Mobile computing gradually allows us to make the elusive “anytime, anywhere access” mantraa reality. Online social identities allow us to access web sites using existing identities fromleading social networks such as Facebook, LinkedIn, or Twitter.
Different classes of users access corporate resourcesExternal users – High risk external users who access external facing resources and consumer facing applications.Extended Enterprise Users – Medium risk users such as contractors and partners who remotely access corporate resources to which they are provisioned.Trusted Enterprise Users –Low risk internal users who access corporate resources internally or externally The continuum of users accessing enterprise resources maps risk against service level agreements. As a user’s risk level increases, the level of assurance which is necessary to assure a user’s identity increases. Also as risk increases, the SLAs that can be guaranteed decrease.
Oracle Access Manager for Mobile and Social OverviewConnects mobile users to identity services using REST interfacesOrganizations can bridge the security gap between the enterprise and mobile devices. With RESTful identity services, rich mobile applications can access stateless identity functions from mobile devices which are limited by processing capacity and battery power. Organizations can maketheir backend services and data available in a secure manner by simply exposing these through virtual REST API’s in the DMZ. Messages, security tokens, and protocols are automatically translated between formats appropriate for mobile devices and the source system. REST API’s can mash up information from multiple sources and be protected from a wide variety of attacks (denial of service, sql injection, content retrieval attacks, etc), usage can be monitored, and all your Oracle Access Management technologies can be leveraged for further protection. Delivers SSO and Authorization for native mobile applications Traditional mobile security solutions like VPN tunnels are limited in that they cannot overcome the problem of SSO for native mobile apps. OAM-M&S simplifies SSO across rich mobile apps and browser applications. This reduces the number of logins required for enterprise applications from the native mobile screen. Authorization can control what transactions end users are able to perform from a device and under what conditions. Perhaps only transactions below a given amount are allowed from a mobile device. An organizations REST API’s require authorization, what data is accessible to a given user must be controlled and monitored. A users location and device state may need to be taken into account. Enables sign on from 3rd party and Social identities to Enterprise resourcesWith the proliferation of social networking sites, there is a need for relying parties to consume identities from internet identity providers like Facebook, Twitter, LinkedIn, Google and Yahoo. Many of these providers support user centric federation standards like OpenID and Oauth. OAM-M&S enables organizations to accept internet identities for signing on users to low value applications like blogs, communities, etc. This in turn can provide a seamless user experience for users without the burden of additional logins.Single Sign-On covers web applications, native mobile applications, and also the RESTful API’s and web services accessed from the device.Supports industry standards (OpenID, OAuth)Oracle IDM supports OpenID and Oauth. So with Oracle Identity Management we are making it easier for relying parties to accept identities from internet identity providers like Facebook, Twitter, LinkedIn, Google and Yahoo.
We have enhanced oracle Access manager to provide mobile social sign on. Today within the enterprise we have a high degree of trust but now it’s a bring your own device culture. Each user has multiple devices and they are connecting them to the network. We are trying to re-establish the level of trust with mobile devices. If you look at a typical user’s phone they have 20+ applications. As organizations deploy more apps to the mobile devices they can’t keep up with the support cost or risk inherent in multiple passwords across applications . Mobile users and devices need access to information in the corporate network, often from legacy systems that have little or no security. How do you make this information accessible in a secure manner, how do you control and monitor what sensitive data leaves your network.We we are enabling single sign on, restful sign-on, authorize access to data, and secure your REST API’s. We are helping to rebalance risk and trust. We also support Android and IOS. So basically the case is - Organizations that want to connect with their external subscribers. To make it simple and avoid the work of managing all of the registrations we can simply trust the social networking site for authentication and dynamically provision the user without the user having to re-register again 2. And we have a customer who is looking at this as part of their deployment.
Mobile Services connecting browser-based and native mobile applications to the enterprise identitymanagement infrastructure, typically the Oracle Access Management Platform.• Internet Identity Services providing functionality that lets the Mobile and Social solution serve as therelying party when interacting with popular, cloud-based identity authentication and authorizationservices, such as Google, Yahoo, Facebook, Twitter, or LinkedIn. By deploying Oracle’s Mobile andSocial service, you provide the user with multiple log-in options without the need to implementaccess functionality for each identity provider individually.• User Profile Services providing a REST interface for LDAP create, read, update, and delete (CRUD)operations (customers use the same REST interface to build graphical user interfaces forapplications), user self-service functions such as self-registration, profile maintenance, passwordmanagement, and account deletion (see an explanation of REST in the Appendix at the back of thisdocument).• Access Management Integration Services for leveraging Oracle Access Manager (OAM) through a runtimeREST interface provided by an agent software development kit.
Oracle Access Manager (OAM) for web application authentication, authorization, and single sign-on.• Oracle Adaptive Access Manager (OAAM) for mobile device fingerprinting and registration, riskbasedauthentication factoring in the mobile device context, and fraud detection.• Oracle Enterprise Gateway (OEG) for first line of defense for multi-protocol and multi-format webservices, and security gateway to cloud services.• Oracle Entitlement Server (OES) for fine-grained authorization policies and access to mobileapplications based on the mobile device context.• Oracle Directory Services for direct access of mobile applications to LDAP-based user directoriessuch as Oracle Internet Directory (OID), Oracle Directory Services Enterprise Edition (ODSEE),and Oracle Unified Directory (OUD).
Mobile computing gradually allows us to make the elusive “anytime, anywhere access” mantraa reality. Online social identities allow us to access web sites using existing identities fromleading social networks such as Facebook, LinkedIn, or Twitter.
Mobile Services connecting browser-based and native mobile applications to the enterprise identitymanagement infrastructure, typically the Oracle Access Management Platform.• Internet Identity Services providing functionality that lets the Mobile and Social solution serve as therelying party when interacting with popular, cloud-based identity authentication and authorizationservices, such as Google, Yahoo, Facebook, Twitter, or LinkedIn. By deploying Oracle’s Mobile andSocial service, you provide the user with multiple log-in options without the need to implementaccess functionality for each identity provider individually.• User Profile Services providing a REST interface for LDAP create, read, update, and delete (CRUD)operations (customers use the same REST interface to build graphical user interfaces forapplications), user self-service functions such as self-registration, profile maintenance, passwordmanagement, and account deletion (see an explanation of REST in the Appendix at the back of thisdocument).• Access Management Integration Services for leveraging Oracle Access Manager (OAM) through a runtimeREST interface provided by an agent software development kit.
Mobile computing gradually allows us to make the elusive “anytime, anywhere access” mantraa reality. Online social identities allow us to access web sites using existing identities fromleading social networks such as Facebook, LinkedIn, or Twitter.