Monday Aug 31, 2015

New Features : Oracle Mobile Security Suite Integration in Oracle MAF 2.1.3

Originally posted by Kundan Vyas-Oracle

Introduction 

MAF 2.1.3 provides a tighter integration with Oracle Mobile Security Suite (OMSS) 11.1.2.3.1.This integration offers capabilities like, Android Containerization, Data Leak Protection, Data Encryption, Application Tunneling, Container Authentication and Single Sign-On. Features like Containerization, Data Leak Protection and Data Encryption are already supported on iOS from previous MAF releases.

New Features

1. Support for Android Containerization

Mobile app containerization allows customers to add a standardized security layer to native mobile apps. 

The containerization process is simple, and developers do not need to change a line of code. MAF developers just need to deploy the application to OMSS, in JDeveloper or Eclipse. During the deployment, the app is first compiled and an unsigned version of the app is generated that is intended to be signed with an enterprise distribution certificate for distribution within the company. After deployment, a wrapped APK file is generated which is signed with the signing certificates which are configured in the MAF JDeveloper / Eclipse Preferences, in the Android platform section.


Enable OMSS deployment in JDeveloper 

Enable OMSS deployment in Eclipse 


2. Data Leak Protection on Android

Once a MAF app is containerized with OMSS, IT administrators can apply various data leak protection policies and restrict how and if users can share data within the app

  • Email allowed can restrict the ability to send email from an app.

  • Instant Message allowed can restrict the ability to send Instant Message from an app.

  • Video chat allowed restricts the ability to share information via services such as FaceTime.

  • Social Share allowed restricts the ability to share information via services such as Facebook or Twitter.

  • Print allowed restricts the ability of the user to print.

  • Restrict file sharing restricts the ability of the user to share files outside the secure enterprise workspace.

  • Restrict copy/paste allows copy/paste inside the secure container, containerized apps or between containerized apps, but not to apps outside the secure enterprise workspace.

  • Redirects to container allowed prevents any app outside the Mobile Security Container workspace from redirecting a URL into the container.

  • Save to media gallery allowed prevents images, videos and audio files from being saved to media gallery and photo stores.

  • Save to local contacts allowed prevents contacts inside secure enterprise workspace apps from being saved down to native device contacts app.

  • Redirects from container allowed prevents any vApp from the Mobile Security Container workspace or containerized app from redirecting a URL outside the Mobile Security Container workspace or containerized app.

3. Data Encryption on Android

OMSS Containerization provides the ability to encrypt the data stored offline within MAF android applications. Starting with 2.1.3 this functionality is available for MAF applications as well. Encrypted data storage includes application data, including files, databases, application cache, and user preferences. Developers can use MAF encryption with OMSS containerization without having to worry about double encryption. Within a containerized application, MAF frameworks delegates encryption to the container this ensures that there are no code changes needed based on whether an app is Containerized or not. 

4. Application Tunneling

MAF 2.1.3 release provides support for application tunneling through Oracle Mobile Security Suite on both Android & iOS. Application tunneling provides a secure way to access the corporate resources behind the firewall, within a mobile client, without the need of device level VPN. Tunneling functionality allows administrators to intercept, and manage, all the requests coming from a specific MAF application. Administrators can configure the requests coming from a specific URL to go through a proxy on MSAS server. They can also either completely block the requests, or redirect the requests directly to the internet.You can find more details on how to configure application tunneling in the Web Settings section of Administrative Console Guide for Oracle Mobile Security Suite.

5. Container Authentication & Single Sign-On

When Web SSO authentication type is used in MAF apps with Oracle Access Manager and Oracle WebGate used in the back-end for authentication, the end user is not challenged for credentials in the application after Container authentication. The user identity from the Container is propagated to the App and the back-end services. SSO across multiple apps in the Container is also supported, i.e. user can login once to the Container and access all the apps in the Container with out additional authentication challenges. 

Demo

Here is a quick demo which shows all three features (Android Containerization, Data Leak Protection, and File Encryption) 

Monday Aug 03, 2015

Oracle Integrates Mobile Security into Identity and Access Management Platform

Crossposting from Greg Jensen's original post here

Oracle released a Press Release announcing the availability of Identity Management 11gR2 PS3 (Patchset 3). This update to the IDM 11gR2 solution brings forth some groundbreaking new capabilities for our customers to enable organizations to realize success in the areas of new digital business and unifying identities across applications. This greatly simplifies the on-boarding of new users, applications and services such as mobile and cloud.  

Some of the new aspects of the PS3 update include a new "Business Friendly" user interface which provides a single console view of your provisioning, approval workflows, entitlement management, and more.

The update also introduces new capabilities around mobile security with the expansion of Oracle's Mobile Security offering to include Enterprise Mobility Management. This is achieved through the inclusion of Mobile Device Management capabilities as well as a consolidated policy management framework for simplified provisioning of devices, applications and access.

New materials that have been created to help you evaluate this new update include:

Stay tuned to the Oracle Identity Management product page for the latest information on how Oracle is able to solve today's business challenges, and stay on top of the latest information with Oracle's Twitter and Facebook pages.

Follow @OracleMobile 

Thursday Apr 30, 2015

PaaS Use Cases: Cloud Documents Sharing and Collaboration

In my post yesterday, I had announced the availability of the April Edition of Oracle Fusion Middleware Newsletter. The newsletter was all about how PaaS services are enabling a digital transformation in the workplace. Enterprises are now not just about their employees but the all encompassing ecosystem of employees, partners, suppliers and even customers. Geography and time zones no longer define the workplace. The workforce needs anytime, anywhere access to work content, available off any device. The same content needs to be shared and collaborated on by people both within the organization and outside. In this world, cloud content sharing and collaboration is not a nice to have but a must have. Oracle Documents Cloud Service (DOCS) is an enterprise-grade cloud content sharing and collaboration solution that allows you to store, share and access content from anywhere off Web, desktop and mobile devices securely and with access trails. But more than that,  Oracle DOCS ties the content available to you to context - to the enterprise content, business processes and applications that you rely on to get your work done.

To offer a 360-degree perspective on why Oracle is investing its R&D efforts in cloud sharing and collaboration, be sure to tune into our live executive webcast on Wednesday, May 13 at 10 am PT/1 pm ET where we would have not only our senior Product Management executives but also Oracle CIO, Mark Sunday, VP of Content and Digital Media Technologies at IDC, Melissa Webster, EVP of TekStream Solutions, our customer as well as Oracle VP of Marketing Cloud, Alex Hooshmand discussing the role of enterprise cloud content sharing and collaboration. Save the date and register today for this webcast.

In the meantime, take a look at some of the common use cases we find where enterprise-grade Documents Cloud Service adds value to Lines of Businesses and IT. Here is the feature from our recent April edition of the newsletter featuring our upcoming webcast's host, Scott Howley, Vice President, Product Management at Oracle.

Cloud Computing Use Cases: Oracle Documents Cloud Service

Cloud computing—software as a service, platform as a service, and infrastructure as a service—is an undisputed game-changer in the corporate world. But with so many different cloud options, it can be complicated to align them with possible real-life scenarios. Here’s where use cases come in handy. In this series of articles, the Oracle Fusion Middleware Newsletter will illustrate how various aspects of cloud computing work within a business setting. For this issue, we’re looking at Oracle Documents Cloud Service.

“One of the reasons that cloud-based file-sharing services are so popular is that they address a universal challenge. Every employee, regardless of their role, needs a secure way to share files for work collaboration,” says Oracle Vice President of Oracle Fusion Middleware Product Management Scott Howley. “In addition, today’s digital workplace requires a 24/7 access to work content from anywhere on any device.”

Use Case 1: Coordinating with Business Partners
Today, internal business functions work with a variety of outside partners—think, for example, of a project in which marketing collaborates with an outside agency on deliverables. “You need to be able to collaborate and share files in real time, but without jeopardizing confidential information such as a press release that could impact stock prices,” says Howley. With Oracle Documents Cloud Service, you have the convenience of collaborative access without the risk associated with consumer products. Enterprise encryption, auditing, tracking, permission controls, and automatic backups keep your information safe.

Use Case 2: Fostering Sales Collaboration
Sales teams often work under deadline, such as when creating a detailed customer request for proposal, a process that involves quickly changing versions that must be instantly shared with both internal and external parties. Additionally, the final output likely needs to be tied back to an opportunity ID in the organization’s CRM system. With Oracle Documents Cloud Service, automatic versioning and syncing ensures version integrity, and its ability to integrate with other Oracle Cloud services such as Oracle Sales Cloud means CRM opportunities won’t get lost.

Use Case 3: Support for Mobile Field Workers
Companies must ensure that mobile or field-site workers can easily and safely access documents—even those with sensitive company information—via a wide variety of devices, from smart phones to tablets and laptops. Oracle Documents Cloud Service provides that flexibility with native support for iPhones, iPads, and Android mobile devices, along with desktop sync for both Mac and Windows computers. Moreover, the ability to embed a user interface in applications, portals, or sites ensures that content can have limitless expressions as work dictates.

“As these use cases show, smart organizations want more than just a standalone file sync and share solution,” says Howley. “They want enterprise-grade security, control, and integration for cloud content sharing.”

To learn more about Oracle Documents Cloud Service, register today for the Oracle Documents Cloud Service executive webcast featuring Oracle CIO Mark Sunday and visit cloud.oracle.com/documents for more information.


Wednesday Apr 29, 2015

On PaaS, Mobile Security, Cloud Content Sharing: April Newsletter is Out

The April edition of the Fusion Middleware newsletter is now out. This edition is all about Digital Transformation. Find out how Platform as a Service (PaaS) is driving the digital revolution and get access to the latest IDC report on the PaaS market, business drivers, benefits and more. As personal and work boundaries blur in the digital age, organizations are getting increasingly concerned about security. The challenges is more acute with trends like Bring Your Own Devices (BYOD)and even Bring Your Own Applications (BYOA). How do you open your company without incurring the security risks? Find out how Mobile Security can help protect your IP, your brand reputation while still enabling a digital trend. And, we continue our ongoing series of Cloud Computing use cases. In this edition, we take a closer look at cloud content sharing and collaboration. Oracle Documents Cloud Service (OracleDOCS)  is an enterprise grade solution that not only offers the intuitive features of cloud file sync and share but to support the various use cases drives a PaaS for SaaS solution allowing you to unlock your company potential. be sure to give it a read to understand how enterprises today are leveraging OracleDOCS.

The newsletter comes complete with news, recent press announcements, information about upcoming events both regional and online, latest market and product materials, and more so don't miss it. And we recommend you subscribe to the newsletter today.


Sunday Mar 01, 2015

New! Establishing a Mobile Security Architecture

Excerpts from a recent publishing.

Beyond Brute Force: 3 User-Friendly Strategies for BYOD Security*

In 1825 a painter named Samuel Morse was visiting New York City to fulfill a portrait commission and received word that his wife—at home in Washington, D.C.—had fallen gravely ill. The following day, another messenger brought heartbreaking news: Morse’s wife had died from her illness. Morse rushed home as fast as nineteenth-century transit could carry him but arrived to find his wife already in her grave. This devastating series of events led Morse to dedicate the remainder of his life to finding a means of rapid communication over long distances—eventually leading to the creation of the single-line telegraph and Morse code.

In 2014 Morse’s tragic episode underscores some of the forces mobile workers are still facing today. We are working longer hours than previous generations, many of us at greater distances from those we love. Our smartphones bring us closer (expanding Morse’s vision) with the people we care about, being no more than a voice call, e-mail, text message, or Facebook wall post away. As a result, personal and work communications are intersecting, with 89 percent of employees today using personal mobile devices at work or using their work devices for personal applications.

The phenomenon of Bring Your Own Device (BYOD) to work gives employees a kind of comfort Morse never knew, but it makes CIOs and CSOs uneasy, sparking concerns about protecting corporate data and preventing unauthorized access to internal systems. These fears are not unfounded: recent statistics show that cell phone theft has created a $US30 billion black-market economy. In San Francisco alone, 50 percent of all robberies are cell phone thefts. It is not a matter of if but when a personal device with your corporate data will fall into the wrong hands.

Download and read the rest here.

Monday Nov 17, 2014

Mobile Security - A Fine Balance Between Usability & Security

Mobile is a new channel that any IT team needs to consider carefully.  Enterprise IT teams are familiar with securing access from the Web browser from desktops and laptops within the firewall, and remotely via VPN.  But access from mobile devices is relatively new. Especially when its from mobile apps, not just a web browser. An app that in theory is a trusted app. And the smartphones are no longer an IT provisioned mobile device (e.g. the standard Blackberry).  Like it or not, it's a bring your own device (BYOD) world.

You could try to install something that locks down the entire device. And if the device is ever lost or stolen, remotely wipe the device and everything in it. A bit heavy handed perhaps? I for one, have a ton of family pictures and personal information stored on my BYOD smartphone, and I suspect you do too. It makes me a bit uneasy to know that if I misplace my phone, all that information would be lost! (Guilty: I don't backup as often as I should)

So there's the rub, right? If you come down with a heavy handed approach to security, end users may look for ways to work around it, or not use it at all. Somewhat self defeating.  What if instead, security was provided at a more granular level? Separating personal v. work apps so that only work apps are controlled and secured? Lost phone?  Wipe the specific secured apps. Later find phone under the cushions of your couch? Ok, at least those pictures of Jr. are still there. :)

Sound too good to be true? Not so. Check out this recent blog post Oracle Mobile Security Suite in action on the exact scenario I just described.  

Want to see how Oracle's customers are going mobile? Don't miss the Northumbrian webcast this week on Nov 18th!

Monday Oct 20, 2014

Lost and Stolen Mobile Devices?

Lost and Stolen Mobile Devices - A Disaster Waiting to Happen?



The 'Oracle Mobile. Simply Connected.' global study found that people aged between 16 and 24 are more likely to find a way to access work data and applications on their mobile device–with or without their employers’ consent. Yet they are also the most likely to lose their mobile devices, or worse, have them stolen. To learn more, click here

Get real time information on Oracle Mobile by following us on Twitter @OracleMobile or subscribing to the Oracle Mobile blog

Monday Oct 06, 2014

Mobile Highlights from OOW14


Another successful Oracle OpenWorld! We saw drones cruising over Howard St. as well as the America’s Cup trophy and championship sailboat, plus the concert Wednesday night had some great weather. We dialed in the weather. Tthere’s an app for that,  I think it’s called Oracle ExaWeather Control Center  and it's built on Oracle MAF ;-)   There were a myriad of mobile sessions and hands-on-labs as mobile at Oracle continues into into high gear.  Some highlights included:


Oracle Alta User Interface

Used by Oracle’s cloud applications, cloud services and available for customer-developed applications, new UI design principles deliver elegant user interfaces and experiences for web and mobile applications. Quote from the audience: "We were thinking of starting to rewrite our front end in AngularJS, but this new Alta skin looks awesome!”


Oracle Mobile Cloud Service (MCS)- Simplify enterprise connectivity, any app, any data, any data - secure. The demos were great and the hands on labs were packed. Mobile + Cloud = Rethink Mobile


Preview of Oracle Mobile Application Accelerator (MAX) - a cloud-based offering that brings mobile application development capabilities to professionals with no previous software development experience. With Mobile Application Accelerator, program managers, power users, and business professionals can develop mobile applications quickly and visually through their web browser.

Voila! Enhanced Oracle Mobile Application Framework + Oracle Mobile Security Suite. To simplify secure mobile application development, Oracle is deepening the integration between Oracle Mobile Application Framework and Oracle Mobile Security Suite as part of the mobile application lifecycle management process. This integrated approach makes it easier for developers to create a seamless user experience, without compromising security.

Are you developing with Eclipse?  These two were announced prior to OpenWorld, and worth repeating - a new version of Oracle Mobile Application Framework development is now available on the latest update of Oracle Enterprise Pack for Eclipse!

And as with the continued adoption and use of Oracle Mobile Application Framework throughout Oracle and its customers, there are 14 New mobile apps for Oracle E-Business Suite!

Need to go hands on with mobile?  Mobile Application Framework Challenge - The Oracle Mobile Application Challenge invites developers to demonstrate how the Oracle Mobile Application Framework can be used to create and/or extend an enterprise application through mobile technology and then deploy that application to a handheld device. 


If you weren’t able to make some of these great sessions, don’t worry.  Oracle Technology Network is sponsoring a Virtual Technology Summit covering mobile topics and more. 

Phew! More mobile? Go to Oracle.com/mobile and then follow us on Twitter @OracleMobile

Friday Sep 26, 2014

Thomas Kurian to Unveil The Cloud Platform for Digital Business

Author: Juliana Button, Director, Oracle Fusion Middleware

Want to know the inside scoop on Oracle’s middleware strategy? Don’t miss this great session with Thomas Kurian, Executive Vice President, Product Development, his key Product Management leads, and special guest, Steve Holland, Chief Technology and Digital Officer, 7-Eleven, as they walk you through this jam-packed session where Thomas will unveil Oracle Fusion Middleware as The Cloud Platform for Digital Business. You will hear the Oracle Fusion Middleware Strategy and see the new Middleware Cloud Services in action.

GEN8589: Oracle Fusion Middleware - The Cloud Platform for Digital Business
Monday, September 29, 1:15 p.m. -2:00 p.m.
Marriott Marquis, Salon 7/8/9

Steve Holland, Chief Technology and Digital Officer, 7-Eleven, will join Thomas on stage to discuss the “Digital Guest Experience” they have implemented on Oracle’s Platform-as-a-Service.

Come and hear about the Oracle Mobile Platform strategy and learn how Oracle Mobile Application Framework (MAF) supports rapid development across multiple devices; Mobile Security Suite provides mobile security for BYOD and COPE, shared devices, bringing together identity and access management; and Mobile Cloud Service simplifies access to enterprise mobile services in the cloud.

You will get a sneak preview of the Mobile Application Framework and Mobile Cloud Service as Suhas Uliyar, Vice President Product Management, demonstrates building a mobile demo that runs across multiple devices, and containerizes the mobile app using Mobile Security Suite.

Oracle’s Identity and Access Management Strategy provides a unified solution for managing, authenticating, and auditing user access across enterprise, cloud, and mobile applications; Encrypts mobile application data and protects mobile APIs for apps running on both personal and corporate-owned devices. 

Thomas will explain how you can simplify integration of on-premise systems with bespoke and packaged cloud applications through the new Integration Cloud Service (iPaaS) and support multi-channel delivery of applications and services across Mobile, Web, B2B, and Cloud through new API Management functionality, and REST, JSON and SaaS Adapters.

Vikas Anand, Senior Director, Product Management will show you how easy it is to connect E-Business Suite to Oracle Service Cloud using the new Integration Cloud Service.

Oracle’s comprehensive BPM Platform delivers business driven process design, mobile applications, and advanced analytics. The new Process Cloud Service supports process innovation and optimization through process monitoring and analytics, process automation capabilities including workflow, events and rules and mobile forms and workspace.

Oracle delivers a unified Data Integration platform across all enterprise systems to provide high-speed data movement across relational databases, operational systems, warehouses, and Hadoop clusters. You can integrate Data Quality with business applications to ensure clean data in operational systems and provide data governance and comprehensive metadata management for trusted business data. Oracle announces Oracle Enterprise Metadata Management that covers the full breadth of metadata management and data governance needs in an organization - data lifecycle management, harvest and integrate 3rd party metadata, data governance, stewardship and standardization.

Oracle’s Content and Collaboration strategy enables collaboration in the context of business applications and integrates content management, collaboration, and process management into an agility platform for departments. The Documents Cloud Service (available under Controlled Availability) provides document sharing securely across devices and with others using secure workspaces. Oracle Social Network provides an enterprise social platform to facilitate collaboration within and across organizations.

You can check out Oracle Social Network and the new Documents Cloud Service in the demonstration by Gangadhar Konduri, Vice President Product Management. You will also see how easy it is to go online and buy a subscription to Documents Cloud Service.

Thomas will highlight Oracle’s highly differentiated public and private cloud IaaS and PaaS - a complete, integrated, best-in-class and standards-based platform-as-a-service to lower integration costs, provide self-service capabilities to drive productivity and uniquely deliver seamless workload portability between on-premise and cloud using standard DevOps and management tools.

Mike Lehmann, Vice President, Product Management, will show us how easy it is to deploy a standard Java application to the Java Cloud Service from JDeveloper and then discuss how easy it is to move this application from the Oracle Public Cloud into an on-premise private cloud.

If you want the lowdown on Oracle’s Middleware Strategy, this is one session not to be missed!


Friday Jun 20, 2014

Oracle AppAdvantage: A Tale Of Mobile Phones and Toothbrushes

The word “Digital” is all the rage. But like most things in the world, the term means different things to different people. To customer facing enterprises, it means enabling customer interactions across multiple channels – online, mobile, social, et al. To others, it may mean leveraging technology to bring efficiency into a workplace – leveraging cloud, introducing BYOD for employees, building self-service portal, among other examples. Fore a few among us it means a painful reality that the world is changing and we must too!

To me, “Digital” means “Evolution”. I think it means having a modern, time-relevant perspective to meeting customers’ needs and solving business challenges. In my view, “Digital” is a call to action to leverage the latest technology or a combination of it to improving your bottom line – reducing time and cost overheads while building (and exploiting) new opportunities. Technology is no longer about automating IT tasks and processes, it is about delivering tangible value to the business ecosystem – its customers, partners, vendors and suppliers, and employees.

A small business can, for example, leverage social media marketing to do some effective but low-or even no-cost marketing. A manufacturing company can integrate their knowledge base with front end applications to enable self-support and troubleshooting, or perhaps build a collaboration forum for support solutions by peer customers. A high tech company can eliminate IT overhead by moving to cloud and perhaps use information security technology to secure end to end access. A credit card company can enable intuitive self service portal to enable customers and offer mobile alerts. “Digital” means taking advantage of the opportunity afforded by available technology.

And that’s what Oracle AppAdvantage is all about: leverage your existing investments in your business applications while allowing you to extend your capabilities, adopt new technology trends and enhance the value you provide to your ecosystem in a pace layered architecture.

And do you know why that matters in today’s world? Because we are living in a world where more people own a mobile phone than a toothbrush. (Source: Mobile Marketing of Asia and corroborated since)

Wednesday Jun 18, 2014

Standards Corner: IETF Revisits HTTP/1.1

HTTP has been one of the most successful IETF specifications aside from the Internet itself. When it was created in 1999, the authors of HTTP had no idea how big and how widely used it would be.  For many years the focus was on the evolving world-wide-web and HTML. The web itself went through many transformations with the introduction of Ajax and then HTML5 by the W3C.  Meanwhile, non-browser use of HTTP has been steadily growing especially with the exploding popularity of smart devices, the Internet of Things, and in particular RESTful APIs.

Last week, the IETF officially did away with RFC2616, the main specification document that defined HTTP/1.1. RFC2616 has been broken up into 6 specifications, RFC7230 through 7235.


[Read More]

Friday May 30, 2014

Standards Corner: Preventing Pervasive Monitoring

On Wednesday night, I watched NBC’s interview of Edward Snowden. The past year has been tumultuous one in the IT security industry. There has been some amazing revelations about the activities of governments around the world; and, we have had several instances of major security bugs in key security libraries: Apple's ‘gotofail’ bug  the OpenSSL Heartbleed bug, not to mention Java’s zero day bug, and others. Snowden’s information showed the IT industry has been underestimating the need for security, and highlighted a general trend of lax use of TLS and poorly implemented security on the Internet. This did not go unnoticed in the standards community and in particular the IETF.[Read More]

Monday May 05, 2014

Identity Enabling Mobile Security

Authored by Suresh Sridharan, Business Manager, Security

Smart Connected Device Growth: The growth of smartphones and tablet devices has been phenomenal over the past 4 years. Global smartphone shipments have grown extensively from approximately 100m units in 2010 to 725m units in 2012, reaching 1b devices in January 2014. Simultaneously, tablet shipments have grown from 5m units in 2010 to approximately 125m units in 2012. Tablet numbers are likely to touch 400m units by 2017.

This explosion in the shipment of smart connected devices has also led to a significant change in users’ behavior and expectations.

In a corporate environment, the phenomenon of Bring Your Own Device (BYOD) is gaining momentum. Gartner predicts that 38% of all organizations will have an “all BYOD” policy by 2016, up from 6% today (2014). If the same device is being used for both personal and work purposes, users will expect the same experience across corporate and personal apps. Further, employees regularly use similar apps for both business and personal purposes examples include: WhatsApp, Skype and Facebook..

Mobile devices present benefits both for organizations and for individuals. Surveys show that a BYOD policy helps employee gain an extra 37 minutes of productive time every week. To increase sales productivity, some of our customers are mobile-enabling sales teams to ensure that they have access to the latest information when they meet with customers.

Security is one of the most significant mobile device challenges both for consumers and for enterprises. Although mobile-commerce is growing rapidly (to $25b in the US alone), 60% all retail transactions that get to the checkout stage are abandoned with security as one of the main causes, according to recent data.

As corporate data on the device co-mingles with user data on a personal device, it becomes challenging for enterprises to impose restrictions on the use of devices. About 40% of adults do not protect their smartphones with a passcode, with married adults that number goes up to 45%.
In order to address security challenges, IT should be able to define and enforce policies that meet security and privacy standards to protect intellectual property, other corporate assets and optionally, personal employee data.

There are three things to consider while implementing security in the new mobile age:

  1. Implement a strong identity management system that allows one to manage users and ensure that they are able to access information based on the principle of least privilege to carry out the necessary tasks.
  2. Implement an access management solution to secure data based on who is accessing it and the risk profile of that specific transaction.
  3. Implement a mobile security solution that will help secure data on the device and ensure corporate security policies are enforced on the device from which assets are being accessed.

In essence, organizations need to ensure that application data is secured based on the user accessing it and the device and location from which it is being secured. Securing the device and the user identity, in isolation, is not sufficient.

Interested in following security blog more closely, check out the Oracle Identity Management blog here

Wednesday Apr 09, 2014

Standards Corner: Basic Auth MUST Die!

Basic Authentication (part of RFC2617) was developed along with HTTP1.1 (RFC2616) when the web was relatively new. This specification envisioned that user-agents (browsers) would ask users for their user-id and password and then pass the encoded information to the web server via the HTTP Authorization header. This form of authentication is still being requested today. Why?[Read More]

Wednesday Feb 19, 2014

Management of Oracle Database Authorization with Oracle Identity Manager

Oracle Identity Manager projects usually starts with management of user identity life-cycle from trusted resource to target systems. After completed user's identity management in first step second step is entitlement management of user's. For example role management of user's on Oracle Databases or Windows Servers or any custom applications.

I want to share my experience about management of Oracle Database authorization through Oracle Identity Manager in a project on this post.

We used three component for management of Oracle Database Authorization. These are Oracle Database Enterprise User Security(EUS), Oracle Unified Directory(OUD) and Oracle Identity Manager(OIM).  

Enterprise User Security enables you to centrally manage database users across the enterprise. This is a component of Oracle Database.

Oracle Unified Directory is a comprehensive next generation directory service that is designed to address large deployments, to provide high performance, to be highly extensive and to be easy to deploy, manage, and monitor. Oracle Unified Directory is used to role management integrated with Enterprise User Security.Integrating Oracle Unified Directory with Oracle's Enterprise User Security (EUS) enables you to store user identities in Oracle Unified Directory for Oracle Database authentication.

Oracle Identity Manager is used to management of Oracle Unified Directory user's life-cycle with right value and user's group.All of this process stars from Oracle Identity Manager and then insert user to OUD group or delete user from OUD group.So user will have rights via Oracle Unified Directory and Enterprise User Security.


Following steps explain integration of these three tools.

1- Enabling Oracle Unified Directory for Enterprise User Security by using Oracle Directory Services Manager(ODSM).

  • Connect to the directory server from ODSM.
  • Select the Home tab.
  • Under the Configuration menu, select Create Base DN.
  • On the Configuration Wizard, enter the details of the new suffix.
  • Select the EUS Enabled check box.
  • Click Create to add the new, EUS-enabled suffix.

2- After OUD has been enabled for EUS, you must update the realm information in the OUD configuration by performing the following steps:

  • Locate the LDIF template file at install_dir/config/EUS/modifyRealm.ldif.
  • Edit the modifyRealm.ldif file as follows:

-Replace dc=example,dc=com with the correct naming context for your server instance.

-Replace ou=people and ou=groups with the correct location of the user and group entries in your DIT.

  • Use the ldapmodify command to update the configuration with the edited LDIF template file, for example:

- $ ldapmodify -h localhost -p 4444 -D "cn=directory manager" -j pwd-file -v -f modifyRealm.ldif

3- Complete below configuration on Oracle Database

  • Configure your database for directory usage by using NetCA.
  • Register the database with the directory by using DBCA.
  • Creating a shared schema in the database.
  • Mapping enterprise users to the shared schema.

4-Install Oracle Internet Directory Connector to Oracle Identity Manager because of user provisioning to Oracle Unified Directory and manage groups so roles.

When complete all of above steps.First Enterprise User Security enabled on DB,then create DB roles -enterprise role- and map this roles to the Oracle Unified Directory global roles.And last manage user's Oracle database authorization with Oracle Identity Manager through Oracle Unified Directory.

P.S.: if you want to manage Oracle Database 9i you have to use Oracle Internet Directory instead of Oracle Unified Directory.

About me:

Mustafa Kaya is a Senior Consultant in Oracle Fusion Middleware Team, living in Istanbul. Before coming to Oracle, he worked in teams developing web applications and backend services at a telco company. He is a Java technology enthusiast, software engineer and addicted to learn new technologies,develop new ideas.

Follow Mustafa on Twitter,Connect on LinkedIn, and visit his site for Oracle Fusion Middleware related tips.

About

Get the latest on all things Oracle PaaS and Fusion Middleware. Join Oracle's PaaS/Middleware Community today.

Find Us on facebook Follow us on twitter Catch Us on YouTube 

Search

Categories
Archives
« June 2016
SunMonTueWedThuFriSat
   
1
2
3
4
5
6
7
9
10
11
12
13
14
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
  
       
Today