The Blue Cheese Effect

If your refridgerator needs to be cleaned out, everyone living with you probably knows it because the task is usually so far down on your to-do list, you might as well plan a trip to Mars first. The task moves up the list as the odor becomes worse with each door swing. Eventually it reaches crescendo when your friends, neighbors and significant other(s) can stand it no more. This is the point where the "smell" becomes the "stink" or for those of you counting yourselves as fans of Sir David Attenborough, it becomes titan arum.

Back in the 1990s, Kent (more...)

The Age of Scroogle

I hear that the Age of Facebook is upon us. While I was busy tending to my identity and access tomatoes, the new dawn has been declared. Apparently right outside my window there be walking people whose identity has been sucked into a space-time deviation yet they're blissfully unaware of this. For those of you in the know (read: in the possession of a secret handshake), the Age of Aquarius is really where things have been happening for a while but I digress.

Astrology and social networking aside (wait, aren't they one and the same?) I think (more...)

Holiday Pundemonium

There was a jolly man named St. Nick
Who didn't know which IDM stack to pick
By the yule log
He read our blog
That well-rounded cheeky man named St. Nick

Happy Holidays!

Oracle Access Manager 11g

More coverage of Oracle IAM 11g suite based on OpenWorld sessions. If Oracle Identity Manager 11g is an evolutionary step and Oracle Identity Analytics 11g is fresh air then OAM 11g is a shot heard round the world. Changes, they're a comin'.

The current release of Oracle Access Manager is based on the 2005 acquisition of Oblix. The Oblix product is written in C++ and is comprised of a number of independent components that all function, well, independently! In the late 90s-early 00s world of enterprise applications where CORBA was still considered a viable deployment option, J2EE was learning how (more...)

Oracle Identity Analytics 11g

UPDATE (Feb 2010): The product described in this post is dead. Sun Role Manager has been renamed to Oracle Identity Analytics and the end result is NOT the same as the product announced at OpenWorld. Stay tuned for more details in another blog post.


Another session at Oracle OpenWorld I attended was for Oracle Identity Analytics (OIA), a new product Oracle built from existing parts for 11g. The product was first announced in early summer of 2009 but if you were reading Oracle tea leaves, you knew about it even before that.

Oracle Identity Analytics is a "classic" (more...)

Oracle Identity Manager 11g

Hot off the Oracle OpenWorld presses, I give you OIM 11g:

To expand a bit on the above highlights:

1) Shiny new web UI based on Oracle's Application Development Framework (ADF).

2) BPEL-based request/approval workflows. By using inference and set algebra, I can claim that provisioning workflows will stay "as is" (if there can be such a state as "as is" in 11g). To see is to believe so we shall see.

3) Embedded Oracle Entitlement Server (OES) that will deliver enough semantic firepower in rules that make up various authorization pieces. I am calling this an OES (more...)

Oracle OpenWorld (Feeling Entitled)

Come see us at the Oracle OpenWorld 2009 Unconference on Monday Oct 12th at 4pm. We will be in Moscone West on 3rd floor in Overlook II. Our talk is entitled "Everything You Wanted to Know About Managing Entitlements with Oracle Identity Manager (OIM) But Were Afraid to Ask". Following our session, we'll be hosting a cocktail reception between 5:30pm-7pm. Please RSVP if you'd like to stop by and have a drink with us.

Naturally, we think our session will be very interesting but in case you want to see what else is out there, Oracle IDM marketing (more...)

She moves in mysterious ways

I like to refer to Identigral as "she." Perhaps it is a subconscious reaction, similar to naming a car Clarice or perhaps not, it is a woman-owned company after all. She is celebrating her third year today and I thought it might be a good idea for the blog to recap our top 11 greatest blog hits. In order of decreasing popularity, they are:

1. The Rise of Suncle, Volume 1. The first article in the 3-part Suncle series looks at the Oracle acquisition of Sun and drills down into their respective identity and access management product lines, taking (more...)

One Policy to Rule Them All

Thanks to Anil John's tweets, I've been alerted to National Institute of Standards and Technology (NIST) workshop on Access Management. Having worked for DARPA a long time ago in a land far away, I am not afraid of terms such as Plenary Session or Hotwash, they make any proceeding seem important and rife with danger. Someone abused their access privileges or shared a password? Call the NSA to erase him. (Let's see if there are going to be any information security incidents after that..)

I know that some are not aware that NIST does good work in the (more...)

No App Is An Island

...but perhaps it should be. A properly fortified island with double moats, crocodiles (or cheerleaders), molten lead showers, Spartan warriors and of course artillery straight from Guns of Navarone . (I don't know why you need artillery if you have crocodiles but I wanted to add it just in case. As the ancient Finnish proverb says, "backups never hurt").

In many an enterprise you'll find a network architecture where a lot of effort has been spent on protecting the perimeter, separating nice, shiny, internal TCP packets from mean, dirty and virus-laden external packets. (UDP packets are always lost and confused, no (more...)

Webinar – Managing Entitlements with Oracle Identity Manager

To showcase some of the challenges and solutions of managing entitlements' lifecycle, we're putting on a webinar. The topic of entitlement management is broad so we're going to focus on what we think has the highest value proposition to the business - entitlement attestation. We're going to demo some of the design patterns for fine-grained attestation as implemented in Oracle Identity Manager. Take a look at our entitlement blogs and our whitepaper (registration required) for background information.

Much Ado About Entitlements

The popularity of entitlements, both as a noun and as a thing, is rapidly growing in the IDM world. Before entitlements became an oratorio impossible to ignore even with the best Jedi mind tricks, there was a flutter of butterfly wings. That is, 2-3 people in a hallway at a conference started whispering entitlements, entitlements, entitlements . Then came presentations, then whitepapers from analysts and vendors and finally the Market noticed that, wait, what about entitlements? The chaos theory refers to the initial whisper event as a butterfly effect, there's no other explanation for their sudden rise to fame. I mean, (more...)

Super Agent 2.0

It has been years, literally, since I have heard anyone talk about agent vs agentless. Both sides have spoken, and I believe the resolution has been passed: Agentless (by that I mean nothing installed remotely from the server) whereever possible, then use agents. And in today's climate of open standards and secure communications, it seemed like "whereever possible" was everywhere. Thus, the debate died and it became an afterthought.

Then comes Microsoft Exchange 2008.From a remote java perspective, Microsoft Exchange was all figured out.Java applications utilized JNDI to communicate with the MS Active Directory Domain Server to set (more...)

Silence is Golden

Even with more daylight, I struggle with finding enough time to juggle family, work, and blog (not necessarily in that order, but pretty close most days). As a result of increased activity, I have been silent on the blogging front. This is not to say that I have not been thinking about all the interesting things to write about. With the workload increasing, the number of topics that I would like to discuss in an online forum also grows. Unfortunately entropy is hard to beat and without a perpetuum mobile as a source of energy, I have to find that (more...)

Rock around the clock

As the summer descends upon us, so have various industry conferences. With that raison d'etre, a rising tide of interesting discussions is sweeping across blogs and other assorted outlets of identity and access management sound and fury. Mark Diodati from the Burton Group weighed in on the ontological issue of privileged accounts and people who (ab)use them. The linguistic conundrum seems to be in differentiating Privileged Accounts from Privileged Users. The secret sauce of securing privileged accounts according to Burton is based on managing two ingredients: WHO has access to the accounts and WHAT the accounts can do.

In my (more...)

Ask Identigral (Issue 6)

Ask Identigral is our answer to Dear Abby. According to Wikipedia, "Dear Abby ... is known for its uncommon common sense and youthful perspective", two qualities we're striving for in our blog. Since Abby isn't very good when it comes to identity and access management products' arcana, I together with the rest of Identigral staff have decided to step in and close the gap. Email us your questions about any Oracle identity or access management product(s) and once a week we will post the answers here.

What is the best way to customize Oracle Identity Manager user interface?

When customizing any (more...)

Overcast weather

Toto, we aren't in Kansas anymore. I believe we have landed in Seattle where cloud cover is the norm.

At JavaOne they have a whole set of sessions dedicated to the Cloud. Soon, the Cloud (with a capital C, mind you) will be as pervasive as the web. (Wait, isn't it the same thing?!). I was fortunate enough to attend the standing-room only panel on Secure Cloud Computing this afternoon. The panel consisted of Michelle Dennedy from Sun, Joshua Davis from Qualcomm, Jim Reavis from Cloud Security Alliance, Tim Mathers (old timey (experience, not age) InfoSec guy), (more...)

Implementing Seek and Destroy (part 2)

In the previous blog post, I have described some of the best practices that are worthy of consideration when designing robust off-boarding processes. In part 1, I talked about how to implement some of these best practices using Oracle Identity Manager. This post is a continuation of the implementation discussion.

Trust but Verify. You need a system of checks and balances, at worst a single control where an alarm will go off somewhere if the terminated employee hasn't been off-boarded. In Oracle Identity Manager (OIM) this is best accomplished via attestation. Attestation tasks could be automatically generated for both (more...)

Ask Identigral (issue 5)

Ask Identigral is our answer to Dear Abby. According to Wikipedia, "Dear Abby ... is known for its uncommon common sense and youthful perspective", two qualities we're striving for in our blog. Since Abby isn't very good when it comes to identity and access management products' arcana, I together with the rest of Identigral staff have decided to step in and close the gap. Email us your questions about any Oracle identity or access management product(s) and once a week we will post the answers here

We have applied the latest patch to our Oracle Identity Manager installation. Does that mean (more...)

Spring Cleaning

Each spring an annual rite beckons me. Software engineers might call it refactoring, artists prefer the term deconstruction and tres chic museum curators use denouement. The rest of the world calls it cleaning up your mess. Cobwebs are removed, dust is annihilated, furniture is rearranged, (ab)used items are donated or discarded. This is more out of habit (as rites wont to occur), the local microclimate doesn't really require winter clothes to be put away and summer clothes to be readily available. If you go through all this trouble of taking things apart and putting them back together, you (more...)