosts Performance / Streamlines Resources for YVW | YVW Streamlines IT Practices with Exalogic and Exadata | YVW Uses Oracle Identity and Access Management

Differentiate Layer: Move business specific processes and applications to the Differentiate Layer, thus creating greater business agility with process extensions and best of breed applications using standards-based re-usable integration, managed by cross- application process orchestration.

Jurlique – Jurlique has experienced significant growth in online sales in the U.S. When Jurlique’s products were featured on The Today Show in the U.S., the company received 16,000 orders in a 24-hour period, and it took more than one month to settle the orders. Jurlique quickly realized it needed to automate its online ordering process to cut down transaction processing time and deliver a better service to its customers. This involved integrating its online ordering application with the JD Edwards EnterpriseOne system to create a streamlined service-oriented architecture (SOA) framework. SOA has reduced the time it took to complete online product orders by at least 20%, and it accelerates delivery times from order to shipment by 50%.

More recently, Jurlique has extended its SOA footprint to (i) support real-time standards-based integration between its third-party warehouse management systems and JD Edwards EnterpriseOne manufacturing systems, (ii) integrate with third party credit card provider, (iii) implement mobile ordering , and (iv) deliver a business activity dashboard. OPN Platinum partner UXC Red Rock, delivered the SOA integration solution for Jurlique. For more information take a look at the Jurlique Presentation from the Business Innovation Summit, read the full case study or watch one of the videos - Jurlique Uses Oracle SOA Suite to Extend JD Edwards | Jurlique Streamlines Online Ordering with Oracle SOA Suite | Jurlique Streamlines Wholesale Order Process with Oracle ADF |

Engineers Australia – Engineers Australia needed to replace its aging legacy IT infrastructure, redefine its business processes, and develop new online and customer relationship management (CRM) functions to improve the services it provides to engineers. The organization’s system, which it calls eChartered, went live in November 2012. It provides new online self-service capabilities that improves the user experience for Engineers Australia members and replaces many cumbersome manual processes. In 2012, the organization implemented Oracle Business Process Management Suite 11g and Oracle SOA Suite 11g, integrating with E-Business Suite and cloud-based Salesforce.com, running on Oracle WebLogic Suite 11g, to support its eChartered system.

Engineers Australia moved from paper-based to online processes, improved monitoring, management, and visibility of its chartered engineer processes, and ensured seamless integration for eChartered, thereby reducing the time and effort required to manage members’ enrollments, assessments, and registrations. It now completes the enrollment processes 90% faster, while staff can generate assessment reports in seconds rather than taking 45 minutes, as was the case previously. The organization also has cut the time to develop new system modules by three to four weeks. OPN Platinum partner UXC Red Rock, delivered the BPM solution for Engineers Australia. For more information take a look at the Engineers Australia Presentation from the Business Innovation Summit, read the full case study or watch one of the videos - Engineers Australia Recognises AppAdvantage | eChartered Built with Oracle BPM Suite and SOA Suite | Engineers Australia Transforms eChartered Process

Innovation Layer: Drive business innovation by connecting people, information, and applications anywhere, anytime.

Stryker South Pacific - Stryker South Pacific, a global organisation that provides a wide array of medical devices, needed to streamline its business critical manual ordering process for surgical kits. OPN Partner Intelligent Pathways, delivered a SOA-based mobile solution for Stryker South Pacific to enable surgery kit bookings to be captured in the field on laptop or mobile devices, with booking data automatically entered into JD Edwards EnterpriseOne via SOA-based business services with an automated approval process. The integrated mobile solution has improved customer service, reduced errors and improved the user experience. For more information take a look at the Stryker South Pacific Presentation from the Business Innovation Summit.

We hope you have found these Oracle AppAdvantage customer case studies insightful to help you on the journey to delivering Business-IT alignment and enhanced business value from Oracle Applications, in your own organizations. The Oracle AppAdvantage customer reference booklet available off oracle.com showcases additional business use cases and customer examples so do take a look at it. And, I look forward to hearing from you on which business case you best relate to.

About the Author:

Juliana Button is Director of Product Management, Oracle Fusion Middleware. Since 1992, Juliana has held various technical and management positions in Oracle Corporation based in Australia and at Oracle Headquarters in Redwood Shores. Juliana's current responsibilities include supporting go-to-market initiatives for Oracle Fusion Middleware and Oracle AppAdvantage, and working with customers and Partners across the globe.

Monday Jun 17, 2013

Happy National Small Business Week

This week is all about you – small businesses that have made it or are looking to make it from the ground up. This week we are celebrating your creativity, your courage, your endurance and resilience. You do what you love and share with us and for that, we applaud you.

As you waddle through the challenges of operating small businesses and look to scale your operations, at Oracle, we are busy thinking of how to make your lives somewhat easier. Here are a few ways Oracle Fusion Middleware can add value to your growing businesses:

Build business mobility: If thinking of taking your business applications mobile, scale with declarative development of native on-device mobile applications, enable seamless access across multiple mobile devices and operating systems with Oracle Identity Management and connect back-end systems to mobile devices with Oracle SOA Suite for mobile integration for your enterprise.

Enable online collaboration: Connecting online with your customers, vendors, et al? Take control of the web experience! Deliver a consistent, superior and targeted online experiences across web, mobile and social channels. As you look to go global, integrate social collaboration tools, content and experience management technologies with your existing sales, marketing and customer applications.

Move your applications to cloud: If you are looking to leverage cloud to take advantage of low operational costs, better efficiency, enable business agility, consider simplifying your application integration strategy by adopting a service-oriented architecture and enforcing security to mitigate any risk.

Extend your business applications: Get the customizations out of your ERP applications and alleviate the costs & effort involved with upgrading and maintaining customized applications. Bring it all to the logic (process) layer and build composite applications that improve your speed to market and give you the agility you need to build your business while managing data across all systems.

The idea: you worry about running your business, let Oracle Fusion Middleware take care of your back-end systems. Happy National Small Business Week!

Thursday Mar 21, 2013

Managing Security in the SoMoClo World

Identity Management Product Marketing Team Blog

As we look forward in 2013, we look at the key trends driving the IT transformation today. Surely, mobile, social and cloud would top the list. With the proliferation of mobile devices companies are looking to offer access to the most commonly used (or user facing) business applications on users’ personal mobile devices. The spread of social networking is forcing organizations to allow users to access company resources using their social media sign-ons. And regardless of whether it is in a datacenter or in the cloud, the business application needs to be just as secure and reliable.

Customers today are demanding a seamless online experience, one that is geography agnostic. But most applications that are required to support this seamless digital experience were architected 10 or 20 years ago and are not scalable or agile enough. Worse, the applications still keep user experience and security at cross-hairs; you inevitably compromise on one or the other.

The applications for today and tomorrow will need to support the internet scale, offer a seamless user experience across all channels and yet be secure to enable a digital interaction with confidence. Which means, a re-architecture that adopts SOA for flexibility, BPM for collaboration and participation, a scalable user portal and Big Data for better business analytics and Fast data for the massive scale that will be required and a Security Inside Out approach. To learn more about how each of the Fusion Middleware components fit into a social, mobile, cloud strategy, we recommend you peruse all the videos and assets for The New Business Imperative: Social, Mobile, Cloud screencast program here.

In our previous posts, we talked about the essentials for Securing the New Digital Experience and how Oracle has adopted a platform approach to provide a solid foundation to enable a secure, seamless digital experience. If you missed our screencast, you can watch it now.

We wanted to share with you, some customer experiences. Industry leading organizations have adopted the platform approach to Identity management and have started to leverage the capabilities of our latest release, Identity Management 11gR2 to enable secure mobile and social access. Companies, like SaskTel, are offering Identity Management in the cloud to some of the most security-conscious organizations.

SuperValu, for example, is leveraging Identity Management to bolster employee productivity in their stores by delivering secure, simplified sign-on for store managers on iPads.

And Oracle itself is using Oracle Identity Management internally to offer a centralized, single identity system, a simplified identity context to its employees across a myriad of applications the employees have (and need) access to. Managing a dynamic workforce across geographies, folding in M&As, leveraging Identity Management to power the cloud services – Oracle Identity Management within Oracle is another good example of the success of a platform approach to identity management and security. Catch this podcast to get the full Oracle on Oracle story.

Engage with Us

About

Get the latest on all things Middleware. Join Oracle's Middleware Community today.

Find Us on facebook Follow us on twitter Catch Us on YouTube 

Search

Categories
Archives
« July 2015
SunMonTueWedThuFriSat
   
1
2
3
4
6
7
8
9
10
11
12
14
15
16
17
18
20
22
24
25
26
28
29
30
31
 
       
Today