Oracle® Internet Directory Administrator's Guide 10g (9.0.4) Part Number B12118-01 |
|
Directory Concepts and Architecture, 14 of 15
Identity management is the process by which the complete security life cycle for network entities is managed in an organization. Because Oracle Internet Directory is a key element of the Oracle Identity Management infrastructure, it enables you to simplify security management across all applications. To do this, you deploy multiple Oracle components against a shared instance of Oracle Internet Directory and of other Oracle Identity Management components. This requires careful planning to match the Oracle Internet Directory deployment with the security needs of your enterprise.
This section contains these topics:
Identity management most commonly refers to the management of an organization's application users. Steps in their security life cycle include account creation, suspension, privilege modification, and account deletion. The managed entities may also include devices, processes, applications, or anything else that needs to interact in a networked environment. They may also include users outside of the organization, for example customers, trading partners, or Web services.
Identity management is important to IT deployments because it can reduce administrative costs while at the same time improving security.
The Oracle Identity Management infrastructure enables deployments to manage centrally and securely all enterprise identities and their access to various applications in the enterprise. Identity management comprises these tasks:
Oracle Identity Management is an integrated infrastructure that Oracle products rely on for distributed security. It is part of the infrastructure of the Oracle Application Server and for other Oracle products as well. Figure 2-9 illustrates the components of the Oracle Identity Management infrastructure and how various Oracle and third-party products rely on it.
As shown in Figure 2-9, the Oracle Identity Management infrastructure includes the following components and capabilities:
While Oracle Identity Management is designed to provide an enterprise infrastructure for Oracle products, it can also serve as a general-purpose identity management solution for user-written and third-party enterprise applications. It provides a robust and scalable enterprise-wide identity management platform for third-party applications, hardware, and network operating systems. Custom applications can leverage Oracle Identity Management through a set of documented and supported services and APIs, for example:
In addition, Oracle works with third-party application vendors to ensure that their applications can leverage Oracle Identity Management out of the box.
See Also:
Oracle Identity Management Concepts and Deployment Planning Guide for more information about the Oracle Identity Management infrastructure |
An identity management realm defines an enterprise scope over which certain identity management policies are defined and enforced by the deployment. It comprises:
You can define multiple identity management realms within the same Oracle Identity Management infrastructure. This enables you to isolate user populations and enforce a different identity management policy--for example, password policy, naming policy, self-modification policy--in each realm.
Each identity management realm is uniquely named to distinguish it from other realms. It also has a realm-specific administrator with complete administrative control over the realm.
For all Oracle components to function, an identity management realm is required. One particular realm, created during installation of Oracle Internet Directory, is called the default identity management realm. It is where Oracle components expect to find users, groups, and associated policies whenever the name of a realm is not specified.
There can be only one default identity management realm in the directory. If a deployment requires multiple identity management realms, then one of them must be chosen as the default.
The Oracle Identity Management infrastructure supports a flexible set of management policies which comprise:
|
![]() Copyright © 1999, 2003 Oracle Corporation. All Rights Reserved. |
|