Oracle centralizes security processes into Service-Oriented Security

* Oracle centralizes security processes into Service-Oriented Security SOS covers authentication, authorization, user administration, role management, and more

Last week I told you about RSA's (that's RSA, The Security Division of EMC, of course) announcements at the RSA 2008 Conference. Today we'll cover a few more and try to get to the rest in the next issue. Next week we'll begin coverage of the 2nd European Identity Conference which begins on April 22. But let's start off by looking at what Oracle did, and didn't, announce at RSA.

Last week I told you about RSA's (that's RSA, The Security Division of EMC, of course) announcements at the RSA 2008 Conference. Today we’ll cover a few more and try to get to the rest in the next issue. Next week we’ll begin coverage of the 2nd European Identity Conference which begins on April 22. But let's start off by looking at what Oracle did, and didn’t, announce at RSA.

The biggest announcement signaled a change in philosophy for Larry Ellison’s company. In essence, Oracle will decouple the hard-coded security features from enterprise applications. Well, there is more to it than that! Instead, it will re-institute those features in a fashion Oracle's calling Service-Oriented Security (SOS), which should enable organizations to simplify and centralize critical security processes including authentication, authorization, user administration, role management, identity virtualization and governance, and entitlement management, as well as audit and control using reusable, standards-based security services and protocols which any application can consume.

SOS is sorted into four IT processes – development, deployment, administration and governance. Development is represented by the company's ongoing effort to grow the Identity Governance Framework (IGF) as an open standard. Governance is covered by Oracle Application Access Controls Governor (currently Version 8.0). Administration is handled by Oracle Fine Grained Authorization (currently in controlled beta release with a planned public release later this year). The deployment process will be handled by Oracle Role Manager, which got an announcement all its own.

With immediate availability, Oracle Role Manager is the first shipment of the product Oracle acquired when it purchased Bridgestream last fall. According to Oracle, the package enables customers to "define and manage organizational relationships, roles, and associated privileges for improved security and regulatory compliance. Business users are empowered to manage business roles accurately and efficiently by utilizing advanced statistical analysis, administrative automation tools and a highly flexible design interface.” There doesn’t appear to be any new functionality in this release except for some tighter integration into the middleware Oracle Fusion stack. Still, someone’s been working long hours to get this out this quickly, just six months after the acquisition closed.

The biggest announcement at RSA didn’t come from a traditional identity management vendor but from an appliance maker. Kitchen appliances, that is. And I don’t mean Siemens. Check back next time for more on that.

Upcoming events from the IdM Journal calendar:

* May 12-14: Internet Identity Workshop, Mountain View, CalifIdentity Camp, Bremen, GermanyGartner Identity & Access Management Summit, London, U.K.

* June 7-8:

* June 23:

Learn more about this topic

 
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Take IDG’s 2020 IT Salary Survey: You’ll provide important data and have a chance to win $500.