Title: Oracle Security and Identity Management
1Oracle Security and Identity Management
Wojciech Karwowski Piotr Kopczynski Oracle Polska
2Agenda
- Oracle Database security
- Oracle Advanced Security Option
- Oracle Virtual Private Database
- OracleAS platform security Identity Management
- Internet Directory (LDAP)
- User Provisioning
- Single Sign-on
- Certificate Authority
- Delegated Administration Services
3Oracle Database Security
4Oracle DatabaseAdvanced Security Option
- Privacy Solutions
- Data Protection over the wire
- Client to Server
- Mid tier to Server
- Dataguard (Primary to Standby)
- JDBC (thick and thin), OCI
- Strong Authentication
- Strong alternatives to passwords
- Industry Standard Solutions
- PKI, Kerberos, RADIUS
5Oracle DatabaseAdvanced Security Option
Native ASO (client/server)
SSL (Internet)
RC4
RC4
Crypto
AES
AES
3DES
3DES
MD5
MD5
Integrity
SHA-1
SHA-1
Kerberos, Radius (tokens, chip cards)
certificates X.509 version3
Authenti cation
6Oracle DatabaseVirtual Private Database
- Column Relevant Policies
- Policy enforced only if specific columns are
referenced - Increases row level security granularity
7Oracle Database Virtual Private Database
- Column Filtering
- Optional VPD configuration to return all rows but
filter out column values in rows which dont meet
criteria
8Oracle Label Security
- Pre-enabled row level security
- Built on Virtual Private Database
- Label Based Access Control (LBAC) framework
- Based on stringent government and commercial
requirements for row level security - Data access is based on sensitivity labels and
customizable enforcement options - Leverages Identity Management for
- Labels
- Identities and roles
- Policy information
9OracleAS Identity Management
10Oracle Application Server 10g
11Identity Management
12Identity Management Components
13Internet Directory
- Scalability
- Millions of users
- 1000s of simultaneous clients
- High availability
- Multimaster Fan-out replication
- Hot backup/recovery, RAC, etc.
- Manageability
- Grid Control multi-node monitoring
- Security
- Comprehensive password policies
- Role policy based access control
- Auditability
- Extensibility Virtualization
- Plug-in Framework
- Attribute and namespace virtualization
- External authentication
- Custom password policies
LDAP Clients
OID Server
Directory Admin Console
Oracle Database
14Directory Integration
External Directories
DirectoryIntegrationService
SunOne
Active Directory
OracleInternet Directory
Oracle HR
Oracle DB
OpenLDAP
eDirectory
Connectors
15Provisioning Integration
Corporate HR (Employee Enrollment)
Portal
eMail
ERP,CRM,
OID
Helpdesk Admin
Event Notification Engine
Policy Workflow Engine
Portal Admin
Partner Provisioning System
eMail Admin
Oracle Provisioning Integration Service
Self-service (Pswds, preferences)
16Single Sign-On
OracleAS Enabled Environment
ERP, CRM,
OracleAS Single Sign-on
Portal
PKI, pwd, Win2K Native Auth
Partner SSO (Netegrity, RSA, Oblix)
SecureID, Biokey,
- Integrates Oracle and partner-SSO enabled apps
- Transparent access to DB Tier, 3rd party web apps
- Multiple AuthN options
- Different auth modes to match application
security levels
Federation / Liberty
Partner SSO Enabled Environment
Extranet
17Certificate Authority
Oracle Internet Directory
- Solution for strong authentication / PKI
- Easy provisioning of X.509v3 digital certificates
for end users - Web Based certificate management and
administration - Seamless integration with Oracle Application
Server Single Sign-On OID
User
Oracle Single Sign-On
Metadata Repository
Oracle Certificate Authority
Secure IT Facility
18Delegated Administration Services
- Admin console w/ role-based customization
- User / group management
- End-user vs Admin views
- Admin delegation
- End-user self-service
- Self service provisioning
- Set preferences, Org-chart
- Pswd reset
- Embeddable admin components
- For integration with Apps
- Extensively configurable
- Accommodate new applications
- Customize UI views
19Oracle Security and Identity Management
- Key component of Oracles overall security
strategy - Provides an integrated identity management
infrastructure built upon Oracles unbreakable
technology - Centralizes security management of Oracle
applications across the enterprise - Provides a robust, standards-based platform for
security services to the entire enterprise