| |
|
|
in this issue:
Ideal Pairing: Finding the Ideal Technology for Your Access Management Needs
Zach Arlen, Application Developer
Process to Perfection –
Great Wine & SOA Governance
Elias Karthan, Director of Architecture Services
Brad Bukacek, SOA Developer
Zirous to hold SOA Workshop in Omaha
Hands-on Workshop March 9th
|
|
| |
 |
|
| |
February 2
Oracle Day
Milwaukee, WI
view evite
February 4
Oracle Day
Minneapolis, MN
view evite
February 11
OAUG User Group
Omaha, NE
view evite
March 9
SOA Workshop
Omaha, NE
STAY CONNECTED.
 
* Some restrictions apply to wine giveaway. Basket contents may vary based on alcohol shipping regulations. |
|
| |
|
| |
|
|
|
| |
|
|
| |
Ideal Pairing: Finding the Ideal Technology for Your Access Management Needs
Zach Arlen, Application Developer
Just as there’s a wine for each entrée, there seems to be a product for each technical problem. So, how do you ensure you’re pairing the right technology to your technical problem? While you probably know that for access management issues you need an access management solution, there are still options in terms of which access management software to apply. As you can learn about individual wines and which pair well with which entrée, here we showcase Oracle Access Manager and highlight some of the access management issues this technology pairs well with.
Oracle Access Manager (OAM) is a powerful product that can offer access control across your enterprise. When leveraged to its full potential, OAM can reduce the amount of administrative, end-user and management resources required to maintain a secure access management system.
OAM consists of two main components, the Access System and the Identity System. The access system secures web applications by providing centralized authentication, authorization and auditing services. Those services enable you to easily create a single sign-on environment and control access across enterprise applications. The identity system manages the user identity information about individual users, groups and the organization. The identity system also offers delegated administration of users, along with self-registration interfaces and approval workflows.
If you’re concerned about the following specific access management issues, consider OAM.
Authentication
The authentication component of the access system provides various methods to authenticate among various systems within an enterprise. Methods include: basic username/password, x509 certificates, smart cards, and form-based and custom authentications.
The flexibility of OAM’s security policies allow administrators to attain a higher level of security to certain resources as well as creating an authentication flow. For instance, a flow may authenticate against an LDAP directory. If that fails, the flow will then authenticate against a Windows Active Directory.
Once users are authenticated by OAM, the Access system creates a single sign-on session. The session enables users to access other resource for which they have access rights without having to resubmit their credentials.
Access Control
The access system provides centralized policy-based authorization services to maintain access control to web and J2EE resources.
To ease the process of creating those policies, OAM provides a policy manger console – a browser-based administrative application. Policies can be configured to define access to individual resources by user, role, group membership, time of the day, day of the week and IP address.
Auditing
Each successful or failed authentication/authorization that occurs within OAM is monitored. Audit trails can include user information as well as items like time of day, IP address, host identifier, etc.
The access manager also enables administrators to generate auditing policies that can be configured to audit at different rates for individual resources. One resource may need to be audited daily, while another resource may need to be audited weekly. OAM allows for this.
Common audit reports run against information that OAM tracks are:
• Authentication statistics (success/failed rates)
• Authorization statistics (success/failed rates)
• Failed authorizations by user
• Failed authorizations by resource
• Access testing
• Group history (all changes to all group profiles)
• Identity history by user
• Locked-out users
• Password changes (in a particular interval of time)
• Users created/deactivated/reactivated/deleted
User Management
Dynamic Group Management enables the use of groups for user management. Groups are the most commonly used representation of business roles and are well understood by most mainstream applications. Essentially, dynamic groups are a reflection of pre-defined user attributes.
For instance, within an enterprise there are two resources App #1 and App #2, two distinct dynamic groups: consultant and employee. There exists an identity profile named Joe User who is a consultant to the enterprise, so, the consultant attribute has been assigned to him. OAM has been configured to allow the dynamic groups consultant and employee to have access to App #1, as well as allow the dynamic group employee to have access to App #2. As you can see Joe User will have access to App #1, but not App #2 because his identity doesn’t include the employee attribute.
Two months later, Joe is hired to be an employee at the enterprise. His identity has been provisioned by the access policy administrator to only have the attribute of employee. Instantaneously, OAM will allow Joe to have access to App #1 and App #2, because at run-time OAM determines Joe is part of the employee group based on his identity attributes.
User Self Service
OAM’s out of the box self-registration screens enable users to add themselves to directories and modify their own attributes. Self service activities are limited by policies or workflows, both of which are configured by OAM administrators.
The self service system also enables lost password management which allows users to reset their lost or forgotten passwords without having to call the service desk. To reset the password, users simply have to correctly answer previously configured personalized challenge questions.
It’s not Chardonnay with Chicken Cordon Bleu, but if you’re concerned with implementing enterprise access control and addressing the above issues, the perfect pairing is OAM. Zirous can help you leverage OAM to its full potential to reduce the administrative, end-user and management resources required to maintain a secure access management system.
Information is from “Oracle Access Manager: An Oracle White Paper”, which is online at: http://www.oracle.com/technology/products/id_mgmt/coreid_acc/pdf/access_manager_wp_10gr3.pdf.
|
|
| |
|
| |
|
| |
|
|
|
