Segregation of Duties – Panacea or Pandemic

Recently I have been exploring the new APIs that came out in Oracle Identity Manager 9.1.x and what they can do for our customers. Most exciting are the new reconciliation APIs. For any company that views compliance as a raison d'etre of their identity management system, reconciliation must (more...)

Segregation of Duties – Panacea or Pandemic

Recently I have been exploring the new APIs that came out in Oracle Identity Manager 9.1.x and what they can do for our customers. Most exciting are the new reconciliation APIs. For any company that views compliance as a raison d'etre of their identity management system, reconciliation must occur. Audit and reporting are aspects of compliance that require reconciliation. From a business perspective, it doesn't matter whether reconciliation is done under the auspices of the software product or by an IT group that gets together nightly for cappuccinos and crackers while comparing source systems or by monkeys hitting (more...)

Action-Reaction

One of the nice-to-have benefits of implementing an identity management solution is the ability to know what's going on inside a target system. If someone creates an account on the target and the account violates an IT policy or procedure (thou shall not create accounts directly without going through (more...)

Action-Reaction

One of the nice-to-have benefits of implementing an identity management solution is the ability to know what's going on inside a target system. If someone creates an account on the target and the account violates an IT policy or procedure (thou shall not create accounts directly without going through Oracle Identity Manager), this fact is quickly discovered during reconciliation (if it's smart enough!) and/or subsequent review of reports. This problem of so-called rogue accounts is encountered very often and we've engineered many a solution for it for customers. (Naturally all of our solutions are very smart (more...)

Authorization in Oracle BI Server (OBIEE)

Oracle Business Intelligence Server (BI Server) is a server product in Oracle's Business Intelligece Enterprise Edition Plus (OBIEE) suite. BI Server stores metadata such as business models in its own repository. Naturally, access to various repository assets needs to be secured. User accounts can be defined explicitly in (more...)

Authorization in Oracle BI Server (OBIEE)

Oracle Business Intelligence Server (BI Server) is a server product in Oracle's Business Intelligece Enterprise Edition Plus (OBIEE) suite. BI Server stores metadata such as business models in its own repository. Naturally, access to various repository assets needs to be secured. User accounts can be defined explicitly in an Oracle BI repository or in an external source (such as a database table or an LDAP-compliant directory server). Authenticating to an external source is a matter of configuration. Next comes everyone's favorite challenge - authorization.

BI Server uses groups as authorization principals, i.e. membership in a particular group (more...)

Ask Identigral (issue 1)

Ask Identigral is our answer to Dear Abby. According to Wikipedia, "Dear Abby ... is known for its uncommon common sense and youthful perspective", two qualities we strive for in our blog. Unfortunately Abby is not very technical, I keep wanting to cross her with Walt Mossberg of Wall Street Journal (more...)

Ask Identigral (issue 1)

Ask Identigral is our answer to Dear Abby. According to Wikipedia, "Dear Abby ... is known for its uncommon common sense and youthful perspective", two qualities we strive for in our blog. Unfortunately Abby is not very technical, I keep wanting to cross her with Walt Mossberg of Wall Street Journal but this will have to wait until next century. Since neither Abby nor Walt are any good when it comes to identity and access management products' arcana, I together with the rest of Identigral staff have decided to step in and close the gap. Email us your questions about any (more...)

Generic Connector and the Temple of Doom

The City of Atlantis. The Holy Grail. The Philosopher's Stone. The Perpetual Motion Machine. The Generic Identity Management Connector. This is the stuff of legend with folk tales reverberating through the ages. (The rise of scientific method during Renaissance with empirical evidence as a way of learning? An early (more...)

Generic Connector and the Temple of Doom

The City of Atlantis. The Holy Grail. The Philosopher's Stone. The Perpetual Motion Machine. The Generic Identity Management Connector. This is the stuff of legend with folk tales reverberating through the ages. (The rise of scientific method during Renaissance with empirical evidence as a way of learning? An early example of reconciliation). Building connectors for customers and trying various frameworks as a way of decreasing the cost of creating a connector, I've been thinking about the notion of a generic connector

Connectors have always been the bane of any identity management solution. Without a way to understand or influence (more...)

Provisioning Active Directory – Best Practices

After the very popular Suncle series covering the Sun/Oracle identity and access portfolios, the blog went on a brief hiatus but we're baaaaaaack. Instead of giving y'all yet another dose of Identigral, we've got Martin Sandren as our guest blogger today.

Martin is a security architect at Genzyme in Boston. (more...)

Provisioning Active Directory – Best Practices

After the very popular Suncle series covering the Sun/Oracle identity and access portfolios, the blog went on a brief hiatus but we're baaaaaaack. Instead of giving y'all yet another dose of Identigral, we've got Martin Sandren as our guest blogger today.

Martin is a security architect at Genzyme in Boston. Prior to joining Genzyme he spent four years implementing Oracle Identity Manager for Sena Systems in both US and Europe. Martin is originally from Sweden where he received his Masters degree in computer science from Chalmers University of Technology. He also lived in Germany and the UK. You can reach (more...)

The big bite

We at Identigral are a bit obsessed with Edward Lear so we couldn't help ourselves. Instead of writing another few pages worth of text on Sun/Oracle future, we thought it would be easier to summarize the last few days in two limericks:

There was a company whose name was Sun
That took Java out for a run
With NetBeans spilled
And MySQL forked
Larry the Yachtsman got the wine uncorked

There is a company in Redwood Shores
Whose appetite grew in fours
A fork in the left
A spoon in the right
And the Valley became one big bite

The big bite

We at Identigral are a bit obsessed with Edward Lear so we couldn't help ourselves. Instead of writing another few pages worth of text on Sun/Oracle future, we thought it would be easier to summarize the last few days in two limericks:

There was a company whose name was Sun
(more...)

The rise of Suncle: Solaris, Java, ripple effects

In previous articles on this blog, we took a look at all 3 parts of Sun/Oracle identity and access management portfolio - identity administration, access management and directory services. This blog will talk about some of the other components of the acquisition.

Solaris. With Oracle gaining ownership of Solaris, Oracle Enterprise Linux (OEL) will no longer be an ever-present entity looking very forlorn on the list of supported/certified platforms for a particular Oracle identity or access product. I don't think Oracle will abandon OEL completely (RedHat and IBM need to be kept in check, after all) but it will (more...)

The rise of Suncle: Solaris, Java, ripple effects

In previous articles on this blog, we took a look at all 3 parts of Sun/Oracle identity and access management portfolio - identity administration, access management and directory services. This blog will talk about some of the other components of the acquisition.

Solaris. With Oracle gaining ownership of Solaris, (more...)

The rise of Suncle: Directory Services

I've covered identity administration and access management pieces of Sun/Oracle (affectionately referred to as Suncle on this blog) product portfolio in my previous blog posts. This one will address the remaining third - directory services. (Updated to correct the omission of virtual directory and identity synchronization from Sun's suite).

Oracle brings Oracle Internet Directory (OID) and Oracle Virtual Directory (OVD) to the party, Sun brings Sun Java System Directory Server (Sun DS) Enterprise Edition. Sun's Enterprise Edition packaging includes 3 pieces: Directory Server, Directory Proxy Server and Identity Synchronization for Windows. Sun's Directory Server corresponds to Oracle Internet Directory, Sun's (more...)

The rise of Suncle: Directory Services

I've covered identity administration and access management pieces of Sun/Oracle (affectionately referred to as Suncle on this blog) product portfolio in my previous blog posts. This one will address the remaining third - directory services. (Updated to correct the omission of virtual directory and identity synchronization from Sun's suite).

Oracle (more...)

The rise of Suncle: Access Management

This post is a continuation of a series analyzing Sun/Oracle acquisition in the context of identity and access management. Read the Identity Administration article if you want to start from the very beginning.

Access Management. Oracle has quite a few pieces in this bucket but only three of them have a counterpart in Sun's world: Oracle Access Manager (OAM), Oracle Identity Federation (OIF) and Oracle Web Services Manager (OWSM). Sun's OpenSSO product contains web and federated single sign-on capabilities along with a bit of web services security. Oracle fields three separate products to answer the same needs - Access Manager (more...)

The rise of Suncle: Access Management

This post is a continuation of a series analyzing Sun/Oracle acquisition in the context of identity and access management. Read the Identity Administration article if you want to start from the very beginning.

Access Management. Oracle has quite a few pieces in this bucket but only three of them have (more...)