The KOL Miner’s Daughter

Just when you've escaped from your past, it comes back to haunt you, something about learning from history and being doomed to repeat it. I had every intention of doing a blog post about identity management challenges associated with implementing business processes having to do with internal (employee) transfers but when worlds collide, singularity happens. Prodded by the announcement of an improved Twitter search, Oracle's Nishant Kaushik writes about the new "identity equation" This comes only two days after a blog on the very same subject by a former colleague of mine, Endeca's chief scientist Daniel Tunkelang. Two blogs, two (more...)

Meet Stanley Ipkiss

A few weeks ago a blog post by George Hulme on Health Information Trust Alliance (HITRUST) community site caught my attention. In his blog George talks about data breaches in the healthcare realm and how they are hard to prevent even if various data protection technologies are implemented. George wonders (more...)

Meet Stanley Ipkiss

A few weeks ago a blog post by George Hulme on Health Information Trust Alliance (HITRUST) community site caught my attention. In his blog George talks about data breaches in the healthcare realm and how they are hard to prevent even if various data protection technologies are implemented. George wonders if data masking can reduce the frequency of data breaches where the primary attack vector is theft of data from non-production environments and I wanted to examine this premise in the context of implementing an identity administration solution with a product such as Oracle Identity Manager.

Data masking is an (more...)

Ask Identigral (issue 2)

Ask Identigral (tag, category) is our answer to Dear Abby. According to Wikipedia, "Dear Abby ... is known for its uncommon common sense and youthful perspective", two qualities we're striving for in our blog. Since Abby isn't very good when it comes to identity and access management products' arcana, I together with the rest of Identigral staff have decided to step in and close the gap. Email us your questions about any Oracle identity or access management product(s) and once a week we will post the answers here.

Question: I am trying to use Deployment Manager for importing my prevoiusly exported (more...)

Ask Identigral (issue 2)

Ask Identigral (tag, category) is our answer to Dear Abby. According to Wikipedia, "Dear Abby ... is known for its uncommon common sense and youthful perspective", two qualities we're striving for in our blog. Since Abby isn't very good when it comes to identity and access management products' arcana, I together (more...)

Segregation of Duties – Panacea or Pandemic

Recently I have been exploring the new APIs that came out in Oracle Identity Manager 9.1.x and what they can do for our customers. Most exciting are the new reconciliation APIs. For any company that views compliance as a raison d'etre of their identity management system, reconciliation must occur. Audit and reporting are aspects of compliance that require reconciliation. From a business perspective, it doesn't matter whether reconciliation is done under the auspices of the software product or by an IT group that gets together nightly for cappuccinos and crackers while comparing source systems or by monkeys hitting (more...)

Segregation of Duties – Panacea or Pandemic

Recently I have been exploring the new APIs that came out in Oracle Identity Manager 9.1.x and what they can do for our customers. Most exciting are the new reconciliation APIs. For any company that views compliance as a raison d'etre of their identity management system, reconciliation must (more...)

Action-Reaction

One of the nice-to-have benefits of implementing an identity management solution is the ability to know what's going on inside a target system. If someone creates an account on the target and the account violates an IT policy or procedure (thou shall not create accounts directly without going through Oracle Identity Manager), this fact is quickly discovered during reconciliation (if it's smart enough!) and/or subsequent review of reports. This problem of so-called rogue accounts is encountered very often and we've engineered many a solution for it for customers. (Naturally all of our solutions are very smart (more...)

Action-Reaction

One of the nice-to-have benefits of implementing an identity management solution is the ability to know what's going on inside a target system. If someone creates an account on the target and the account violates an IT policy or procedure (thou shall not create accounts directly without going through (more...)

Authorization in Oracle BI Server (OBIEE)

Oracle Business Intelligence Server (BI Server) is a server product in Oracle's Business Intelligece Enterprise Edition Plus (OBIEE) suite. BI Server stores metadata such as business models in its own repository. Naturally, access to various repository assets needs to be secured. User accounts can be defined explicitly in an Oracle BI repository or in an external source (such as a database table or an LDAP-compliant directory server). Authenticating to an external source is a matter of configuration. Next comes everyone's favorite challenge - authorization.

BI Server uses groups as authorization principals, i.e. membership in a particular group (more...)

Authorization in Oracle BI Server (OBIEE)

Oracle Business Intelligence Server (BI Server) is a server product in Oracle's Business Intelligece Enterprise Edition Plus (OBIEE) suite. BI Server stores metadata such as business models in its own repository. Naturally, access to various repository assets needs to be secured. User accounts can be defined explicitly in (more...)

Ask Identigral (issue 1)

Ask Identigral is our answer to Dear Abby. According to Wikipedia, "Dear Abby ... is known for its uncommon common sense and youthful perspective", two qualities we strive for in our blog. Unfortunately Abby is not very technical, I keep wanting to cross her with Walt Mossberg of Wall Street Journal but this will have to wait until next century. Since neither Abby nor Walt are any good when it comes to identity and access management products' arcana, I together with the rest of Identigral staff have decided to step in and close the gap. Email us your questions about any (more...)

Ask Identigral (issue 1)

Ask Identigral is our answer to Dear Abby. According to Wikipedia, "Dear Abby ... is known for its uncommon common sense and youthful perspective", two qualities we strive for in our blog. Unfortunately Abby is not very technical, I keep wanting to cross her with Walt Mossberg of Wall Street Journal (more...)

Generic Connector and the Temple of Doom

The City of Atlantis. The Holy Grail. The Philosopher's Stone. The Perpetual Motion Machine. The Generic Identity Management Connector. This is the stuff of legend with folk tales reverberating through the ages. (The rise of scientific method during Renaissance with empirical evidence as a way of learning? An early example of reconciliation). Building connectors for customers and trying various frameworks as a way of decreasing the cost of creating a connector, I've been thinking about the notion of a generic connector

Connectors have always been the bane of any identity management solution. Without a way to understand or influence (more...)

Generic Connector and the Temple of Doom

The City of Atlantis. The Holy Grail. The Philosopher's Stone. The Perpetual Motion Machine. The Generic Identity Management Connector. This is the stuff of legend with folk tales reverberating through the ages. (The rise of scientific method during Renaissance with empirical evidence as a way of learning? An early (more...)

Provisioning Active Directory – Best Practices

After the very popular Suncle series covering the Sun/Oracle identity and access portfolios, the blog went on a brief hiatus but we're baaaaaaack. Instead of giving y'all yet another dose of Identigral, we've got Martin Sandren as our guest blogger today.

Martin is a security architect at Genzyme in Boston. Prior to joining Genzyme he spent four years implementing Oracle Identity Manager for Sena Systems in both US and Europe. Martin is originally from Sweden where he received his Masters degree in computer science from Chalmers University of Technology. He also lived in Germany and the UK. You can reach (more...)

Provisioning Active Directory – Best Practices

After the very popular Suncle series covering the Sun/Oracle identity and access portfolios, the blog went on a brief hiatus but we're baaaaaaack. Instead of giving y'all yet another dose of Identigral, we've got Martin Sandren as our guest blogger today.

Martin is a security architect at Genzyme in Boston. (more...)

The big bite

We at Identigral are a bit obsessed with Edward Lear so we couldn't help ourselves. Instead of writing another few pages worth of text on Sun/Oracle future, we thought it would be easier to summarize the last few days in two limericks:

There was a company whose name was Sun
That took Java out for a run
With NetBeans spilled
And MySQL forked
Larry the Yachtsman got the wine uncorked

There is a company in Redwood Shores
Whose appetite grew in fours
A fork in the left
A spoon in the right
And the Valley became one big bite

The big bite

We at Identigral are a bit obsessed with Edward Lear so we couldn't help ourselves. Instead of writing another few pages worth of text on Sun/Oracle future, we thought it would be easier to summarize the last few days in two limericks:

There was a company whose name was Sun
(more...)

The rise of Suncle: Solaris, Java, ripple effects

In previous articles on this blog, we took a look at all 3 parts of Sun/Oracle identity and access management portfolio - identity administration, access management and directory services. This blog will talk about some of the other components of the acquisition.

Solaris. With Oracle gaining ownership of Solaris, (more...)