Security Link Roundup - January 4, 2016

I'm Mark Wilcox. The Chief Technology Officer for Oracle Consulting- Security in North America and this is my weekly roundup of security stories that interested me. ### Database of 191 million U.S. voters exposed on Internet: researcher So 2016 starts off with another headline of a database breach. In this case 191 million records of US voters. This is ridiculous. And could have been prevented.And a sobering reminder to contact your Oracle represenative and ask them for a...

Monday, January 4, 2016 | Read More

How To Do Single Sign On (SSO) for Web Services

A recent question on our internal list was "A customer has OAM and wants to do SSO to SOAP Web Services". In this case the customer was using Webcenter Content (the product formerly known as Unified Content Manager UCM). But the scenario applies to any SOAP Web Service. My answer was well received and there isn't anything proprietary here so I thought I would share to make it easier for people to find and for me to refer to later. First - There is no such thing as SSO in web...

Wednesday, December 11, 2013 | Read More

The Difference Between Access Manager 10g and 11g Webgates

A common question we get is what is the difference between Access Manager 10g and Access Manager 11g webgates. My colleague Yagnesh who covers webgates put together a simple list: Here is 11g features: Oracle Universal Installer for platform. Generic for all platforms Host-based cookie Individual WebGate OAMAuthnCookie_ making it more secure A per agent key, and server key, are used. Agent key is stored in wallet file and Server key is stored in Credential store One per-agent secret...

Thursday, August 29, 2013 | Read More

Fresh, Informative and Fun - Join Us For Your Opening Presentation at Open World 2013

Join us on Monday September 23, 2013 for Senior Vice President Amit Jasuja's presentation. It's called "CON8808 - Oracle Identity Management: Enabling Business Growth in the New Economy". The title is boring but the presentation will be fresh, informative and fun. This is our annual presentation to share our thoughts on where the world is going in terms of identity management and letting customers who are leading the way let you know how they are getting there. And we will...

Thursday, August 29, 2013 | Read More

If You Are Interested In OUD - You Need To Be Reading Sylvain Duloutre's Blog

My colleague Sylvain Duloutre is writing a series of posts about Oracle Unified Directory (OUD) including how to co-habitate and migrate from DSEE to OUD which is how we believe most existing DSEE customers who adopt OUD will make the move. You can read his blog here.

Wednesday, May 2, 2012 | Read More

Announcing Oracle Optimized Solution for Oracle Unified Directory

I'm happy today to be able to share that we released an optimized solution for Oracle Unified Directory. It's one of the first public announcements we can make of several cool & useful things we've been working on. We have more coming from identity & access team. Which reminds me - for my loyal readers here - since December 2011 - besides covering directory - I am also now on the Oracle Access Manager Suite team. My colleague Sylvain post summed it up nicely what it is: Oracl...

Friday, April 20, 2012 | Read More

Oracle Identity Management (OID, OVD, OIF) 11gR1 Patchset 5 ( Released.

I'm sure you've seen the flood of announcements from the other Fusion Middleware products about the release. We got in on the fun too. You can download it here. And for a fresh install - you can start directly from For the most part this is just a bug fix release for us. But there are a couple of enhancements I would like to share. Oracle Virtual Directory The biggest enhancement I would highlight is that we have dramatically simplified configuring OVD for...

Thursday, February 23, 2012 | Read More

How To Simplify Your Password Management With Oracle Enterprise Single Sign-On

We're doing another free webcast - this time on Enterprise Single Sign-On. Click here to register Addressing Your Password Nightmares with an Enterprise Single Sign-On PlatformWebcast Date: Wednesday, October 19, 2011 Webcast Time: US Pacific 10am PDTSTEP 1: Please complete the registration form below, to take part in the Live Oracle Webcast event. Studies estimate that nearly 25 percent of all help desk calls are related to password resets. The modern enterprise IT...

Thursday, October 13, 2011 | Read More

How To Use Oracle Identity Management To Rescue Delayed IBM Identity Management Deployments

If your organization has a delayed IBM-based identity management deployment this webinar will show reasons why this might be and how Oracle can help. In particular you will learn how Oracle Identity Management can: Mobilize and complete your identity management project Coexist with or replace your existing IBM identity management point solution Reduce security risk and improve regulatory compliance Click Here To Register.

Friday, September 2, 2011 | Read More

Learn How To Save 48% On Your Access Management Deployment

We're hosting an upcoming webinar with the Aberdeen group that will show you research that will show how using an Identity Management platform can save you significant money vs a point-solution based deployment. Click Here to register.

Friday, September 2, 2011 | Read More

Remember Your Password Or You Won't Get Your Donut

People have trouble remembering complex passwords. Click here to see one organization's ingenious way to get their employees to remember them. Click it or no donut for you.

Wednesday, August 24, 2011 | Read More

Best Practice For Oracle Virtual Directory (OVD) Backup and Disaster Recovery.

I'm writing this in response to a question on one of our mailing lists because of the current nature of the Oracle docset (something the doc team is working on) - it's kind of hard to figure out in a concise form. Here are the things to do: Make sure to have 2 or more OVD instances deployed in production. OVD provides tools to keep the configurations in synch between systems If you have an external DR site - then synchronize the OVD configuration to this external site. Note...

Thursday, August 18, 2011 | Read More

Oracle Unified Directory Webcast Q&A Results Posted

We have posted the answers to the questions from the Q&A from the OUD introduction webcast.

Thursday, July 28, 2011 | Read More

Moving OVD 11g Test to Production Configurations

Just back from vacation - during which we launched our new Oracle Unified Directory (OUD). And I'll be spending a lot of time writing about that since it's new product. But here's a useful 11g OVD piece of information. If you need to migrate test to production configurations on 11g OVD and you apply the latest patchset ( aka Patchset 4) we have new migration scripts that are particularly useful for off-line migrations:For off-line Test-To-Production migration of OVD,...

Monday, July 25, 2011 | Read More

Introducing Oracle Unified Directory 11g

=> July 21, 2011 at 10:00am PT / 1:00pm ET / 19:00 CETEnterprises face many choices for managing identity data: to virtualize or not to virtualize, to synchronize data or store data. The choice of directory server means choosing between multiple vendors and compromising between features and performance. Oracle Unified Directory 11g defines a new category in the directory server market. Join us for this launch webcast to learn how Oracle Unified Directory 11g provides...

Friday, July 15, 2011 | Read More

A New OVD Customer Case Study

The EMEA sales team just published a new case study for Ruhr-Universität Bochum a university in Germany. They use OVD to provide an LDAP interface to their master identity data which is stored in an Oracle database. This allowed them to avoid needing to synchronize the data to another LDAP - which resulted in faster and more reliable identity services. Posted via email from Virtual Identity Dialogue

Wednesday, April 13, 2011 | Read More

Choosing The Right Directory For The Cloud - Recording of Mark Wilcox Webcast from March 24, 2011

Last week I delivered a webcast on Choosing the Right Directory For the Cloud and the recording for the event is now live. Even if you don't really have any interest in directories on the cloud - I encourage you to listen to the Q&A after my short (about 20 minutes) presentation. Lots of interesting questions - most of which are not directory-centric. Posted via email from Virtual Identity Dialogue

Thursday, March 31, 2011 | Read More

Making It Easier For Developers To Access LDAP

One of the reasons why I think LDAP has always had slow adoption by developers is most of their tools provided great abstractions for dealing with databases (like Hibernate, Toplink/JPA, ADF Business Components, etc) while LDAP trailed. However, at Oracle we do have some great ways to fix this problem. And not just by trying to make LDAP look like a database. There are three ways to do this: 1 - You can use OVD's Web Interfaces - either REST (OVD HTTP/Web Gateway) or SOAP...

Tuesday, March 29, 2011 | Read More

How To Query OVD, OID, DSEE Using SQL

One of the perpetual questions in LDAP is "how to query via SQL". I even wrote a post on this 3 years ago. And while it doesn't occur very often anymore - it popped up again this week. So I suspect there might be others. First - to be clear - SQL is very different than LDAP. SQL is simply a standardized query language for querying a relational database. Each database has a different protocol - that's why each database must provide its own database driver even for a...

Tuesday, March 29, 2011 | Read More

OID Supports 400,000 (Four Hundred Thousand!!) Operations Per Second on 500 Million User Database. AKA OID Eats Facebook Database For Breakfast

It's funny - in the Internet - we can forget that no matter how popular new technologies are - like Twitter or Facebook that their other less "fashionable" (after a few drinks you might even say "dead" :)) technologies like SMTP, IMAP and of course LDAP that still handle far more social networks than these two systems do. And we've seen this because in the past year - there has been a number of new opportunities around building new extremely large (e.g. larger than 10...

Monday, March 28, 2011 | Read More

OVD-EUS: Questions and Answers About Mapping Database Users, Roles to AD Users and Groups

More OVD-EUS AD Q&A from sales: Question: which AD object types are used to store Oracle users and roles in AD Answer: There are two ways to deploy OVD-EUS. Option 1 - uses OID (or DSEE) to store the EUS metadata, thus the only attribute used in AD is the orclcommon attribute used to store the password hash (assuming using EUS password authentication). Option 2 - The EUS meta-data is stored in a branch explicitly created to store this data and the AD schema is extended to...

Thursday, March 24, 2011 | Read More

How To Do Highly Available OVD-EUS

Got a question from sales on our mailing list that I think is good to have generally available: My customer is considering using OVD for EUS (against AD) but worries about having one more point of failure (OVD). Mark Comment - This is covered in our product documentation as well. Question - What are the failover solutions available? Answer - It's easy to make OVD highly available. All that is required that you have 2 (or more) OVD instances installed. Then you can synchronize...

Wednesday, March 23, 2011 | Read More

Upcoming Webcast: Do You Have The Right Directory Services For Cloud Computing?

I'm giving a new webcast this week about making sure you choose the right directory service for cloud computing: Webcast Date: Thursday, March 24, 2011 Webcast Time: 10:00 AM Pacific Daylight Time / 1:00 PM Eastern Daylight Time Please register and attend to learn about the key points you need to keep in mind when choosing a directory service for your cloud initiatives. Posted via email from Virtual Identity Dialogue

Monday, March 21, 2011 | Read More

Lessons From OpenId, Cardspace and Facebook Connect

(c) denise carbonell I think Johannes Ernst summarized pretty well what happened in a broad sense in regards to OpenId, Cardspace and Facebook Connect. However, I'm more interested in the lessons we can take away from this. First  - "Apple Lesson" - If user-centric identity is going to happen it's going to require not only technology but also a strong marketing campaign. I'm calling this the "Apple Lesson" because it's very similar to how Apple iPad saw success vs the tablet...

Thursday, March 10, 2011 | Read More

Moving OVD from Test to Production

Customer asked support "How to move a test OVD server to production". There is a couple of ways to do this. One way is to clone the environment: http://download.oracle.com/docs/cd/E15523_01/core.1111/e10105/testprod.htm#CH... Another way - which is particularly useful if you want to push configuration from a parent OVD server to children in a cluster: http://download.oracle.com/docs/cd/E14571_01/oid.1111/e10046/basic_server_set...Note if you use the second option and you have...

Tuesday, January 4, 2011 | Read More

Debugging Tip with Weblogic and Oracle Virtual Directory

I helped one of our other teams debug an issue with an app protected with Oracle Weblogic server and Oracle Virtual Directory (OVD). You can read more about it here Posted via email from Virtual Identity Dialogue

Thursday, October 28, 2010 | Read More

Clarifying OVD-AD EUS Password Question

Got a question from a customer: "We had a question about one of the attributes added by the schema extension: orclCommonAttribute. Is the user’s password hash stored in this attribute when using Kerberos authentication (OVD and AD option)? Is the user’s password hash stored in any other AD attributes? Or does this attribute remain empty?" First a quick explanation about orclCommonAttribute. If you use EUS with username and password authentication, the database fetches the...

Monday, October 18, 2010 | Read More

Another Helpful Hint - Debugging why opmnctl won't start

Another day, another new box setup by someone else. Turns out they forgot to disable SELINUX when doing the OEL install. The result is that all of your installs work just fine. Except when you go to try to run opmnctl you get this lovely error: /u03/middleware/Oracle_IDM1/opmn/bin/opmn: error while loading shared libraries: /u03/middleware/Oracle_IDM1/lib/libdms2.so: cannot restore segment prot after reloc: Permission denied Can you ask the team if they know anything The...

Friday, September 3, 2010 | Read More

Another helpful hint for installing Oracle Fusion Middleware Components on Oracle Enterprise Linux

I'm helping a colleague get OVD 11g up and running for an upcoming demo. We're running on OEL 5 and I forgot to remind him to make sure to put the Oracle Validated package during install. If you don't do this - you'll most likely be missing some packages. An easy way to resolve this is to either run: up2date oracle-validated (if you are a OEL support subscriber) Or you have configured OEL to connect to the public YUM server: yum install oracle-validated Posted via email from Vir...

Wednesday, September 1, 2010 | Read More

What To Do When You Cannot Login to Oracle Directory Server Manager (ODSM)

By default during an ODSM install Weblogic will configure the managed node that is running ODSM so it's only able to accept incoming connections from browsers running on the same machine as Weblogic. Assuming that's not the behavior you want (usually expressed by "Why can't I get to ODSM from my laptop or desktop") here is how to fix it: Go to weblogic console( http://emservenamer:7001/console). Go to wls_ods1 (make sure it's running). Make sure the field listen address is empty...

Monday, August 23, 2010 | Read More

How To Map Port 389 and 636 For Oracle Virtual Directory

OVD is a Java-based app and one of the limitations for Java-based servers is that if you want to run the service on a port under 1024 on Unix - you have to run it as root. The reason is that by default Unix requires anything on those ports to be run as root. In C-based applications - there is a switch-user API call that lets you start as root and then switch to another user. Java never mapped this call and so there is lots of different schemes for dealing with it. For example...

Monday, August 23, 2010 | Read More

OTN Licensing Question for our Sun DSEE Customers

I got a comment on my blog asking: " What kind of licensing terms is Oracle using for this release? Are they following the Sun licensing where you can download and use this for free and choose pay for support?" Being specific about license questions in a blog is a good way to get myself in trouble - so I'll have to be simple here. 1) If you already have DSEE software in production - then please consult your account rep to find out if there are any changes. 2) If you are...

Thursday, July 29, 2010 | Read More

Oracle Directory Server Enterprise Edition 11g is now released.

We released Oracle Directory Server Enterprise Edition 11g.  This is the first Oracle branded release of the directory formerly known as the "Sun/iPlanet/Netscape" Directory. This release also coincided with the release of other key Oracle 11g Identity Management components such as Oracle Access Manager and Oracle Identity Manager 11g.  Posted via email from Virtual Identity Dialogue

Wednesday, July 28, 2010 | Read More

Can You Use The Shadow Join Adapter With OVD-EUS

This year (Oracle year's start in June) - I'm really trying to dedicate myself to saving keystrokes. As a follow-up to my post on minimizing schema changes in AD when using OVD-EUS - a customer asked if you could use Shadow Join to eliminate schema changes with OVD-EUS. The Shadow Join is a default join-type in OVD that allows OVD to redirect data updates for certain attributes to be sent to OID or ODSEE instead of the enterprise directory. It's different than a traditional...

Wednesday, July 21, 2010 | Read More

Schema Extension Options with OVD-Enterprise User Security and Microsoft Active Directory

A customer asked support recently about how to minimize the schema extensions needed to configure Oracle Database Enterprise User Security with Oracle Virtual Directory. EUS is the database feature that allows you to externalize username, roles and (optionally) passwords from the database to your enterprise directory. I say the password is optional because if you are using Kerberos authentication with the database - authentication happens via Kerberos KDC (either MIT or -...

Tuesday, July 20, 2010 | Read More

Simplify IT Compliance with Oracle Identity and Access Management 11g.

I think this photo of a warning sign that is on practically every building in California - heck, I think it's even on the Welcome sign when you drive into the state, to me is the best metaphor for what IT spends a lot of time doing these days - making sure you're in compliance. Just like hotel managers have to spend time making sure these signs are properly posted (though I'm not sure what the heck I'm supposed to do as a guest - hold my breath for my entire stay?) - IT has to...

Monday, July 19, 2010 | Read More

Learn What's New in 11g Oracle Identity Management

Last year we unveiled the initial components of our Fusion Identity Management stack 11g - including Oracle Internet Directory, Oracle Virtual Directory and Oracle Identity Federation. In a couple of weeks (specifically July 21, 2010 at 10:00 AM Pacific/1:00 PM Eastern) we're going to show you the rest of the 11g Identity Management stack via an online webinar. So why is this important? Because in every environment - people are trying to evolve rapidly while still depending...

Tuesday, July 6, 2010 | Read More

Mark Wilcox Oracle OpenWorld (OOW) Speaking Schedule

I have received my speaking schedule for OOW in September. Which is going to be hear quicker than we realize. Here are the places I'm speaking and a bit about each topic:SESSION SCHEDULE INFORMATION ID#: S317084 Title: Active Directory and Windows Security Integration with Oracle Database Track: Database Date: 21-SEP-10 Time: 14:00 - 15:00 Venue: Moscone South Room: Rm 302[Mark's Notes] - This is my annual event to co-present with the Oracle Database Windows Team. Most of the...

Thursday, July 1, 2010 | Read More

Installing Oracle Directory Services 11gR1 Viewlets

My colleague Olaf Stullich has made a set of screencasts/viewlets showing how to install Oracle Directory Services 11gR1 including all the way to the current Patchset 2 ( Posted via email from Virtual Identity Dialogue

Friday, June 18, 2010 | Read More

June 17, 2010 Webcast - 5 Security Tips To Reduce Cost Using Oracle Directory Services

We're delivering another webcast on June 17 (next week!): 5 Security Tips To Reduce Cost Using Oracle Directory Services  Organizations with business units spread around the world face costly and time consuming security concerns. However, many of these companies are forced to deal with increased scrutiny and security demands while resources are reduced. This live webcast focuses on concrete ways IT organizations can use directory services to do more with less.  Posted via email f...

Friday, June 11, 2010 | Read More

Use Entitlements To Secure LDAP-enabled Applications With Oracle Virtual Directory and Oracle Entitlement Server

I stumbled on an interesting article  that shows how the author used OVD to exposed OES security to protect a portal that only understood LDAP group-based authorization. This is great because it shows how you can use OES today to build central policies that can be used without needing to rewrite all of your applications - in particular if you just want to leverage rule-based groups.  Posted via email from Virtual Identity Dialogue

Tuesday, May 11, 2010 | Read More

Screencast Identity Management Pack for Grid Control 11g

Got a happy surprise in my inbox today. The Grid Control team has produced a screencast showing the features of the Identity Management Pack for Grid Control 11g. Grid Control 11g now works with Oracle Virtual Directory 11g. -- Posted via email from Virtual Identity Dialogue

Wednesday, May 5, 2010 | Read More

Oracle Identity Management 11g R1 Ps2 ( Released

We released a new patchset for 11g R1 Identity Management - this includes Oracle Virtual Directory, Oracle Internet Directory and Oracle Identity Federation. This is primarily a bug fix release and is available for download from Support and eDelivery. Posted via email from Virtual Identity Dialogue

Wednesday, April 28, 2010 | Read More

Upcoming Directory Services Live Webcast - Improve Time-to-Market and Reduce Cost with Oracle Directory Services

We're doing another live webcast on May 27 - Here's the details:Live Webcast: Improve Time-to-Market and Reduce Cost with Oracle Directory Services Event Date: Thursday, May 27, 2010 Event Time: 10:00 AM Pacific Standard Time / 1:00 Eastern Standard Time Organizations can spend up to 60% of their IT budgets on operational activities. • Are you being asked to do more, with less resources? • Have you had to lead a cost cutting exercise in your IT department?• Do you have...

Tuesday, April 27, 2010 | Read More

Introducing our new Oracle Security Inside Out newsletter

We just published the first edition of our new monthly newsletter that has lots of good stuff across a wide range of identity management and computer security topics. -- Posted via email from Virtual Identity Dialogue

Friday, April 23, 2010 | Read More

Get Smarter Just By Listening

Occasionally my friends ask me what do I listen/read to keep informed. So I thought I would like to post an update. First - there is an entirely new network being launched by Jason Calacanis called "ThisWeekIn". They have weekly shows on variety of topics including Startups, Android, Twitter, Cloud Computing, Venture Capital and now the iPad. If you want to keep ahead (and really get motivated) - I totally recommend listening to at least This Week in Startups. I also find...

Monday, April 19, 2010 | Read More

My Obligatory IPad Post

I've had my IPad for about a week now. So I thought I'd write some thoughts down based on my initial experiences. Here are my initial take-aways: 1 - Netflix OnDemand - I'm a movie junkie. I'm now more apt to just start a movie as background sound for my workday (I telecommute - so except for the occasional bark from my dog, it's awfully quiet here if I don't have something going). 2 - The Email Client is really nice and I'm as fast or faster typing when I have the wireless...

Monday, April 19, 2010 | Read More

A Database and LDAP Ice Breaker Video

I made another GoAnimate video - this time it's about using LDAP for database passwords. Since it's on the free site - I didn't want to violate any terms of agreement - so it doesn't mention Oracle explicitly. But if you wanted to actually do what the animation talks about with Oracle database - you need to configure the Oracle database to use Oracle Enterprise User Security. EUS requires OVD or OID and works with most popular LDAP servers including Active Directory and of...

Friday, April 9, 2010 | Read More

Configuring Centralized Database User Management with Database Enterprise User Security, OVD and DSEE

My colleague Olaf Stullich has posted a walk-through complete with screenshots and Viewlets/screencast of configuring OVD to work with DSEE to be the directory for Oracle database Enterprise User Security feature. -- Posted via email from Virtual Identity Dialogue

Monday, April 5, 2010 | Read More

Oracle Customer Snapshot - Region Basse-Normandie

You can read how Region Basse-Normandie in France uses OVD to aggregate identity across multiple sources including AD, LDAP and databases to simplify the ability to manage and deploy applications. -- Posted via email from Virtual Identity Dialogue

Tuesday, March 23, 2010 | Read More

An unsung gem in JavaFX

I decided to do some more exploring with JavaFX (again). I have no real idea what I'll do with it but I have often found it useful that playing with new technologies is a good way to inspire yourself. And you never know when you might need the knowledge gained. There's actually quite a few nifty things in JavaFX - such as binding of variables and the ability to draw a UI in PhotoShop or Inkscape and use those images natively from code. But one thing I (re)discovered today was...

Monday, March 1, 2010 | Read More

Now Subscribe By Email

I setup a Google Feedburner for this blog so that you can now subscribe for updates by email (as well as RSS) feeds. As much as RSS is designed to make keeping track of updates - it seems that email is still the best way for most people. You can either click on the link in my About section or click here. -- Posted via email from Virtual Identity Dialogue

Friday, February 19, 2010 | Read More

Creating an Active Directory Firewall with Oracle Virtual Directory

Inspired by recent thread of posts on other blogs about alternatives to SPML and using local AD for cloud security - I recorded a demo showing how OVD can be used to create an Active Directory firewall. So for example you could use OVD to provide secure remote access to AD data without needing to put AD on the Internet. This would allow for example applications running "in the cloud" (such as Amazon EC2, Rackspace or Google) that can use LDAP for authentication to use local...

Friday, February 19, 2010 | Read More

Upcoming Oracle + Sun Welcome Events

Now that the merger is complete - we're rolling out a series of events, webcasts, etc to give you a chance to hear about what the new combination means to you. This includes in-person Welcome events which will be happening globally starting in March. More information can be found here. -- Posted via email from Virtual Identity Dialogue

Tuesday, February 16, 2010 | Read More

Announcing Oracle Directory Services Plus

We are excited to announce Oracle Directory Services Plus (ODS Plus). ODS Plus is the only directory service solution in the industry to include integrated identity virtualization and storage. It is also the only directory service package that gives customer choice about how they wish to store their directory data - choosing either Oracle Directory Enterprise Edition (formerly Sun Directory Server Enterprise Edition) or Oracle Internet Directory.   In future articles, I'll...

Tuesday, February 16, 2010 | Read More

Book Review - Enterprise Security For The Executive

I finally got a chance to read through the book Enterprise Security for the Executive by Jennifer Bayuk. It's not a technical book - rather as the title suggests it explains why security is important for the CXO level management and processes for achieving success. For most readers of this blog - there won't be anything new but then, I would argue the book isn't to convince us directly. Rather it does provide stories we can use to make points about security and strategies to...

Thursday, February 11, 2010 | Read More

You can now subscribe by email

To make it easier for people to get a copy of my posts when I update - in particular since I expect to be a more frequent poster to explain Oracle Directory Services direction - you can now subscribe to updates via email. I'm still trying to figure out how to put this on the homepage, but until then you can just use the following link Subscribe to Virtual Identity Dialogue by Email Posted via email from Virtual Identity Dialogue

Wednesday, February 10, 2010 | Read More

My Own IPad Thoughts

Jackson Shaw just posted his own thoughts on the upcoming iPad. I thought I would comment on something he wrote and then toss in my own general thoughts. Jackson wrote "Hint, if you aren’t working on a Kindle app for the iPad you’d better be!". To which I would point out - worse case scenario - since the iPad supports existing iPhone apps - the existing Kindle app should work. Same as B&N Nook app and Stanza. Though maybe the better question will be  - will Amazon/B&N upgrade...

Thursday, February 4, 2010 | Read More

The Initial Oracle and Sun Directory Services Update

Nishant wrote a nice post summarizing the information we can share on the Oracle+Sun IDM strategy. But I want to highlight the summary for Directory Services and have a reference post for people to use as comments. First - Oracle Virtual Directory will be our virtual directory. Second - We are going to continue to offer both Oracle Internet Directory AND Sun Directory Server Enterprise Edition. Third  - OpenDS will remain an open-source project I welcome all of our new Sun...

Tuesday, February 2, 2010 | Read More

Explaining Master Data Management Integration with Oracle Virtual Directory

I got a couple of questions recently around OVD and Master Data Management (OVD). MDM is an industry standard data solution that provides a single source of truth for customer information. It's particularly useful for large organizations who have customer data in lots of different repositories such as telco or higher education. It's complimentary to a provisioning solution - MDM provides a clean source of truth for a provisioning system. But MDM is not optimized for...

Tuesday, February 2, 2010 | Read More

Making Sharing PowerPoint Presentations Less Painful

There are three major headaches with PowerPoint: 1 - Web conference sharing often takes a quarter of the meeting to just get it setup. 2 - If you are in the office, you can waste a lot of time trying to find a project, get it configured, focused 3 - If you present at a conference, too often we find ourselves bound to the podium because even if you have a clicker, it doesn't always synch, or you have to use the PC provided and the clicker can't connect, etc Over the weekend...

Wednesday, January 20, 2010 | Read More

Lessons From The NFL Divisional Weekend

I realized that there were some lessons to be learned about security and identity management from watching the NFL playoffs this past weekend. The lesson in particular is that whenever humans are involved they will not always act as you predict. Players who are better on paper (and Madden) will suddenly disappear on the field. The coach will call a play asking a slow running back to try and run a sweep designed for a faster player. The quarterback will get nerves and panic and...

Tuesday, January 19, 2010 | Read More

2010 - The Year We Make Contact

On New Year's Eve it occurred to me that we had now crossed the years to not one but two of Arthur C. Clarke's sci-fi novels - 2001 and 2010. Of course on one hand we are no where near as advanced in manned space flight as described in those books. But I think there is more than a kernel of truth to the title of the 2010 movie - "The Year We Make Contact." Though I doubt it will be with any alien monolith. Instead 2010 is when globally mobile phones really explode both in...

Friday, January 8, 2010 | Read More

New Enterprise Security Book

I saw the review of a new security book on Slashdot. It's called "Enterprise Security for the Executive: Setting the Tone from the Top" by Jennifer Bayuk. I just ordered it myself so I can't post any further information on the content, but I'll put up my thoughts as soon as I can. Posted via email from Virtual Identity Dialogue

Wednesday, January 6, 2010 | Read More

Cloud Computing Officially In Mainstream

Last night while discussing with my wife (who is my anti-geek to my geek) ways her library patrons might be able to save files they work on in the library's computer lab besides floppy disks - I started talking about services like Dropbox. Her answer was "you mean like storing these files in the cloud?". Posted via email from Virtual Identity Dialogue

Friday, December 18, 2009 | Read More

Impressed with Thunderbird 3

I needed to test to see how Posterous would handle posting to my Oracle blog, Twitter and now Linked-In. And gave me a good chance to write a quick update on how I really like Mozilla Thunderbird 3 for email. I had used Thunderbird 2 before but I had given it up - in fact I had pretty much moved to Outlook as my primary desktop email client. We also have Zimbra for Web-mail which is nice but sometimes acted wonky in my browser. In particular I like the new search in Thunderbird...

Monday, December 14, 2009 | Read More

Google ChromeOS First Impressions

One of the comments from an earlier post on Google's ChromeOS had mentioned there was a way to try it out using virtual machines. I finally got a chance to take it for a spin this morning using the image built by the team at GDGT. GDGT is an interesting site itself - basically a new social-type site for people with gadgets. Alright for the nitty gritty. First - I think it is important to put Google ChromeOS into context. Because it's still early and only the uber-geeks...

Wednesday, December 2, 2009 | Read More

Useful JDeveloper 11g PS1 Feature - Local Subversion

I'm doing a self-paced ADF 11g training class. And I wanted to use version control to make it easier to recover from mistakes. While I have been playing with GIT - I wanted to use Subversion since it has native support in JDeveloper. Initially I was looking at ProjectLocker  which offers hosting for Subversion (or GIT) because I really don't want to run by own Subversion server. While fiddling trying to get JDeveloper to work with ProjectLocker - I discovered I could configure...

Tuesday, December 1, 2009 | Read More

OVD and OID 11g R1 PS1 now available on all platforms

Oracle released 11g R1 Patchset 1 has now been released on all supported platforms. Posted via email from Virtual Identity Dialogue

Tuesday, December 1, 2009 | Read More

Follow-up on OAuth/UMA/SPML

Clark Sanford gave me some insightful comments on my OAuth/UMA/SPML/Federated Provisioning post. In particular he's trying to promote the use of SAML Attribute Query as the way to provide callback in Federated Provisioning: "In the scenario Nishant describes where the original Assertion doesn't contain all the attributes/claims they want for provisioning, in a SAML implementation why couldn't the SP service initiate the Assertion Query profile to retrieve the...

Monday, November 30, 2009 | Read More

Thinking on Oauth, UMA and SPML

Nishant just posted a blog asking "Can OAuth do what SPML hasn't?" in particular in regards to "federated provisioning". Just to make sure everyone understands what we are talking about - let's use an example use case where federated provisioning could be required:Acme Medical Tools has entered an agreement with an online CRM provider. The CRM provider supports the use of SAML to authenticate the Acme Medical Tools users. However, for Acme Medical Tools to be able to use this...

Wednesday, November 25, 2009 | Read More

Initial OVD 11g Screencasts

I have recorded two screencasts for OVD 11g. The first video shows a very brief introduction to Oracle Directory Services Manager connecting to OVD 11g. The second video shows how to create a very common scenario - aggregating 2 different LDAP directories into a single view. I would recommend watching them in full-screen mode because they will be easier to read that way. Posted via email from Virtual Identity Dialogue

Tuesday, November 24, 2009 | Read More

Great Presentation - What is Google Chrome OS

I decided to learn more about Chrome OS - Google's new operating system offering. And that led me to this YouTube video from Google explaining the OS. And I thought they delivered the three elements all presentations should aim for: 1 - informed 2 - educated 3 - entertained Too many times technical presentations get to step 1 and stop. So if you are looking for inspiration on how to make your next technical talk something people will want to remember instead of avoid - you...

Tuesday, November 24, 2009 | Read More

Announcing Oracle Identity Management

As you may have seen elsewhere Oracle released an update to the Fusion Middleware 11g bits this includes the current 11g IDM products (Oracle Virtual Directory, Oracle Internet Directory and Oracle Identity Federation). The release is named and can be downloaded here. For OID and OIF it's basically a bugfix update for R1. For OVD besides the usual bugfixes - we also added several new features. It's why I've informally nicknamed this release OVD 11g - the Director's...

Tuesday, November 17, 2009 | Read More

Announcing Oracle Identity Management

As you may have seen elsewhere Oracle released an update to the Fusion Middleware 11g bits this includes the current 11g IDM products (Oracle Virtual Directory, Oracle Internet Directory and Oracle Identity Federation). The release is named and can be downloaded here. For OID and OIF it's basically a bugfix update for R1. For OVD besides the usual bugfixes - we also added several new features. It's why I've informally nicknamed this release OVD 11g - the Director's...

Tuesday, November 17, 2009 | Read More

Upcoming Webcast: 4 Ways to Optimize Your Identity Management with Virtual Directories

I'll be joined by Alex Petrushko from our partner Identigral to talk about how Oracle Virtual Directory can improve your identity management implementation. Alex will be speaking about how a large telco provider used OVD to reduce time it takes to deploy new applications. The webcast will be live at: Nov 19, 2009 12:00 p.m. Eastern/ 9:00 a.m. Pacific (60 minutes) I believe it will also be available for replay as well. Register for the Webcast Posted via email from Virtual...

Friday, November 6, 2009 | Read More

Has Facebook Connect Trumped Them All?

I wasn't able to make it to Internet Identity Workshop this week because I would like to know the thoughts on Facebook Connect. It appears that more and more sites are now allowing you to use your Facebook account to authenticate you. The experience in my opinion may make this Facebook's killer app (though my wife's obsession with Cafe World, makes me wish I had paid more attention to Flash development back when it first emerged). The reason is that - I simply clicked on the...

Thursday, November 5, 2009 | Read More

One more autopost test

I'm trying out http://www.posterous.com which is a nifty new service I found about via This Week In Startups. Basically it radically simplifies blogging. You send an email to post@posterous.com and bingo you have a blog. No preregistration is necessary. In fact if you don't need to edit your blog - you never ever log into anything. Plus it will post anything - blogs, photos, video, audio (the latter as attachments). And it supports autoposting which hopefully will make it...

Thursday, November 5, 2009 | Read More

My OOW Sessions

I will be co-presenting on two sessions at OOW. The first is Getting More out of Siebel and PeopleSoft Applications with Oracle Directory Services on Oct 13 (Tuesday) at 4pm in Moscone South 236. The second is Microsoft Active Directory and Windows Security Integration with Oracle Database  on Oct 14 (Wednesday) at 10:15 am also in Moscone South, Room 236. We will also have a booth in the Identity Management section.

Wednesday, October 7, 2009 | Read More

Updated OVD Guide For Managing Oracle Database Users (Enterprise User Security) Posted

Hard to believe it's the end of September. Anyway we (and by we, I mean Olaf Stullich my fellow PM here in directory services) updated our white paper on Centralized Oracle Database User Management aka Enterprise User Security. The most prominent change is to highlight we now also support Novell eDirectory with OVD EUS.

Wednesday, September 30, 2009 | Read More

The Difference In Farm Conversations Between 1909 and 2009

Over the Labor Day weekend, we took a quick trip to visit my parents who still live in Waco, TX (I now live up near Plano, Tx). During the weekly post-church (which primarily serves as social network to organize lunch and dinners during the week) lunch - my parents and parents friends (most of whom, I've known for 20 or more years) got to celebrate the primary accomplishment of Labor Day weekend. Which is that I finally got my Mom on Facebook. That was much harder than I...

Tuesday, September 8, 2009 | Read More

Simplifying LDAP Access For .NET Developers

I don't do much .NET development these days but I saw this posted on Planet Identity yesterday so I thought I would pass it along for anyone who reads this but maybe doesn't subscribe to the Planet Identity feed. Zetetic - Zetetic.Ldap - Bringing LDAP + LDIF tools to .NET It's a new general purpose LDAP API for .NET that at least at first glance feels similar to UnboundID's new LDAP API. While it's good to see new development in this space - we are trying to move developer...

Wednesday, September 2, 2009 | Read More

Innovations in Directory Services

Between helping get internal people up to speed on 11g, a really bad cold which may or may not have been the flu, and vacation (which was culminated with me getting to see two of my current favorite bands live on the Mayhem tour) - been a bit behind on getting to respond to some stuff floating around the blogsphere. The strangest one was the implication that we here in the Oracle mothership had not been innovative in regards to virtual directory. Particularly ironic was it came...

Monday, August 24, 2009 | Read More

Check out IdentityForge updated site

IdentityForge which is our preferred partner for providing LDAP-enabled access to mainframe identity data has updated their website. And if you have identity information locked in your mainframe that you are trying to integrate with your identity management infrastructure - these are the ones to look to.

Friday, August 7, 2009 | Read More

Visa Wins Identity Management Innovation Award for Their OVD Deployment

Today we announced that Cisco and Visa were the recipients of our first annual Identity Management Innovation award. Visa won because of their innovative use of OVD. From the award page: “Visa deployed Oracle Virtual Directory Services to provide applications with a single view of identity data and to facilitate the externalization of access control from the applications. Oracle Virtual Directory is part of Visa's Identity and Access Management infrastructure to streamline the...

Thursday, July 30, 2009 | Read More

Celebrating the moon

Today is the 40th anniversary of the first manned moon landing by Apollo 11. And here is a link to one of my favorite photos - the launch of the Saturn V sending them on their way. I also have a personal connection to the moon landing. My grandfather actually knew Neil Armstrong's parents and even met Neil several times when Neil was a teenager. Though to be candid - as I told my mom, I'm not sure if you could have picked a more boring person to be the first person on the...

Monday, July 20, 2009 | Read More

Strong Web Passwords Are Not As Helpful As You Think

Saw the abstract of a new security paper via Scheier. In short - strong passwords do not really do a better job of security accounts as you might think. This is because they do not do anything to prevent phishing and related social network attacks (not to mention good ol' sniffing of the network for passwords sent in the clear). And that the 3-strikes rule on most sites is sufficiently good enough security to prevent brute force attacks (I've long argued that most attacks do...

Monday, July 13, 2009 | Read More

Oracle Fusion Middleware 11g is Now Live

We launched 11g today. It's not just announcements - the software is ready to download. There is more information on the updated Identity Management site. It's also a major milestone for Oracle Directory Services reflecting over 3 years of work.   So what is new? The biggest changes in this release are within the management interfaces. First - all 11g Identity Management components are now integrated with Enterprise Manager Fusion Middleware Control (EMFMC). EMFMC provides...

Wednesday, July 1, 2009 | Read More

Identity In the Clouds

I'm not a big fan of reposting without adding anything but I wanted to point to Vadim Lander's (our new Chief Identity Architect) initial post - "Role of Identity Management in Public vs. Private Cloud Computing." The post covers the primary difference between the cloud types and the identity management requirements for each. And of course how Oracle products can help secure your clouds.

Thursday, June 25, 2009 | Read More

Be Better Than Blackberry (or the iPhone)

Lovely post today on Talking Points about what to do if people are paying more attention to their Blackberry/iPhone/Pre/etc than you. My two favorite quotes from the post: I have a simple solution for this problem. Be better than the Blackberry. And the most important: The Blackberry is a technological breakthrough that allows people to do something productive during meaningless meetings. So in other words - if people are constantly are on their smart-phones than listening to your...

Monday, June 22, 2009 | Read More

URL Shortening Services Are Lemurs of the Web

Jeff Atwood has a rant against URL shortening services. In short - he thinks that the URL shortening services (like TinyURL or Bit.ly) are going to kill the Web because of Twitter and urge to make money off them will destroy hyperlinks as we know them. Except that they won't. Here are my quick thoughts on why this is so: First - while it may seem like everyone is on Twitter  - most are not. Second - The 140 character limit on Twitter will eventually go away. It's only limited to...

Wednesday, June 17, 2009 | Read More

Increasing Value of Siebel with Oracle Virtual Directory CRM Identity Publisher

Last week we launched a site to explain a new feature of OVD - the CRM Identity Publisher. This feature makes it easier to use identity information managed by Siebel and Customer Hubs in your applications.

Monday, June 1, 2009 | Read More

Understanding Innovation

Last week Marc Canter posted his collection of links for first week of May. However, one item caught my attention: See how this works? TinyURL creates a market, the VCs swarm in and fund up bit.ly and now everyone will have their own URL shorterner. This is how our industry works.  No innovation, just copying the sure thing. I wanted to respond to this  as a way to tie together some thoughts building in my head based on a couple of books I've read/reading recently. The first...

Friday, May 15, 2009 | Read More

I'm Now On Twitter

For those so inclined - I'm now on Twitter as "mewldap" (e.g. @mewldap). I'm still playing around with Twitter - so I may occasionally post some of my other non-IDM stuff there (though I'm trying to keep that as just Facebook updates) but if you just want to follow my IDM related tweets - I'll tag them as "#Oracle_IDM".

Monday, May 11, 2009 | Read More

BT and Oracle: Managed Fraud Reduction Service

Fellow PM (on the OAM Suite team) Mark Karlstrand has just posted a link of stories about our new service with British Telecom (BT). I think this is important - not only because it involves Oracle products and a partner. Though it does give me a chance to talk about some interesting facts I've learned over the past few days. First - this is important because identity assurance (aka how much do I trust you are you) is vital to do business. Second - this is an excellent use case...

Tuesday, May 5, 2009 | Read More

Fiction as Analogy of Identity vs Persona

I'm on a bit of a Star Trek kick here on the blog. Though to be clear - I'm pan-sci-fi fan. Meaning I dig Star Trek, Star Wars and Battlestar Galactica (both the original and updated) pretty much equally.   I'm also a big fan of classic NASA. (That's the Saturn V which was used to go to the moon. I cannot describe my thoughts on the Space Shuttle in a family friendly manner - having one explode over your house (Columbia) leaves a sour taste) But the point I wanted to make in this...

Tuesday, May 5, 2009 | Read More

Star Trekkers Explain Virtual Directory Technology

I have been playing around with GoAnimate which is a website that lets you build Flash animation clips. Besides making it very simple to create (if you can build a PowerPoint, you can build GoAnimate) - they have licensed characters from third-parties such as Star Trek. You can also upload your own. I thought it would be fun to see if this might be another way to explain technology information. You can check out my clip that I built to explain virtual directory (in general,...

Monday, May 4, 2009 | Read More

Virtual Developer Labs

OTN and Amazon are teeming up together to host a free "Virtual" Developer Day". If you are interested in learning how to build cool, Web 2.0 style applications (aka Ajax) using Oracle technologies - you should look into this. But I'm bringing this up because I really like the delivery mechanism - it's going to be taught via webcast using lab machines hosted on Amazon EC2 infrastructure. This is a great example of what cloud computing can do that is very hard to do otherwise - scale up developer training without breaking the bank. By using EC2 it's possible for the training team to build images that are pre-configured to run but because it's trivial (and cheap) to split the app server and database machines (though I'm not sure this is how they will do it) you don't have to have the constraints you might have in a normal lab (e.g. how much stuff can you cram into a single vm on a desktop pc). And unlike a traditional in-person class - you can keep your labs on the EC2 (though you do have to pay for the EC2 time, but again, that's cheap). If you would be interested in training like this around identity management - please leave me a comment.

Tuesday, April 28, 2009 | Read More