What's New in this Guide?

This chapter describes new features and changes and updates to this book. See the following sections for details:

Changes for Oracle Adaptive Access Manager 11g Release 2 (11.1.2)

Oracle Adaptive Access Manager 11g Release 2 (11.1.2) includes many important features and enhancements that were not available with Oracle Adaptive Access Manager 11g Release 1 (11.1.1). The following is a list of the new features and enhancements:

Areas Features and Enhancements
Enhanced mobile security Enhanced mobile security includes:
  • Better mobile browser user experience

  • Mobile tuned security policies

  • REST services and SDK for mobile application developers

  • Lost and stolen mobile device security

Transactional autolearning New transactional autolearning includes:
  • Customizable patterning

  • Transaction rule conditions

Investigation tools New investigation tools have been added to make investigations quicker and easier:
  • Improved case management

  • Utility panel quick search

  • Utility panel notes pane

  • Search transactions

  • Additional search filters for transaction and entity data, alert messages, geographic location, and IP addresses range

  • Transaction details

  • Compare transactions

  • Streamlined white/black listing

  • Multitenant access controls for customer service representative interface to allow protection of multiple application tenants with a single instance of OAAM

  • "Add to Group" feature in search sessions and details pages that enables entities to be added to groups easily

Entity enhancements Enhanced entities includes:
  • Linked entities

  • Entity CRUD operations

  • Targeted purging

Access monitoring toolkit The Access monitoring toolkit includes:
  • JMSQ interface

  • Database view generation


See the following table for information that has been added or updated in this guide.

New Section/Chapters Information
New section on virtual authentication devices For information, see Section 1.2.3, "Virtual Authentication Devices."
New section on mobile access security For information, see Section 1.2.8, "Mobile Access Security."
New section on fraud investigation tools For information, see Section 1.2.10, "Fraud Investigation Tools."
Revised investigation chapter to include Search and Compare Transactions, Utility Panel features, and enhanced Session Details page For information, see Chapter 5, "Investigation Using OAAM."
New chapter on KBA and OTP challenges For information, see Chapter 9, "KBA and OTP Challenges."
New OAAM Policy Concepts and Reference chapter. For information, see Chapter 10, "OAAM Policy Concepts and Reference."
New section on transaction -based patterns For information, see Chapter 15, "Using Transaction-Based Patterns."
New chapter on modeling transactions For information, see Chapter 18, "Modeling the Transaction in OAAM."
Updated entities chapter to include more screen examples For information, see Chapter 19, "Creating and Managing Entities."
Updated transactions chapter For information, see Chapter 20, "Managing Transactions."
New chapter on performance considerations and best practices For information, see Chapter 28, "Performance Considerations and Best Practices."
New sections on troubleshooting and frequently asked questions For information, see Chapter 29, "FAQ/Troubleshooting."
New appendix on using OAAM. For information, see Appendix A, "Using OAAM."
New sections in conditions chapter For information, see Appendix B, "Conditions Reference."
New appendix on OAAM properties For information, see Appendix C, "OAAM Properties."

Changes for Oracle Adaptive Access Manager 11g Release 1 (11.1.1)

Oracle Adaptive Access Manager 11g Release 2 (11.1.1) includes many important features and enhancements that were not available with Oracle Adaptive Access Manager 10g. The following 11g topics have been documented in this guide:

Areas Features and Enhancements
Interface The new rich Oracle Adaptive Access Manager user interface provides
  • Navigation and Policy trees, which allow quick and visible access to features

  • Tabs and accordion panels that reduce real estate usage for multitasking

  • Streamlined flows that capture use case flows of execution. For example, the flow for rules is search, create, edit, and copy rules

  • Improved search and filtering, where you can save searches and filter directly on columns

  • New and improved screens in Oracle Adaptive Access Manager. Oracle Adaptive Access Manager provides enhanced usability for fraud analysis and forensic operations

  • Advanced table display controls to add and remove columns, reposition and resize columns, and detach columns

  • Additional search filters for alert messages, geographic location, and IP range

  • Export feature that enables search results to be exported to an Excel file format

  • New "Add to Group" feature in search sessions and details pages that enables entities to be added to groups easily

  • Direct access to documentation from Oracle Adaptive Access Manager

Security Policies Newly updated security policies that incorporate:
  • Patterns and other techniques to improve the accuracy and risk analysis

  • Oracle Data Miner along with new rule conditions and improved learning patterns to create a unique and optimized real-time risk analytics solution more capable of profiling behaviors than previous versions

Policy Creation New features in policy creation enables you to:
  • Copy policies to checkpoints

    Policies can be copied to other checkpoints. When policies are copied, all the details are copied including the nested policies, trigger combinations, preconditions, group linking, and others

  • Configure trigger combinations more easily

    The new design enables you to more easily define and manage trigger combinations and allows the appending or overriding of actions and alerts

  • Execute nested conditions

    New conditions support the execution of nested policies

  • View indicators

    Indicators are available to show the number of policies linked to a policy, rules, trigger combinations, group linking, conditions in policies, and so on

Rule Creation Rules are now much easier to create.
  • Rule creation has been simplified with the removal of rule templates from the product.

  • Rules can be copied to different policies under any checkpoint

OTP Anywhere OTP Anywhere can create universal delivery options for auto-generated one-time-passwords used for secondary, risk-based user challenges to add sophisticated security to basic authentication flows.
Investigation New investigation tools have been added to make investigations quicker and easier
  • Details screen that allow investigators, security administrators, and other power users to cross reference on data points to find related data in a quick and easy way

  • The new agent cases that make forensic investigations quicker, easier and more successful. Events can be configured to create a case automatically. An investigator can quickly view the data involved in an incident and quickly locate related situations by easily harnessing the complex data relationships captured by OAAM

Encryption Keys Encryption keys required by Oracle Adaptive Access Manager can be securely managed using Fusion Middleware Control without having to create Keystore files
Universal Risk Snapshot Snapshots can be created allowing security administrators to simply and easily migrate security data across environments or restore security configuration to a known state
Multitenancy Multitenant access controls for customer service representative interface to allow protection of multiple application tenants with a single instance of OAAM
OAAM Batch Risk Analysis Oracle Adaptive Access Manager batch risk analysis tool to be used as:
  • A standalone security tool to analyze, detect and alert high risk transactions

  • A research and development tool to create and verify new policies and rules using offline customer data without impacting customers in real-time environment

  • A supplemental batch analysis tool in the tuning of rules and verification of rules behavior against real customer and transaction data without impacting customers in real-time environment

Audit Most of the administrative operations are now audited using Oracle Audit Service. Audit events can be viewed using the standard audit reports.
Web Services Oracle Adaptive Access Manager Web services are implemented using Oracle Web Services.
Application Logging Oracle Adaptive Access Manager 11g uses Java logging instead of log4j. Logging can be configured using Fusion Middleware Control.
Integration with the Dynamic Monitoring System Some performance metrics are now integrated with Dynamic Monitoring System. These metrics and related reports can be viewed using Fusion Middleware Control

Changes for Oracle Adaptive Access Manager from 10g to 11g

Customers migrating from Oracle Adaptive Access Manager 10g to 11g will notice key changes. These changes are intended to align terminology used across the Identity Management suite products and simplify administration.

Oracle Adaptive Access Manager provided terminology changes in 11g, as shown in the following table.

General Term Changes

10g Term 11g Term
runtime checkpoint

A checkpoint is a specified point in a session when Adaptive Access Manager collects and evaluates security data using the rules engine.

model policy

Policies contain security rules and configurations used to evaluate the level of risk at each checkpoint.

manual override trigger combination

Trigger combinations are additional results and policy evaluation that are generated if a specific sequence of rules trigger.

Application ID Organization ID

From the administration perspective, each application or primary user group is translated into an "Organization ID." The term, "Application ID" has been renamed as "Organization ID," which represents the primary user group of a particular user.

For the OAAM Server side, the term "Application ID" remains the same as before. When communicating with proxies, OAAM Server passes the Applications ID, which uniquely identifies an application.


Concept Changes

Oracle Adaptive Access Manager provided conceptual changes in 11g, as shown in the following table.

10g Concept 11gR1 Concept
OAAM Adaptive Risk Manager The rules engine is now part of OAAM Server. The Administration Console is now a separate application named OAAM Admin.
OAAM Adaptive Strong Authenticator The end-user flows including the virtual authentication devices, knowledge-based authentication (KBA) and One-Time Password authentication are now contained in OAAM Server.
rule template The concept has been removed from product
policy type The concept has been removed from the product

For information on Oracle Adaptive Access Manager 11g concepts, see the following chapters:

Web Application Deployment Changes

Oracle Adaptive Access Manager application deployment changes in 11g are as follows:

  • OAAM Server: Runtime component that includes Adaptive Risk Manager (rules engine), Adaptive Strong Authenticator (end user interface flows), Web services, LDAP integration, and user Web application used in all deployment types except native integration

  • OAAM Admin: Administration Console for all environment, Adaptive Strong Authenticator, and Adaptive Risk Manager features. It contains customer service and fraud investigation case management functionality

For information on the Oracle Adaptive Access Manager 11g web applications, see Section 1.3, "Oracle Adaptive Access Manager Component Architecture."

Architecture and Deployment Changes

Architecture and deployment changes in 11g are listed as follows:

  • Administration User Interface is a separate Web application called OAAM Admin.

  • Adaptive Strong Authenticator is now deployed as part of the OAAM Server Web application.

  • OAAM Web applications are now packaged as EAR files. Exploding them is neither recommended nor supported.

For information on architectural and deployment of Oracle Adaptive Access Manager 11g, see Section 1.3, "Oracle Adaptive Access Manager Component Architecture."