Thursday Apr 30, 2015

PaaS Use Cases: Cloud Documents Sharing and Collaboration

In my post yesterday, I had announced the availability of the April Edition of Oracle Fusion Middleware Newsletter. The newsletter was all about how PaaS services are enabling a digital transformation in the workplace. Enterprises are now not just about their employees but the all encompassing ecosystem of employees, partners, suppliers and even customers. Geography and time zones no longer define the workplace. The workforce needs anytime, anywhere access to work content, available off any device. The same content needs to be shared and collaborated on by people both within the organization and outside. In this world, cloud content sharing and collaboration is not a nice to have but a must have. Oracle Documents Cloud Service (DOCS) is an enterprise-grade cloud content sharing and collaboration solution that allows you to store, share and access content from anywhere off Web, desktop and mobile devices securely and with access trails. But more than that,  Oracle DOCS ties the content available to you to context - to the enterprise content, business processes and applications that you rely on to get your work done.

To offer a 360-degree perspective on why Oracle is investing its R&D efforts in cloud sharing and collaboration, be sure to tune into our live executive webcast on Wednesday, May 13 at 10 am PT/1 pm ET where we would have not only our senior Product Management executives but also Oracle CIO, Mark Sunday, VP of Content and Digital Media Technologies at IDC, Melissa Webster, EVP of TekStream Solutions, our customer as well as Oracle VP of Marketing Cloud, Alex Hooshmand discussing the role of enterprise cloud content sharing and collaboration. Save the date and register today for this webcast.

In the meantime, take a look at some of the common use cases we find where enterprise-grade Documents Cloud Service adds value to Lines of Businesses and IT. Here is the feature from our recent April edition of the newsletter featuring our upcoming webcast's host, Scott Howley, Vice President, Product Management at Oracle.

Cloud Computing Use Cases: Oracle Documents Cloud Service

Cloud computing—software as a service, platform as a service, and infrastructure as a service—is an undisputed game-changer in the corporate world. But with so many different cloud options, it can be complicated to align them with possible real-life scenarios. Here’s where use cases come in handy. In this series of articles, the Oracle Fusion Middleware Newsletter will illustrate how various aspects of cloud computing work within a business setting. For this issue, we’re looking at Oracle Documents Cloud Service.

“One of the reasons that cloud-based file-sharing services are so popular is that they address a universal challenge. Every employee, regardless of their role, needs a secure way to share files for work collaboration,” says Oracle Vice President of Oracle Fusion Middleware Product Management Scott Howley. “In addition, today’s digital workplace requires a 24/7 access to work content from anywhere on any device.”

Use Case 1: Coordinating with Business Partners
Today, internal business functions work with a variety of outside partners—think, for example, of a project in which marketing collaborates with an outside agency on deliverables. “You need to be able to collaborate and share files in real time, but without jeopardizing confidential information such as a press release that could impact stock prices,” says Howley. With Oracle Documents Cloud Service, you have the convenience of collaborative access without the risk associated with consumer products. Enterprise encryption, auditing, tracking, permission controls, and automatic backups keep your information safe.

Use Case 2: Fostering Sales Collaboration
Sales teams often work under deadline, such as when creating a detailed customer request for proposal, a process that involves quickly changing versions that must be instantly shared with both internal and external parties. Additionally, the final output likely needs to be tied back to an opportunity ID in the organization’s CRM system. With Oracle Documents Cloud Service, automatic versioning and syncing ensures version integrity, and its ability to integrate with other Oracle Cloud services such as Oracle Sales Cloud means CRM opportunities won’t get lost.

Use Case 3: Support for Mobile Field Workers
Companies must ensure that mobile or field-site workers can easily and safely access documents—even those with sensitive company information—via a wide variety of devices, from smart phones to tablets and laptops. Oracle Documents Cloud Service provides that flexibility with native support for iPhones, iPads, and Android mobile devices, along with desktop sync for both Mac and Windows computers. Moreover, the ability to embed a user interface in applications, portals, or sites ensures that content can have limitless expressions as work dictates.

“As these use cases show, smart organizations want more than just a standalone file sync and share solution,” says Howley. “They want enterprise-grade security, control, and integration for cloud content sharing.”

To learn more about Oracle Documents Cloud Service, register today for the Oracle Documents Cloud Service executive webcast featuring Oracle CIO Mark Sunday and visit cloud.oracle.com/documents for more information.


Wednesday Apr 29, 2015

On PaaS, Mobile Security, Cloud Content Sharing: April Newsletter is Out

The April edition of the Fusion Middleware newsletter is now out. This edition is all about Digital Transformation. Find out how Platform as a Service (PaaS) is driving the digital revolution and get access to the latest IDC report on the PaaS market, business drivers, benefits and more. As personal and work boundaries blur in the digital age, organizations are getting increasingly concerned about security. The challenges is more acute with trends like Bring Your Own Devices (BYOD)and even Bring Your Own Applications (BYOA). How do you open your company without incurring the security risks? Find out how Mobile Security can help protect your IP, your brand reputation while still enabling a digital trend. And, we continue our ongoing series of Cloud Computing use cases. In this edition, we take a closer look at cloud content sharing and collaboration. Oracle Documents Cloud Service (OracleDOCS)  is an enterprise grade solution that not only offers the intuitive features of cloud file sync and share but to support the various use cases drives a PaaS for SaaS solution allowing you to unlock your company potential. be sure to give it a read to understand how enterprises today are leveraging OracleDOCS.

The newsletter comes complete with news, recent press announcements, information about upcoming events both regional and online, latest market and product materials, and more so don't miss it. And we recommend you subscribe to the newsletter today.


Sunday Mar 01, 2015

New! Establishing a Mobile Security Architecture

Excerpts from a recent publishing.

Beyond Brute Force: 3 User-Friendly Strategies for BYOD Security*

In 1825 a painter named Samuel Morse was visiting New York City to fulfill a portrait commission and received word that his wife—at home in Washington, D.C.—had fallen gravely ill. The following day, another messenger brought heartbreaking news: Morse’s wife had died from her illness. Morse rushed home as fast as nineteenth-century transit could carry him but arrived to find his wife already in her grave. This devastating series of events led Morse to dedicate the remainder of his life to finding a means of rapid communication over long distances—eventually leading to the creation of the single-line telegraph and Morse code.

In 2014 Morse’s tragic episode underscores some of the forces mobile workers are still facing today. We are working longer hours than previous generations, many of us at greater distances from those we love. Our smartphones bring us closer (expanding Morse’s vision) with the people we care about, being no more than a voice call, e-mail, text message, or Facebook wall post away. As a result, personal and work communications are intersecting, with 89 percent of employees today using personal mobile devices at work or using their work devices for personal applications.

The phenomenon of Bring Your Own Device (BYOD) to work gives employees a kind of comfort Morse never knew, but it makes CIOs and CSOs uneasy, sparking concerns about protecting corporate data and preventing unauthorized access to internal systems. These fears are not unfounded: recent statistics show that cell phone theft has created a $US30 billion black-market economy. In San Francisco alone, 50 percent of all robberies are cell phone thefts. It is not a matter of if but when a personal device with your corporate data will fall into the wrong hands.

Download and read the rest here.

Monday Feb 23, 2015

Enabling Mobile Application Management with Secure Enterprise Single Sign On

Introduction 

Oracle Mobile Security Suite (OMSS) addresses BYOD challenges by isolating corporate from personal data on consumers’ personal mobile devices without needing to lockdown the entire device. Using a technique called containerization; the Oracle Mobile Security Suite creates a Secure Workspace (SWS) in which corporate applications,email and data are stored. Only authenticated users can access the secure workspace to run applications and access data and only applications provisioned or approved by corporate IT can be installed and executed from within this secure workspace. If the device is lost or stolen, corporate IT can remotely wipe the secure workspace without affecting any personal data.

The OMSS Secure Workspace (SWS) leverages OAM infrastructure for secure authentication (or even strong authentication/risk based access in the upcoming PS3 release) and seamless single sign on to corporate resources for all containerized apps. In this blog post I'll describe how the OAM Mobile & Social (M&S) OAuth Service allows OAM to provide secure authentication and enterprise single sign on to Oracle's Mobile Secure Workspace (SWS) .

How it Works


In order for the Mobile Security Access Server (MSAS) to authenticate users against Oracle Access Manager and retrieve Oracle Access Manager and OAuth tokens for integrated single sign on, the Mobile Security Access Server (MSAS) is registered as an OAuth Client with the M&S OAuth Service. In the current PS2 release we support the Confidential Client OAuth flow only; however in the upcoming PS3 release we will support Dynamic Client Registration as well.

Confidential Client Flow - In this flow MSAS is the OAuth 2.0 Confidential Client and M&S is the OAuth Server as well as the Resource Server. MSAS uses the clientid and secret entered in the container as confidential credentials for this flow. The confidential client first obtains an JWT User Token (referred to as User Identity Assertion) using this clientid, secret and the userid and password entered by the user in the secure workspace. The confidential client then obtains an OAuth2.0 Access Token using a standard OAuth 2.0 JWT user assertion flow on behalf of the resource owner. The OAM Tokens to access 11g or 10g protected resources are then obtained using the extension OAM Credential grant type using this JWT User Token. MSAS stores the encrypted JWT UT and the OAM MT (corresponds to an OAM_ID cookie for OAM protected web resources) in an STOKEN which is returned to the secure workspace app. This allows an authenticated secure workspace app user to single sign on to OAM protected resources with the OAM MT in the STOKEN and to any OAM OAuth REST interface using the JWT UT in the STOKEN.

Dynamic Client Registration - In this authentication model, a workspace is dynamically registered with M&S through MSAS and the workspace itself obtains the JWT Client Token after successful workspace registration. Compare this to the Confidential Client Flow flow above where the workspace app uses the client credential of MSAS. The registration of the workspace basically involves app and device profile attributes to be automatically sent to the M&S OAuth Server which creates a JWT Client token based on the unique "fingerprint" specific to the app and the device of the workspace app. The rest of the flow is similar where the workspace app itself is the OAuth Client (mobile OAuth client) and M&S is the OAuth Server as well as the Resource Server. In this flow we support step up authentication (using KBA or OTP) and device context based fine grained authorization during both user authentication to the workspace app and subsequent single sign on to corporate resources from any of the containerized apps. This is now possible because M&S uses its built-in integration with OAAM (using the Security Handler Plugin) to perform risk analysis based on the device and app context now available in this authentication.

Monday Nov 17, 2014

Mobile Security - A Fine Balance Between Usability & Security

Mobile is a new channel that any IT team needs to consider carefully.  Enterprise IT teams are familiar with securing access from the Web browser from desktops and laptops within the firewall, and remotely via VPN.  But access from mobile devices is relatively new. Especially when its from mobile apps, not just a web browser. An app that in theory is a trusted app. And the smartphones are no longer an IT provisioned mobile device (e.g. the standard Blackberry).  Like it or not, it's a bring your own device (BYOD) world.

You could try to install something that locks down the entire device. And if the device is ever lost or stolen, remotely wipe the device and everything in it. A bit heavy handed perhaps? I for one, have a ton of family pictures and personal information stored on my BYOD smartphone, and I suspect you do too. It makes me a bit uneasy to know that if I misplace my phone, all that information would be lost! (Guilty: I don't backup as often as I should)

So there's the rub, right? If you come down with a heavy handed approach to security, end users may look for ways to work around it, or not use it at all. Somewhat self defeating.  What if instead, security was provided at a more granular level? Separating personal v. work apps so that only work apps are controlled and secured? Lost phone?  Wipe the specific secured apps. Later find phone under the cushions of your couch? Ok, at least those pictures of Jr. are still there. :)

Sound too good to be true? Not so. Check out this recent blog post Oracle Mobile Security Suite in action on the exact scenario I just described.  

Want to see how Oracle's customers are going mobile? Don't miss the Northumbrian webcast this week on Nov 18th!

Monday Oct 20, 2014

Lost and Stolen Mobile Devices?

Lost and Stolen Mobile Devices - A Disaster Waiting to Happen?



The 'Oracle Mobile. Simply Connected.' global study found that people aged between 16 and 24 are more likely to find a way to access work data and applications on their mobile device–with or without their employers’ consent. Yet they are also the most likely to lose their mobile devices, or worse, have them stolen. To learn more, click here

Get real time information on Oracle Mobile by following us on Twitter @OracleMobile or subscribing to the Oracle Mobile blog

Monday Oct 06, 2014

Mobile Highlights from OOW14


Another successful Oracle OpenWorld! We saw drones cruising over Howard St. as well as the America’s Cup trophy and championship sailboat, plus the concert Wednesday night had some great weather. We dialed in the weather. Tthere’s an app for that,  I think it’s called Oracle ExaWeather Control Center  and it's built on Oracle MAF ;-)   There were a myriad of mobile sessions and hands-on-labs as mobile at Oracle continues into into high gear.  Some highlights included:


Oracle Alta User Interface

Used by Oracle’s cloud applications, cloud services and available for customer-developed applications, new UI design principles deliver elegant user interfaces and experiences for web and mobile applications. Quote from the audience: "We were thinking of starting to rewrite our front end in AngularJS, but this new Alta skin looks awesome!”


Oracle Mobile Cloud Service (MCS)- Simplify enterprise connectivity, any app, any data, any data - secure. The demos were great and the hands on labs were packed. Mobile + Cloud = Rethink Mobile


Preview of Oracle Mobile Application Accelerator (MAX) - a cloud-based offering that brings mobile application development capabilities to professionals with no previous software development experience. With Mobile Application Accelerator, program managers, power users, and business professionals can develop mobile applications quickly and visually through their web browser.

Voila! Enhanced Oracle Mobile Application Framework + Oracle Mobile Security Suite. To simplify secure mobile application development, Oracle is deepening the integration between Oracle Mobile Application Framework and Oracle Mobile Security Suite as part of the mobile application lifecycle management process. This integrated approach makes it easier for developers to create a seamless user experience, without compromising security.

Are you developing with Eclipse?  These two were announced prior to OpenWorld, and worth repeating - a new version of Oracle Mobile Application Framework development is now available on the latest update of Oracle Enterprise Pack for Eclipse!

And as with the continued adoption and use of Oracle Mobile Application Framework throughout Oracle and its customers, there are 14 New mobile apps for Oracle E-Business Suite!

Need to go hands on with mobile?  Mobile Application Framework Challenge - The Oracle Mobile Application Challenge invites developers to demonstrate how the Oracle Mobile Application Framework can be used to create and/or extend an enterprise application through mobile technology and then deploy that application to a handheld device. 


If you weren’t able to make some of these great sessions, don’t worry.  Oracle Technology Network is sponsoring a Virtual Technology Summit covering mobile topics and more. 

Phew! More mobile? Go to Oracle.com/mobile and then follow us on Twitter @OracleMobile

Friday Sep 26, 2014

Thomas Kurian to Unveil The Cloud Platform for Digital Business

Author: Juliana Button, Director, Oracle Fusion Middleware

Want to know the inside scoop on Oracle’s middleware strategy? Don’t miss this great session with Thomas Kurian, Executive Vice President, Product Development, his key Product Management leads, and special guest, Steve Holland, Chief Technology and Digital Officer, 7-Eleven, as they walk you through this jam-packed session where Thomas will unveil Oracle Fusion Middleware as The Cloud Platform for Digital Business. You will hear the Oracle Fusion Middleware Strategy and see the new Middleware Cloud Services in action.

GEN8589: Oracle Fusion Middleware - The Cloud Platform for Digital Business
Monday, September 29, 1:15 p.m. -2:00 p.m.
Marriott Marquis, Salon 7/8/9

Steve Holland, Chief Technology and Digital Officer, 7-Eleven, will join Thomas on stage to discuss the “Digital Guest Experience” they have implemented on Oracle’s Platform-as-a-Service.

Come and hear about the Oracle Mobile Platform strategy and learn how Oracle Mobile Application Framework (MAF) supports rapid development across multiple devices; Mobile Security Suite provides mobile security for BYOD and COPE, shared devices, bringing together identity and access management; and Mobile Cloud Service simplifies access to enterprise mobile services in the cloud.

You will get a sneak preview of the Mobile Application Framework and Mobile Cloud Service as Suhas Uliyar, Vice President Product Management, demonstrates building a mobile demo that runs across multiple devices, and containerizes the mobile app using Mobile Security Suite.

Oracle’s Identity and Access Management Strategy provides a unified solution for managing, authenticating, and auditing user access across enterprise, cloud, and mobile applications; Encrypts mobile application data and protects mobile APIs for apps running on both personal and corporate-owned devices. 

Thomas will explain how you can simplify integration of on-premise systems with bespoke and packaged cloud applications through the new Integration Cloud Service (iPaaS) and support multi-channel delivery of applications and services across Mobile, Web, B2B, and Cloud through new API Management functionality, and REST, JSON and SaaS Adapters.

Vikas Anand, Senior Director, Product Management will show you how easy it is to connect E-Business Suite to Oracle Service Cloud using the new Integration Cloud Service.

Oracle’s comprehensive BPM Platform delivers business driven process design, mobile applications, and advanced analytics. The new Process Cloud Service supports process innovation and optimization through process monitoring and analytics, process automation capabilities including workflow, events and rules and mobile forms and workspace.

Oracle delivers a unified Data Integration platform across all enterprise systems to provide high-speed data movement across relational databases, operational systems, warehouses, and Hadoop clusters. You can integrate Data Quality with business applications to ensure clean data in operational systems and provide data governance and comprehensive metadata management for trusted business data. Oracle announces Oracle Enterprise Metadata Management that covers the full breadth of metadata management and data governance needs in an organization - data lifecycle management, harvest and integrate 3rd party metadata, data governance, stewardship and standardization.

Oracle’s Content and Collaboration strategy enables collaboration in the context of business applications and integrates content management, collaboration, and process management into an agility platform for departments. The Documents Cloud Service (available under Controlled Availability) provides document sharing securely across devices and with others using secure workspaces. Oracle Social Network provides an enterprise social platform to facilitate collaboration within and across organizations.

You can check out Oracle Social Network and the new Documents Cloud Service in the demonstration by Gangadhar Konduri, Vice President Product Management. You will also see how easy it is to go online and buy a subscription to Documents Cloud Service.

Thomas will highlight Oracle’s highly differentiated public and private cloud IaaS and PaaS - a complete, integrated, best-in-class and standards-based platform-as-a-service to lower integration costs, provide self-service capabilities to drive productivity and uniquely deliver seamless workload portability between on-premise and cloud using standard DevOps and management tools.

Mike Lehmann, Vice President, Product Management, will show us how easy it is to deploy a standard Java application to the Java Cloud Service from JDeveloper and then discuss how easy it is to move this application from the Oracle Public Cloud into an on-premise private cloud.

If you want the lowdown on Oracle’s Middleware Strategy, this is one session not to be missed!


Friday Jun 20, 2014

Oracle AppAdvantage: A Tale Of Mobile Phones and Toothbrushes

The word “Digital” is all the rage. But like most things in the world, the term means different things to different people. To customer facing enterprises, it means enabling customer interactions across multiple channels – online, mobile, social, et al. To others, it may mean leveraging technology to bring efficiency into a workplace – leveraging cloud, introducing BYOD for employees, building self-service portal, among other examples. Fore a few among us it means a painful reality that the world is changing and we must too!

To me, “Digital” means “Evolution”. I think it means having a modern, time-relevant perspective to meeting customers’ needs and solving business challenges. In my view, “Digital” is a call to action to leverage the latest technology or a combination of it to improving your bottom line – reducing time and cost overheads while building (and exploiting) new opportunities. Technology is no longer about automating IT tasks and processes, it is about delivering tangible value to the business ecosystem – its customers, partners, vendors and suppliers, and employees.

A small business can, for example, leverage social media marketing to do some effective but low-or even no-cost marketing. A manufacturing company can integrate their knowledge base with front end applications to enable self-support and troubleshooting, or perhaps build a collaboration forum for support solutions by peer customers. A high tech company can eliminate IT overhead by moving to cloud and perhaps use information security technology to secure end to end access. A credit card company can enable intuitive self service portal to enable customers and offer mobile alerts. “Digital” means taking advantage of the opportunity afforded by available technology.

And that’s what Oracle AppAdvantage is all about: leverage your existing investments in your business applications while allowing you to extend your capabilities, adopt new technology trends and enhance the value you provide to your ecosystem in a pace layered architecture.

And do you know why that matters in today’s world? Because we are living in a world where more people own a mobile phone than a toothbrush. (Source: Mobile Marketing of Asia and corroborated since)

Wednesday Jun 18, 2014

Standards Corner: IETF Revisits HTTP/1.1

HTTP has been one of the most successful IETF specifications aside from the Internet itself. When it was created in 1999, the authors of HTTP had no idea how big and how widely used it would be.  For many years the focus was on the evolving world-wide-web and HTML. The web itself went through many transformations with the introduction of Ajax and then HTML5 by the W3C.  Meanwhile, non-browser use of HTTP has been steadily growing especially with the exploding popularity of smart devices, the Internet of Things, and in particular RESTful APIs.

Last week, the IETF officially did away with RFC2616, the main specification document that defined HTTP/1.1. RFC2616 has been broken up into 6 specifications, RFC7230 through 7235.


[Read More]

Friday May 30, 2014

Standards Corner: Preventing Pervasive Monitoring

On Wednesday night, I watched NBC’s interview of Edward Snowden. The past year has been tumultuous one in the IT security industry. There has been some amazing revelations about the activities of governments around the world; and, we have had several instances of major security bugs in key security libraries: Apple's ‘gotofail’ bug  the OpenSSL Heartbleed bug, not to mention Java’s zero day bug, and others. Snowden’s information showed the IT industry has been underestimating the need for security, and highlighted a general trend of lax use of TLS and poorly implemented security on the Internet. This did not go unnoticed in the standards community and in particular the IETF.[Read More]

Monday May 05, 2014

Identity Enabling Mobile Security

Authored by Suresh Sridharan, Business Manager, Security

Smart Connected Device Growth: The growth of smartphones and tablet devices has been phenomenal over the past 4 years. Global smartphone shipments have grown extensively from approximately 100m units in 2010 to 725m units in 2012, reaching 1b devices in January 2014. Simultaneously, tablet shipments have grown from 5m units in 2010 to approximately 125m units in 2012. Tablet numbers are likely to touch 400m units by 2017.

This explosion in the shipment of smart connected devices has also led to a significant change in users’ behavior and expectations.

In a corporate environment, the phenomenon of Bring Your Own Device (BYOD) is gaining momentum. Gartner predicts that 38% of all organizations will have an “all BYOD” policy by 2016, up from 6% today (2014). If the same device is being used for both personal and work purposes, users will expect the same experience across corporate and personal apps. Further, employees regularly use similar apps for both business and personal purposes examples include: WhatsApp, Skype and Facebook..

Mobile devices present benefits both for organizations and for individuals. Surveys show that a BYOD policy helps employee gain an extra 37 minutes of productive time every week. To increase sales productivity, some of our customers are mobile-enabling sales teams to ensure that they have access to the latest information when they meet with customers.

Security is one of the most significant mobile device challenges both for consumers and for enterprises. Although mobile-commerce is growing rapidly (to $25b in the US alone), 60% all retail transactions that get to the checkout stage are abandoned with security as one of the main causes, according to recent data.

As corporate data on the device co-mingles with user data on a personal device, it becomes challenging for enterprises to impose restrictions on the use of devices. About 40% of adults do not protect their smartphones with a passcode, with married adults that number goes up to 45%.
In order to address security challenges, IT should be able to define and enforce policies that meet security and privacy standards to protect intellectual property, other corporate assets and optionally, personal employee data.

There are three things to consider while implementing security in the new mobile age:

  1. Implement a strong identity management system that allows one to manage users and ensure that they are able to access information based on the principle of least privilege to carry out the necessary tasks.
  2. Implement an access management solution to secure data based on who is accessing it and the risk profile of that specific transaction.
  3. Implement a mobile security solution that will help secure data on the device and ensure corporate security policies are enforced on the device from which assets are being accessed.

In essence, organizations need to ensure that application data is secured based on the user accessing it and the device and location from which it is being secured. Securing the device and the user identity, in isolation, is not sufficient.

Interested in following security blog more closely, check out the Oracle Identity Management blog here

Wednesday Apr 09, 2014

Standards Corner: Basic Auth MUST Die!

Basic Authentication (part of RFC2617) was developed along with HTTP1.1 (RFC2616) when the web was relatively new. This specification envisioned that user-agents (browsers) would ask users for their user-id and password and then pass the encoded information to the web server via the HTTP Authorization header. This form of authentication is still being requested today. Why?[Read More]

Wednesday Feb 19, 2014

Management of Oracle Database Authorization with Oracle Identity Manager

Oracle Identity Manager projects usually starts with management of user identity life-cycle from trusted resource to target systems. After completed user's identity management in first step second step is entitlement management of user's. For example role management of user's on Oracle Databases or Windows Servers or any custom applications.

I want to share my experience about management of Oracle Database authorization through Oracle Identity Manager in a project on this post.

We used three component for management of Oracle Database Authorization. These are Oracle Database Enterprise User Security(EUS), Oracle Unified Directory(OUD) and Oracle Identity Manager(OIM).  

Enterprise User Security enables you to centrally manage database users across the enterprise. This is a component of Oracle Database.

Oracle Unified Directory is a comprehensive next generation directory service that is designed to address large deployments, to provide high performance, to be highly extensive and to be easy to deploy, manage, and monitor. Oracle Unified Directory is used to role management integrated with Enterprise User Security.Integrating Oracle Unified Directory with Oracle's Enterprise User Security (EUS) enables you to store user identities in Oracle Unified Directory for Oracle Database authentication.

Oracle Identity Manager is used to management of Oracle Unified Directory user's life-cycle with right value and user's group.All of this process stars from Oracle Identity Manager and then insert user to OUD group or delete user from OUD group.So user will have rights via Oracle Unified Directory and Enterprise User Security.


Following steps explain integration of these three tools.

1- Enabling Oracle Unified Directory for Enterprise User Security by using Oracle Directory Services Manager(ODSM).

  • Connect to the directory server from ODSM.
  • Select the Home tab.
  • Under the Configuration menu, select Create Base DN.
  • On the Configuration Wizard, enter the details of the new suffix.
  • Select the EUS Enabled check box.
  • Click Create to add the new, EUS-enabled suffix.

2- After OUD has been enabled for EUS, you must update the realm information in the OUD configuration by performing the following steps:

  • Locate the LDIF template file at install_dir/config/EUS/modifyRealm.ldif.
  • Edit the modifyRealm.ldif file as follows:

-Replace dc=example,dc=com with the correct naming context for your server instance.

-Replace ou=people and ou=groups with the correct location of the user and group entries in your DIT.

  • Use the ldapmodify command to update the configuration with the edited LDIF template file, for example:

- $ ldapmodify -h localhost -p 4444 -D "cn=directory manager" -j pwd-file -v -f modifyRealm.ldif

3- Complete below configuration on Oracle Database

  • Configure your database for directory usage by using NetCA.
  • Register the database with the directory by using DBCA.
  • Creating a shared schema in the database.
  • Mapping enterprise users to the shared schema.

4-Install Oracle Internet Directory Connector to Oracle Identity Manager because of user provisioning to Oracle Unified Directory and manage groups so roles.

When complete all of above steps.First Enterprise User Security enabled on DB,then create DB roles -enterprise role- and map this roles to the Oracle Unified Directory global roles.And last manage user's Oracle database authorization with Oracle Identity Manager through Oracle Unified Directory.

P.S.: if you want to manage Oracle Database 9i you have to use Oracle Internet Directory instead of Oracle Unified Directory.

About me:

Mustafa Kaya is a Senior Consultant in Oracle Fusion Middleware Team, living in Istanbul. Before coming to Oracle, he worked in teams developing web applications and backend services at a telco company. He is a Java technology enthusiast, software engineer and addicted to learn new technologies,develop new ideas.

Follow Mustafa on Twitter,Connect on LinkedIn, and visit his site for Oracle Fusion Middleware related tips.

Wednesday Jan 22, 2014

The Application Security Manifesto – The Great App Re-Architecture

Author: Greg Jensen, Senior Principal Product Director

In our previous post in this series, we touched on the “State” of our current Applications and how we have traditionally incorporated security models into these applications in the past. We also touched on how the next generation of application requirements are evolving to incorporate a number of ground-breaking changes in how we leverage security within the application, and how we use the applications themselves.

The Great Application Re-Architecture

It has always been the great give and take in IT.  The lower IT product owner wants the most capable product, regardless of what the rest of the business is using, forgoing the possibility of cross pollination benefits. It’s about being able to do their job as well as one can.  The other side is, the executive who wants an integrated approach where multiple products from one vendor are designed with integration in mind, to cross pollinate data and information across teams. Individual product capabilities may not be as strong but the greater benefits of a single vendor approach sit better with executive teams.  This has been the struggle companies have been dealing with for decades and only recently is there a light at the end of the tunnel with the advent of an open framework based on an open standards approach for sharing information between “best of breed” products and vendors.  This allows the individual IT product owners to get the best of breed product they want, while the executive teams who look for cross-pollination and integration, reap the benefits of a standards-based method of integrating across the stack. 

So what is this gain?  This has allowed us to now look at a new methodology for the application and development of our Applications and the services that support it.  When we are able to de-bundle and share services such as security, rather than building security into every application, the benefit is obvious and immediate.  It means applications can be brought up in near real time, with a simple hook into the security module, using a standards based (Service Oriented Architecture - SOA) connection, to pull Identity profiles and policies into new applications.  This means one can now repeat this process again and again with new applications and services, without creating new security profiles and infrastructure. It’s all about repeatability, re-usability and the added benefit of centralizing all of your auditable data in one location for compliance-based reports.

The Five Transformational Principals

There are always drivers of transformation, and for applications, it can be summed up in five principals that are currently driving the transformation we are discussing: Fine-grained Entitlements, Identity Platform Services, Social Integration, Complete Access & Mobile/Cloud.

External Authorization & Fine Grained Entitlements

Today, access just isn’t about the managing passwords and user ID’s inside the enterprise anymore. We have to move beyond the old model of granting access privileges to specific repositories of information and for each application separately with the expectation that the role of the user never changes.  The reality is…it does.  Take the example of a group of users for a large investment bank.  You would like to treat your junior traders with more limited privileges that are based around restricting trading limits and times in which they can initiate trades.  However, as your junior traders grow in their careers within the organization, it is important that their access grows with them.  This means their access needs to change over time, rather than just being layered and added upon to ensure “over provisioning” does not occur over the course of an employee’s career.  At the same time, you’re most senior fund managers need to be given the authorization to perform larger transactions, day or night, without any daily limits, from any Geography, and from any device inside or outside the bank network. This is the kind of “context based” Identity Management that truly unlocks the potential of enforcing just what each employee role is capable of doing.

Identity Platform Services

Organizations are putting a major emphasis on cost reduction efforts, and there are many areas this is being accomplished throughout the enterprise. Common data repositories, common reporting systems, common event collection systems, common security information management tools and the next step is utilizing common security frameworks for externalizing the security from applications and platforms.  This has the added benefits of cost savings from a licensing standpoint, ramp up time on projects, training and overhead, and ability to re-use.  There are also secondary savings in reduced exposure to audits by centralizing all of the regulatory and compliance event data in one single location, one report, and one auditable database. 

Social Integration

Criminals understand well that one of today’s fastest trends is the use of “social sign-on” or the use of Facebook credentials for authenticating and logging into other applications and services.  We can create new accounts on a web site, or log in using our Facebook credentials.  This is all in the name of making things more convenient. A form of “single sign-on” for the masses, called “social sign-on”.  How often do we read about social credentials being stolen, compromised and being taken advantage of, so why are we putting so much faith in them without extra precautions?  Imagine what one can do with these social credentials if one used them across a variety of services and offerings for authentication?  This is why there needs to be an additional effort in securing these social credentials, by absorbing them within a broader Identity that is provisioned to you, that is more secure.

Complete Access

This takes us to how we can expand all of our digital identities, user identities, passwords and more into a single set of credentials that one has to remember and authenticate.  Now to the average person, this sounds like a risk.  In the world of Single Sign-on, we are more likely to change our master password every 30 days, than we are the 30-40 passwords that it manages underneath.  Criminals understand that many users are likely using the same Gmail password today, that they did 1 year ago.  Many also understand that many of these users also repurpose personal passwords into their work environment.  So the idea being…if you can compromise their Flowers.com account, you can compromise their HR account at work, or their financial records database.  This is simply because the human mind is unable to remember too many complex passwords, and if they are changed every 30 days, then we struggle even more often.  Enter the world of Complete Access and offerings such as Single-Sign on.  This allows one to set up a master user ID, and password, which you are required to reset the password on a frequent basis. For extra protection, companies may ask you to provide multi-factor authentication, such as 1) What you have (smartcard, key or biometrics) 2) What you know (pin #, passphrase).  Once this Authentication takes place, the SSO client quickly unlocks access to a small database of all of your User ID and passwords for each of your applications and services.  Now the idea here being, now each individual application and service you set up can now be a strongly cryptic password, and not a variation of the same password. Now you can set time limits of 30 days and expire your passwords.  Now you can set up a provisioning process for your enterprise applications so that you provision only one User ID and password, and never share any of the unique User ID and passwords for the individual apps underneath it.  This allows you to more easily de-provision applications and services at will.   This doesn’t stop at just the desktop; this is what extends to mobile platforms now as well. So regardless if you are on a Windows, Mac, Android or iOS device, your Complete Access follows you.

Mobile & Cloud Security

With the mobile platform, enters a whole new category of applications underpinned by what we call the “Cloud”, and this brings into question how we address the security implications of both of these platforms. Five years ago, a 5,000 employee organization was struggling with how to manage the provisioning model for 5-7,000 user IDs for their employees.  Today, that same company is dealing with 5 to 10 identities per device, per user.  With each employee leveraging 2 to 3 devices, this could be as many as 200,000 identities in itself.   Now businesses are facing the bigger dilemma with the cloud.  How do we create, provision and manage credentials for all of our partners and customers who do business with us over the Internet?   In a consumer oriented business, this could be millions of identities. What is needed is an architecture that can scale as the business needs transform to include new technologies, new services, and new avenues of sales and distribution.

Maturity of the Optimized Application

As with everything in technology, we are seeing maturity and capability grow in leaps and bounds in the areas of our Application Optimization.  We have moved from the days of our first applications where our security focus was limited due to its complexity and high cost, as well as limits in regulatory reporting, to models where we started to consolidate our applications. Here, we started to see some degree of centralized security controls, but they were very limited in nature.  Today, we are in a phase of what we call the “Optimized Platform��, where the main driver is Data Governance for Risk & Compliance.  This is not where our maturity for applications will end.  The future is a bright one, and we will see Optimized Processes where the drivers are automated auditing and compliance reporting, in the not too distant future.  It doesn’t stop there.  This maturity and capability has to take us to the point where we are including Self-Healing and Automation where some of the main security drivers are automated fraud management and automated IT & User provisioning.  The key to this maturity is having an infrastructure in place today that is capable of growing with you, as the capability grows.

In Summary – The Platform Transformation

We have discussed where we are with our state of applications today.  We have shared where we need to be and the transformation principals that will drive this Great Application Re-Architecture.  All of this is supported by a platform transformation here at Oracle that we call Oracle AppAdvantage.

Oracle AppAdvantage for Security, is simply when we de-bundle from the application, and make it part of the platform, a sharable component that all applications can leverage.  When you build a car, the car battery isn’t used for just the engine to start with.  It’s used to power the radio. It’s used to power the lights, the horn, the seat warmers, and the fan. Everything.  It’s a shared component within the car.  It’s a platform approach to building an automobile, and we are now doing the same for security. 

About

Get the latest on all things Middleware. Join Oracle's Middleware Community today.

Find Us on facebook Follow us on twitter Catch Us on YouTube 

Search

Categories
Archives
« August 2015
SunMonTueWedThuFriSat
      
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
     
Today