Introduction to Oracle Entitlements Server

Summary

Application security has evolved from perimeter security to basic access control and single sign-on at the Web tier. Today the need to provide fine-grained control and audit in enterprise applications is pushing security deeper in the application stack.

Currently, enterprises face three challenges

embedded entitlements decisions in the applications,
integration with existing security solutions, and
the complexity of the entitlements model.

Oracle Entitlements Server is an enterprise security product that provides two important benefits. First, it is a fine-grained entitlements product that provides a means to centrally define and manage policy to control access to applications. Second, it is a security service platform to provide security services to applications across multiple application environments.

Oracle Entitlements Server provides flexibility in its deployment. It can be used in a container based deployment with plug-in Security Service Modules for WebLogic products, Web Servers, and Java applications. It can be used in a services based deployment with client applications making SOAP calls to a centrally located Web Service SSM for security services.

Oracle Entitlements Server is an entitlements systems that provide the means to define application resources and application businesses objects, represent those objects in hierarchical relationships, and write policy that describes which users, groups and roles can access those objects.

Oracle Entitlements Server allows you to externalize entitlements – remove security decisions from the application. You can write policies that control access to both application software components as well as arbitrary business objects in the application. The Oracle Entitlements Server supports a hierarchical model of resources and policies with inheritance. Oracle Entitlements Server supports two types of policies -- for defining roles and for controlling access to resources in the application.

Oracle Entitlements Server is also a security services platform that provides five basic services for authentication, authorization, role mapping, auditing, and credential mapping. This service infrastructure is based on the WebLogic security framework and supports the same Security Service Provider Interfaces (SSPIs). User can add there own providers to replace or work in conjunction with the providers that ship with Oracle Entitlements Server.