Oracle® Identity Management Infrastructure Administrator's Guide 10g (10.1.4.0.1) Part Number B15994-01 |
|
|
View PDF |
Oracle's Identity and Access Management solution consists of two packages:
Oracle Identity and Access Management Suite, a comprehensive set of best of breed components aimed at addressing the Identity and Access Management requirements of a heterogeneous enterprise.
Identity management infrastructure, a set of components included as part of the Oracle Application Server infrastructure installation.
This chapter describes these two packages. It contains the following topics:
Oracle Identity and Access Management Suite includes:
Oracle Internet Directory, which is also included in identity management infrastructure. It is described in the next section.
Oracle Identity Federation, which provides standards-based, multi-protocol, and cross-domain single sign-on.
Oracle Security Developer Tools, which provides an API for developing federation and secure web services applications.
Oracle Access Manager, which provides web-based identity administration, as well as access control to web applications and resources running in a heterogeneous environments.
Oracle Identity Manager, an enterprise provisioning platform designed to manage complex environments with highly heterogeneous technologies.
Oracle Virtual Directory, which provides a single access point to user identity information scattered across multiple locations and services.
The identity management infrastructure is the set of identity management components included in an Oracle Application Server Infrastructure installation. The infrastructure provides distributed security to Oracle products and is included with Oracle Application Server, Oracle Database, and Oracle Collaboration Suite.
See Also: The "Installing OracleAS Infrastructure" chapter in Oracle Application Server Installation Guide. |
The identity management infrastructure includes the following components:
Oracle Internet Directory: A scalable, robust LDAP V3-compliant directory service implemented on the Oracle Database
Oracle Directory Integration Platform: a component of Oracle Internet Directory designed to perform directory synchronization as well as provisioning tasks in a directory-centric environment. Unlike Oracle Identity Manager, Oracle Directory Integration Platformis designed to manage a homogeneous environment consisting of directories and compatible Oracle products. Oracle Directory Integration Platform performs provisioning tasks by using data synchronization. Oracle Directory Integration Platform offers a small deployment footprint when workflow and a full featured policy engine is not required. which notifies target applications of changes to a user's status or information
Oracle Application Server Certificate Authority: A component that issues, revokes, renews, and publishes X.509v3 certificates to support PKI-based strong authentication methods
Oracle Application Server Single Sign-On (OracleAS Single Sign-On): A component that provides single sign-on access to Oracle and third-party Web applications
Oracle Delegated Administration Services: A component of Oracle Internet Directory that provides trusted proxy-based administration of directory information by users and application administrators
Many different applications, including third-party applications, Oracle E-Business Suite, Oracle Application Server, Oracle Database and Oracle Collaboration Suite, can use the identity management infrastructure, as shown in Figure 1-1.
While the identity management infrastructure provides an enterprise infrastructure for Oracle products, it can also be a general-purpose identity management solution for custom and third-party enterprise applications.
In addition, third-party application vendors certify with the identity management infrastructure to ensure proper operation.
The identity management infrastructure is designed to meet three key architectural objectives:
The identity management infrastructure is a shared infrastructure for all Oracle products and technology stacks, including Oracle Application Server, Oracle Database, Oracle E-Business Suite, and Oracle Collaboration Suite.
The identity management infrastructure provides a consistent security model among all Oracle products and technology stacks. The identity management infrastructure is planned for and deployed once, to support any current or future deployment of Oracle products.
The identity management infrastructure provides a secure, efficient, and reliable way to use and extend your investment in an existing third-party identity management infrastructure.
Within a third-party identity management environment, the identity management infrastructure provides a single consistent point of integration for the entire Oracle technology stack, eliminating the need to configure and manage integration of various individual Oracle products with the third-party environment
By using Oracle Directory Integration Platform, the identity management infrastructure takes advantage of the investment made in planning and deployment of a third-party enterprise directory. This provides a way to map and inherit major considerations such as directory naming, directory tree structure, schema extensions, access control, and security policies. Established procedures in an existing framework for user enrollment can be seamlessly incorporated into the corresponding operations of the identity management infrastructure.
If a third-party authentication service is in use, OracleAS Single Sign-On provides a way to integrate with the service and provide a seamless single sign-on experience to users accessing the Oracle environment. Certified interoperability solutions exist for leading third-party authentication platforms, and well-defined interfaces are available for implementing similar solutions for any new product.
The identity management infrastructure can be an enterprise-wide foundation for identity management, to support other Oracle products and third-party products deployed in the enterprise.
The identity management infrastructure can lower ownership costs by streamlining the maintenance of account information for all Oracle and third-party products. It also offers high levels of security and scalability, and provides numerous features. By supporting industry standards in all relevant interfaces, the identity management infrastructure can be customized and used in many different application environments.