Monday, October 12, 2009

ORACLE Identity And Access Management Overview 10g

Oracle Identity Management allows enterprises to manage end-to-end lifecycle of user identities across all enterprise resources both within and beyond the firewall. You can now deploy applications faster, apply the most granular protection to enterprise resources, automatically eliminate latent access privileges,

Oracle Identity Management is a member of the Oracle Fusion Middleware family of products


Oracle Identity Management Solutions
Product Under Oracle IDentity management Solutions are as below, Current Oracle 11g Identity Management is running, but here First I explain and install about the 10g Version of Oracle Identity Management.

Product Under

Oracle Identity and Access Management 10.1.4.0

Oracle Identity and Access Management is a product set that allows enterprises to manage and automate the end-to-end lifecycle of user identities, and provides users with secure, fine-grained access to enterprise resources and assets. Oracle introduced the first product in this set, Oracle Internet Directory, in 1999. Since then, Oracle has developed and introduced a number of identity and access management features including directory synchronization, secure directory administration, and a Web single sign-on service, all of which were integrated with the Oracle product stack. In 2005 and 2006, Oracle further enhanced its identity and access management offerings through strategic acquisitions. Oracle has made significant investments in best-of-breed solutions for identity federation, Web access management, delegated identity administration, user identity provisioning and virtual directory technology.

Oracle Identity and Access Management Products

Directory Services

Directory services, based on the Lightweight Directory Access Protocol (LDAP) are central to an identity and access management strategy. Oracle provides scalable directory and integration technology that meets the requirements of general enterprise deployment, and is also leveraged by other Oracle products in the stack. Oracle Directory Services includes the following components.

Oracle Internet Directory
Oracle Internet Directory is a scalable, robust LDAP V3-compliant directory service that leverages the scalability, high availability and security features of the Oracle Database. Oracle Internet Directory can serve as the central user repository for identity and access management deployment, simplifying user administration in the Oracle application environment. Performance, high availability, and security are some of the outstanding characteristics of Oracle Internet Directory. Oracle Internet Directory is a key component of the Oracle product stack used in applications such as OracleAS Portal, Oracle E-Business Suite, Oracle Collaboration Suite, and the Oracle Database for services such as user and credential management, e-mail address storage, and name resolution. In addition, Oracle Internet Directory is supported as a directory store for PeopleSoft applications.

Oracle Virtual Directory

Creating a secure application environment often requires integration of existing user identity information that may be scattered across multiple locations and services. Oracle Virtual Directory, formerly known as OctetString Virtual Directory Engine, provides a single, dynamic access point to these data sources through LDAP or XML protocols. It does this by providing a real-time data join and an abstraction layer that exposes a single logical directory, without the need to synchronize or move data from its native location. Oracle Virtual Directory can provide multiple application-specific views of identity data stored in, for example, Oracle Internet Directory, Microsoft Active Directory and Sun Java Systems Directory instances, and can also be used to secure data access to the application-specific sources and enhance high-availability to existing data-sources. These capabilities accelerate the deployment of applications and reduce costs by eliminating the need to consolidate user information before an application can be deployed. Oracle Virtual Directory can constantly adapt those applications to a changing identity landscape as user repositories are added, changed, or removed.

Oracle Virtual Directory facilitates the integration of applications into existing identity infrastructures. Oracle Virtual Directory accomplishes this integration without requiring changes to existing directories or user repositories,Oracle Directory Integration PlatformOracle Directory Integration Platform is a component of Oracle Internet Directory designed to perform directory synchronization and application integration across various directories and compatible Oracle products. Oracle Directory Integration Platform allows applications that rely on Oracle Internet Directory to leverage user data managed in other directories and enterprise user repositories. The synchronization feature enables customers to synchronize data between various directories and Oracle Internet Directory. Oracle Internet Directory includes agents for out-of-the-box synchronization with Oracle Human Resources, Oracle Database, and third-party LDAP servers, such as Sun Java System Directory Server Microsoft Active Directory, Novell eDirectory, and OpenLDAP.

Access Management

Access management is the means for controlling user access to enterprise resources. Access management products provide centralized, fine-grained access management for heterogeneous application environments

as well as out-of-the-box integration with Oracle products such as Oracle Portal, Oracle Collaboration Suite, and Oracle E-Business Suite


Oracle access management products include

Oracle Access Manager

Oracle Access Manager, formerly known as Oracle COREid Access and Identity, provides Web-based identity administration, as well as access control to Web applications and resources running in a heterogeneous environments. It provides the user and group management, delegated administration, password management and self-service functions necessary to manage large user populations in complex, directory-centric environments. Access Manager supports all popular authentication methods including browser forms, digital certificates, and smart cards, and integrates seamlessly with most application servers and portals, including OracleAS 10g, BEA WebLogic, IBM WebSphere, Vignette and others. User identities and credentials can be accessed from a number of repositories including Oracle Internet Directory, Microsoft Active Directory and Sun Java System Directory. With Access Manager, user access policies can be defined and enforced with a high degree of granularity through centralized management

Access System

The Access System enables you to protect resources such as URLs and legacy, non-HTTP applications. It uses the information stored by the Identity System to control which users, groups, and organizations can access a resource. It stores information about configuration settings and security policies that control access to resources in a directory server that uses Oracle Access Manager-specific object classes.

You can use the same directory to store the Access System configuration settings, access policy data, and user data, or you can store this data on separate directory servers.

Identity System

The Identity System is a set of applications that provide delegated administration, user self-service, and real-time change management. The Identity System stores information about users, groups, and organizations. For example, you can create, manage, and delete groups in the directory server. You can define a subscription policy for a group, including self-service with no approval needed, subscription with approvals, rule-based subscription, and no subscription allowed.

Oracle Identity Federation

As more companies move their business processes to the Web, many organizations have a greater need to extend the boundaries of their enterprise to include partner applications.

Federated identity management allows companies to operate independently and cooperate for business purposes by enabling cross-domain single sign-on and allowing companies to manage user identities and vouch for them as they access resources managed by another domain.Oracle Identity Federation, formerly known as COREid Federation, provides a self-contained federation solution that combines the ease of use and portability of a standalone application with a scalable, standards-based proven interoperable architecture. It helps corporations securely link their business partners into a corporate portal or extranet while also increasing their compliance with privacy and security regulations.

Identity Federation enables companies to manage multiple partners and choose from industry standard federated protocols. Identity Federation provides built-in integration with customer's identity management infrastructure (Oracle and non-Oracle) to deliver an end-to-end user experience, addressing scenarios like automatic registration, identity mapping, seamless access control navigation, and others.

Oracle Application Server Single Sign-On.

Oracle Application Server Single Sign-On (OracleAS Single Sign-On) is a component that provides single sign-on access to Oracle and third-party Web applications.

OracleAS Single Sign-On enables Web single sign-on for Oracle applications such as Oracle Portal, Oracle Collaboration Suite and Oracle E-Business Suite. It delivers a lightweight authentication solution to Oracle-only environments,supporting basic username and password authentication and X.509 certificate based authentication.

OracleAS Single Sign-On supports authentication against user identities and credentials stored in Oracle Internet Directory, with integration to other repositories such as Microsoft Active Directory and Sun Java System Directory

Oracle Enterprise Single Sign-On

Oracle Enterprise Single Sign-On Suite (eSSO Suite) is an upcoming product that provides true single sign-on for all the applications and resources in an enterprise, with no modification required to existing applications. It enables seamless retrofitting of strong, multifactor authentication to the desktop and to all legacy applications. eSSO Suite saves users from having to remember and manage multiple passwords and usernames. It also saves helpdesk time and money in responding to user requests to reset forgotten passwords. With the Oracle eSSO Suite, users log on once, and eSSO does the rest, automating every password management function, including logon, password selection, and password change and reset.

Identity Management

Automating user identity provisioning can reduce IT administration costs and improve security. Provisioning also plays an important role in regulatory compliance. Compliance initiatives focus on the enforcement of corporate policies as well as the demonstration of compliance with these standards. An enterprise identity management solution can provide a mechanism for implementing the user management aspects of a corporate policy, as well as a means to audit users and their access privileges. The Oracle Identity and Access Management Suite includes the following identity management products Oracle Identity Manager & Oracle Delegated Administration Services


Oracle Identity Manager

The Oracle Identity Manager platform automates user identity provisioning and deprovisioning and allows enterprises to manage the end-to-end lifecycle of user identities across all enterprise resources, both within and beyond the firewall. It provides an identity management platform that automates user provisioning, identity administration, and password management, wrapped in a comprehensive workflow engine.Automating user identity provisioning can reduce IT administration costs and improve security. Provisioning also plays an important role in regulatory compliance. Key features of Oracle Identity Manager include password management, workflow and policy management, identity reconciliation, reporting and auditing, and extensibility through adapters.Oracle Identity Manager also provides attestation support. Attestation is the process of having users or system managers confirm people's access rights on a periodic basis. Existing Sarbanes-Oxley requirements demand enterprises to perform attestation for all financially significant systems every three to six months. Identity Manager includes a highly flexible attestation solution to help enterprise customers meet these regulatory requirements in a cost-effective and timely manner. By setting up attestation processes in Identity Manager, enterprise customers can automate the process of generation, delivery, review, sign-off, delegation, tracking, and archiving of user access rights reports for reviewers on a scheduled or ad-hoc basis.

Oracle Delegated Administration Services


Oracle Delegated Administration Services, part of Oracle Internet Directory, provides trusted proxy-based administration of directory information by users and application administrators. Oracle Delegated Administration Services are implemented as a set of pre-defined, Web-based units that are embedded in the administrative interfaces for Oracle products such as OracleAS Portal, Oracle Collaboration Suite, the Oracle Database Security Manager and Oracle E-Business Suite. Included with Oracle Internet Directory is the DAS Self-Service Console, an easy-to-use, Web-based tool built on the Oracle Delegated Administration Services framework. The DAS Self-Service Console allows end users and application administrators to search for and manage data in the directory and provides Oracle Application Server administrators with a means of managing end users in the Oracle environment.

Oracle Identity and Access Management Products

Oracle's Identity and Access Management solution consists of two packages:

•Oracle Identity and Access Management Suite

a comprehensive set of best of breed components aimed at addressing the Identity and Access Management requirements of a heterogeneous enterprise

•Oracle Internet Directory

•Oracle Virtual Directory

•Oracle Access Manager

•Oracle Identity Federation

•Oracle Identity Manager


Oracle Application Server Infrastructure Components

•Oracle Internet Directory

•Oracle Directory Integration Platform

•Oracle Application Server Single Sign-On

•Oracle Delegated Administration Services