Oracle Unveils Strategy for Service-Oriented Security
April 2008 by Marc Jacob
At the RSA Conference 2008, Oracle will outline its vision for Service-Oriented Security. By decoupling hard-coded security features from enterprise applications to create reusable, standards-based security services and protocols which any application can consume, Service-Oriented Security enables organizations to simplify and centralize several critical security processes including authentication, authorization, user administration, role management, identity virtualization and governance, and entitlement management, as well as audit and control.
Oracle’s Service-Oriented Security encompasses four IT processes - development, deployment, administration and governance. To date, the company has delivered key milestones associated with each of these components including:
o Development: Identity Governance Framework - a multi-vendor standard proposal, spearheaded by Oracle, that provides a service-oriented, privacy-aware architecture for developers to access identity data while adhering to usage policies. Oracle, in conjunction with the Liberty Alliance, has delivered the first open source component of the proposed standard.
o Deployment: General availability of Oracle(r) Role Manager - software, based on a service-enabled architecture that allows organizations to centrally model, define and manage a repository for business roles and relationships, which can then be used to drive role-based access control, provisioning and approvals across business applications.
o Administration: Beta release of Oracle Fine Grained Authorization - software designed to externalize hard-coded authorization policies from heterogeneous enterprise applications. The controlled beta preview complements Oracle’s comprehensive Identity and Access Management software that helps enable customers to administer the access rights of users as they interact with business applications today.
o Governance: General availability of Oracle Application Access Controls Governor 8.0 - latest release of control monitoring software that leverages an externalized Service-Oriented approach to provide segregation of duties analysis and enforcement for heterogeneous enterprise application environments.
Historically, organizations "bolted" security solutions on to their enterprise applications, a strategy that often hindered business agility. With Service-Oriented Security, organizations can now centralize security solutions in a more flexible security architecture.