1 Introduction to Identity Governance Framework

The Identity Governance Framework (IGF) initiative enables secure exchange of identity-related information between users and applications and service providers. It provides privacy and governance semantics to applications and services infrastructure.

The following topics provide an introduction to the Identity Governance Framework and the related developer APIs Oracle has made available:

1.1 Overview of the Identity Governance Framework

The Identity Governance Framework enables enterprises to define standards that secures the exchange of identity information and regulates compliance between applications both internally and with the external world. Identity information may include data such as names, addresses, numbers, and other information associated with an individual’s identity.

The Identity Governance Framework is an open initiative. As part of this initiative, Oracle has contributed key initial specifications and is making them available to the community.

The Identity Governance Framework is designed to meet the following goals:

  • To simplify the development of identity information access regardless of where that information is stored.

  • To simplify the management (also known as governance) of how applications use identity data, in particular, sensitive data.

The specifications provide a common framework for defining usage policies, attribute requirements, and developer APIs pertaining to the use of identity-related information. These enable businesses to ensure full documentation, control, and auditing regarding the use, storage, and propagation of identity-related data across systems and applications.

This section contains the following topics:

1.1.1 Benefits of Identity Governance Framework to Organizations

The Identity Governance Framework makes use of the policies and standards that helps support enterprise security and provides an assurance to the users that the identity information is secured and managed appropriately by the parties to whom it has been entrusted.

Organizations need to maintain control and integrity of sensitive personal information about their customers, employees, and partners. Data related to social security numbers, credit card numbers, medical history and more are increasingly under scrutiny by regulations seeking to prevent abuse or theft of such information. Privacy conscious organizations frequently have reacted to these requirements by enforcing overly strict controls and processes that hinder business operations and impact productivity, flexibility, and efficiency. At the opposite end of the spectrum, some organizations do not take the care needed to safeguard this information, potentially putting identity-related data at risk without sufficient oversight and control. The Identity Governance Framework enables a standards-based mechanism for enterprises to establish "contracts" between their applications so that identity related information can be shared securely and with confidence that this data will not be abused, compromised, or misplaced. Using this framework, organizations have complete visibility into how identity information is stored, used, and propagated throughout their business. This enables organizations to automate controls to streamline business processes without fear of compromising the confidentiality of sensitive identity related information.

1.1.2 Benefits of Identity Governance Framework to Developers

The Identity Governance Framework is an agreed-upon process for specifying how identity-related data is treated when writing applications. This provides developers a standard approach to write applications that use this data so that governing policies can be used to control it. This results in faster development of privacy aware applications.

IGF enables the decoupling of identity-aware applications from a specific deployment infrastructure. Specifically, using IGF enables developers to defer deciding how identity related information will be stored and accessed by their application. Developers do not need to worry about whether they should use a SQL database, an LDAP directory, or other system. In the past, developers were forced to write highly specific code, driving technology and vendor lock-in.

For example, the Identity Directory API provides methods for accessing and managing identity information in a directory server that is the domain identity store. Entity definitions, entity relationships, and the physical identity store details can be configured using either the Identity Directory Configuration APIs or Mbeans. The Identity Directory API is used to initialize the Identity Directory Service. The Identity Directory Service provides an interface to both access and modify users and group information from different identity stores. See Using the Identity Directory API.

Another example is the ArisID API, which handles the hard work of data retrieval, transformation, and policy-enforcement when it comes to identity-based information. By using a Client Attribute Requirement Markup Language (CARML) file and declarations, applications will support flexible deployment in a wide range of environments without the need for ongoing specialized developer enhancements. See Using the ArisID API.

1.2 Understanding Identity Governance Framework APIs

The Identity Governance Framework depends on two specific API modules that enables the organizations to implement the data model requirements required to ensure security and compliance while exchange of identity information.

Oracle has made the following APIs available that are based on the Identity Governance Framework:

  • Identity Directory API

    The Identity Directory API is a common service for identity management applications to access and manage identity information. The service can be used in both Java EE and Java SE modes. See Using the Identity Directory API.

  • ArisID API

    The ArisID API provides enterprise developers and system architects a library for building identity-enabled applications using multiple identity protocols. The ArisID API enables developers to specify requirements for identity attributes, roles, and search filters by using Client Attribute Requirements Markup Language (CARML). See Using the ArisID API.

1.3 System Requirements and Certification for Identity Governance Framework

The system requirements document covers information such as hardware and software requirements, minimum disk space and memory requirements, and required system libraries, packages, or patches.

Refer to the system requirements and certification documentation for information about hardware and software requirements, platforms, databases, and other information. Both of these documents are available on Oracle Technology Network (OTN).

For more information, see Oracle Fusion Middleware System Requirements and Specifications.

The certification document covers supported installation types, platforms, operating systems, databases, JDKs, and third-party products. For more information, see Oracle Fusion Middleware Supported System Configurations.